---

Unit 34

　　It is a devastating prospect. Terrorists electronically break into the computers that control the water supply of a large American city, open and close valves to contaminate the water with untreated sewage or toxic chemicals, and then release it in a devastating flood. As the emergency services struggle to respond, the terrorists strike again, shutting down the telephone network and electrical power grid with just a few mouse clicks. Businesses are paralysed, hospitals are overwhelmed and roads are gridlocked as people try to flee.

　　This kind of scenario is invoked by doom-mongers who insist that stepping up physical security since the September 11th attacks is not enough. Road-blocks and soldiers around power stations cannot prevent digital terrorism. "Until we secure our cyber-infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives," Lamar Smith, a Texas congressman, told a judiciary committee in February. He ended with his catchphrase: "A mouse can be just as dangerous as a bullet or a bomb." Is he right?

　　It is true that utility companies and other operators of critical infrastructure are increasingly connected to the Internet. But just because an electricity company's customers can pay their bills online, it does not necessarily follow that the company's critical control systems are vulnerable to attack. Control systems are usually kept entirely separate from other systems, for good reason. They tend to be obscure, old-fashioned systems that are incompatible with Internet technology anyhow. Even authorised users require specialist knowledge to operate them. And telecoms firms, hospitals and businesses usually have contingency plans to deal with power failures or flooding.

　　A simulation carried out in August by the United States Naval War College in conjunction with Gartner, a consultancy, concluded that an "electronic Pearl Harbour" attack on America's critical infrastructure could indeed cause serious disruption, but would first need five years of preparation and $200m of funding. There are far simpler and less costly ways to attack critical infrastructure, from hoax phone calls to truck bombs and hijacked airliners.

　　On September 18th Richard Clarke, America's cyber-security tsar, unveiled his long-awaited blueprint for securing critical infrastructure from digital attacks. It was a bit of a damp squib, making no firm recommendations and proposing no new regulation or legislation. But its lily-livered approach might, in fact, be the right one. When a risk has been overstated, inaction may be the best policy.

　　It is difficult to avoid comparisons with the "millennium bug" and the predictions of widespread computer chaos arising from the change of date to the year 2000. Then, as now, the alarm was sounded by technology vendors and consultants, who stood to gain from scare-mongering. But Ross Anderson, a computer scientist at Cambridge University, prefers to draw an analogy with the environmental lobby. Like eco-warriors, he observes, those in the security industry--be they vendors trying to boost sales, academics chasing grants, or politicians looking for bigger budgets--have a built-in incentive to overstate the risks.

　　Economist; 10/26/2002, Vol. 365 Issue 8296, p19, 3/4p, 1c

　　注（1）：本文选自Economist；10/26/2002, p19, 3/4p, 1c；

　　注（2）：本文习题命题模仿对象1999年真题text 2 (1，2，3，5)和2001年真题text 5第3题（4）；

　　1. We learn from the first paragraph that ____________.

　　[A] terrorists could plunge a large American city into chaos through electronic attack

　　[B] American people have no experience in dealing with terrorists

　　[C] the computer systems of utility companies are rather vulnerable

　　[D] the response of emergency services is far from satisfactory

　　2. Speaking of the doom-mongers, the author implies that_____________.

　　[A] their worries are quite reasonable

　　[B] their warnings should be taken seriously

　　[C] they exaggerate the threat utility companies are facing

　　[D] they are familiar with they way terrorists strike

　　3. In the view of Gartner consultant, ___________.

　　[A] terrorists may launch another “Pearl Harbor” attack

　　[B] terrorists have ample capital and time to prepare a stunning strike

　　[C] it is very costly and time-consuming to attack critical infrastructure

　　[D] it is unlikely that terrorists would resort to electronic means to attack critical infrastructure

　　4. “Lily-livered approach” (Line 4, Paragraph 5) probably means an approach

　　characterized by________.

