So far, Cannon has 100 volunteer CIOs and has met with Richard Clarke, special adviser to the president for cyberspace security, in the Office of Homeland Defense. About 80 percent to 90 percent of critical technology infrastructure resides in the private sector, and that puts private sector CIOs in a unique position of leadership. They run the systems that need to be protected against terrorist threats.

"We CIOs have the responsibility for managing this," Cannon says. "We have a real role to play."

The first order of business is defining cyberterrorism. Since Sept. 11, threats once considered digital aggravations have been tagged cyberterrorist provocations. Suddenly, encryption was not a software feature but a weapon in the cyberterrorist’s arsenal. Knocking out e-mail was cyberterrorism. One widely quoted security consultant warned of the threat posed by the fans on computers, which can "breathe" and spread deadly bacteria. Is this, then, a form of "bio-cyberterrorism"? The term lost its meaning as it stretched to keep pace with flights of anxiety.

This is how the National Infrastructure Protection Center (NIPC) under Director Ron Dick, a key figure in the government’s infrastructure protection scheme, defines cyberterrorism: a criminal act perpetrated through computers resulting in violence, death and/or destruction, and creating terror for the purpose of coercing a government to change its policies.

So to qualify as cyberterrorism, an act must fulfill two criteria: a political motivation and a destructive result. But computer attacks usually satisfy only one: the motivation. It’s far more difficult to cause destruction with computers. If phones don’t work, it’s annoying, perhaps costly, even dangerous, but not in and of itself destructive. Even the most often cited cyberterrorist threat?shutting down the Internet?is that really destructive, or just a massive inconvenience? Most experts believe it’s the latter. Very few malicious uses of technology qualify under Dick’s definition of cyberterrorism.

"It’s a bad word. Cyberterrorism is not terrorism in cyberspace because there is no terror there," says security expert Bruce Schneier, CTO and founder of Counterpane Security in Cupertino, Calif. He distinguishes between the term cyberterrorism and what he calls "cyberhooliganism," which would include viruses, website defacement and so forth. "Computers can be a vector for terrorism just as the mail system has become a vector for terrorism. But if the mob goes and shoots up a convenience store, we don’t call that terrorism. Think of the horrible crimes we don’t call terrorism," says Schneier. "So if you shut down the Internet"?a feat Schneier and others warn is plausible and not unlikely?"yes, it’s a huge malicious attack, but it’s not terrorism."