　　[A] flexibility

　　[B] boldness

　　[C] cowardice

　　[D] conservatism

　　5. We learn from the last paragraph that__________.

　　[A] the computer industry suffered heavy loss due to the “millennium bug”

　　[B] doom-mongers care more about their own interests than national security

　　[C] computer scientists have better judgment than doom-mongers

　　[D] environmentalists are criticized for their efforts of protecting environment

　　答案：ACDCB

　　篇章剖析

　　本篇文章是一篇议论文，驳斥了恐怖分子会利用电子手段袭击公用事业公司和关键基础设施的观点。 文章第一段是散布恐怖威胁论者所描绘的恐怖分子用电子手段进行恐怖袭击的场景。第二段介绍了他们所宣扬的观点。第三段反驳了对公用事业公司发动电子恐怖袭击的可能性。第四段以一次模拟演习的结论进一步佐证了恐怖分子不可能用电子手段对关键基础设施进行恐怖袭击的观点。第五段分析了散布恐怖威胁论的人的动机。

　　词汇注释

　　valve[vAlv] n. 阀门

　　contaminate[kEn5tAmineit] v. 弄脏；污染

　　sewage[5sju(:)idV] n. 下水道, 污水

　　paralyze[5pArElaIz] v. 使无力[无效]; 使不活动

　　gridlocked[5^ridlCkt] adj. 交通拥堵的

　　scenario[si5nB:riEu] n. 预料或期望的一系列事件的梗概或模式；场景

　　invoke[in5vEuk] v. 借助求助于；使用或应用：

　　doom-monger n. 末世论者；散布恐怖威胁论的人

　　cyber-[5saibE] prefix. 网络的

　　infrastructure[5InfrEstrQktFE(r)] n. 基本设施

　　catchphrase[5kAtFfreIz] n. 标语；引为标语的短句；口头禅

　　utility[ju:5tiliti] n. 公用事业

　　obscure[Eb5skjuE] adj. 难懂的

　　incompatible[7inkEm5pAtEbl] adj. 不相容的, 矛盾的, 不能和谐共存的(with)

　　authorize[5C:WEraIz] v. 授权；批准；认可

　　contingency[kEn5tindVEnsi] n.

　　conjunction n. 意外， 意外事故

　　consultancy[kEn5sQltEnsi] n. 顾问（工作）

　　disruption[dis5rQpFEn] n. 破坏

　　hoax[hEJks] n. 恶作剧；骗局

　　tsar[zB:(r)] n. 沙皇

　　squib[skwib] n. 爆竹

　　millennium[mi5leniEm] n. 千禧年

　　vendor[5vendC:] n. 小贩, 叫卖

　　analogy[E5nAlEdVi] n. 类推；类比

　　难句突破

　　Like eco-warriors, he observes, those in the security industry--be they vendors trying to boost sales, academics chasing grants, or politicians looking for bigger budgets--have a built-in incentive to overstate the risks.

　　主体句式：those…have a built-in incentive

　　结构分析：本句虽然是个简单句，但由于里面有一个较长的插入语，而且这个插入语本身是一个省略了should并采用倒装句式的虚拟条件句，所以整个句子理解起来有一定难度。

　　句子译文：他发现，就像那些环保卫士一样，从事安全工作的人---不论是想要促销产品的商人，还是渴望得到补助金的学者，抑或是期望更多预算的政客--- 都有一种内在的动机促使他们夸大危险。

　　

　　题目分析

　　1. 答案为A，属推理判断题。文章一开头用了prospect一词，可见所描述的场景只是想象中未来可能发生的情景。这一段描述了恐怖分子用电子手段发动对美国大城市的袭击后的混乱场景：企业瘫痪，医院爆满，道路堵塞等等。可见，如果这种袭击发生的话，美国的一座大城市就会陷入混乱。

　　2. 答案为C，属推理判断题。monger这个词本身就是一个贬义词，指一个持悲观论调，散布末世论的人。再看文章第三段，作者针对这种人散布的恐怖威胁论进行了分析，认为所谓公用事业公司的关键控制系统易受攻击的说法站不住脚。第四段座作者引用一次模拟演习的结论说，电子恐怖袭击可能造成巨大破坏，但袭击的成本非常高，耗时也非常长，有远比这简单有效的办法。在文章末尾，作者引用计算机专家的话“those (people) … overstate the risk”。可见，作者虽然也承认这种威胁有可能存在，但认为这些doom-mongers夸大了威胁的程度。

　　3. 答案为D，属推理判断题。文章第四段分析了电子恐怖袭击关键基础设施的说法站不住脚的另一个理由：通过模拟演习得出结论，这种袭击耗资巨大，耗时太长，恐怖分子完全可以采取更加简单有效成本低廉的袭击手段。可见，恐怖分子不太可能借助电子手段袭击关键基础设施的。

　　4. 答案为C，属猜词题。根据上下文，Richard Clarke针对如何保护关键基础设施免遭数字化袭击提出了人们期待已久的计划，但这个计划就好像一个受潮的爆竹，既没有给出坚决的建议，也没有提出新的规章或者法规。然后对作者对这种做法用“lily-livered”一词加以总结，显然只有“胆小”一词最为贴切。

　　5. 答案为B，属推理判断题。本文最后一段将现在的恐怖威胁论和“千年虫”恐慌加以对比，认为这种人为制造恐慌的做法只是为了让那些散布恐慌的人“stood to gain”。接着，作者引用一位专家的话，认为这些人，“不论是想要促销产品的商人，还是渴望得到补助金的学者，抑或是期望更多预算的政客--- 都有一种内在的动机促使他们夸大危险。”由此可见，散布恐怖威胁论的人与其说是关心国家安全，不如说是关心自己的利益。

　　参考译文

　　这是一幅毁灭性的景象。恐怖分子用电子手段闯入了控制一座美国大城市供水系统的电脑，他们把阀门打开又关上，用未经处理的污水或者有毒化学物质来污染水源，然后把水放出来，形成一股极具破坏力的洪水。当应急服务正忙于做出反应时，恐怖分子再次出击，只见他们轻点几下鼠标，就关闭了电话网和电网。一时间，商业陷入瘫痪，医院人满为患，人们争相逃离，道路拥堵不堪。

　　这种情景是那些散布恐怖威胁论的人描绘的场景。他们坚持认为911袭击之后仅采取实体安全措施是不够的。拦截道路，派兵把守电站都不能防止数字化恐怖主义。“除非我们对网络基础设施加以保护，否则只需要几个按键和一个互联网连接就能让经济陷入瘫痪并危及人们的生命，”德克萨斯州议员拉马尔·史密斯在二月份向一个司法委员会发言时如此说道。他用一句标语结束了自己的发言：“一个鼠标和一颗子弹或者炸弹一样危险。”他说得对吗？

　　的确，现在越来越多的公用事业公司和其它重要的基础设施运营商连接到互联网上。但那仅仅是为了让一家电力公司的客户可以在网上支付帐单，它并不一定意味着这家公司的关键控制系统就容易受到攻击。出于安全的原因，控制系统通常都和其它系统完全分开。再说它们一般都是老式的复杂系统，和互联网技术并不兼容。即使是授权用户也需要有专业知识才能操作它们。而电信公司，医院和商业企业通常都有应急预案来应付停电或者洪水等突发事件。

　　八月，美国海军军事学院联合加特纳咨询公司进行了一次模拟演习，最后得出结论，对美国关键基础设施发动一次“电子化珍珠港”袭击的确能够带来严重破坏，但这样的袭击首先需要五年的准备时间以及2亿美元的资金。而袭击关键基础设施有远比这简单和廉价的方法，从恐吓电话到汽车炸弹以及劫持飞机等不一而足。

　　九月18日，负责美国网络安全事务的理查德·克拉克公布了人们期待已久的保护关键基础设施免遭数字化袭击的计划。不过它就像一个受潮了的爆竹，既没有给出坚决的建议，也没有提出新的规章或者法规。但实际上这种胆小的做法也许是正确的。如果某种危险被夸大，那么不采取行动也许就是上策。

　　人们难免会把它和“千年虫”以及由于把日期调整到2000年所引发的有关各地的电脑将陷入混乱的预言加以对比。当时的情况和现在一样，那些技术贩子和咨询师们发出警报，然后通过散布恐慌坐收渔利。不过剑桥大学的计算机科学家罗斯·安德森更倾向于将其与环境游说团体加以类比。他发现，就像那些环保卫士一样，从事安全工作的人---不论是想要促销产品的商人，还是渴望得到补助金的学者，抑或是期望更多预算的政客--- 都有一种内在的动机促使他们夸大危险。