It's dangerous to expect things of others these days, but I just can't help it. I see the headline"If Terrorists Launch a Major Cyberattack, We Won't See It Coming", though, and I start being concerned this person thinks you can see internet traffic. So I guess I don't always expect much.

But the real disappointing part is, the bulk of the content of that article is about how US preparedness for sub-nation-state cyberwarfare has dramatically exceeded the actual risk for more than a decade. Every single thing the journalist learned indicates that people geared up for a threat that hasn't materialized. And then decided their journalistic angle is, bizarrely, if this does happen, we'll be taken utterly by surprise.

This is NOT how to discuss risk, emphasizing the importance of things only remarkable in how much damage they haven't done. Any terrorist attack would be a surprise, otherwise (ideally) we would stop it. But to say, we have not seen this threat, therefore it's even scarier than we thought (when it could come from many sources not working together nor benefiting from any delays) is madness. What if we had seen a major terrorist cyberattack? Would it be less dangerous?

How secure are we, that dangers that haven't ever materialized should be our biggest concern? Whatever that threshold, it seems the head of the Department of Homeland Security thinks we're there. That The Atlantic parrots this, without having any quotes from someone who wouldn't directly benefit from increased spending on these non-problems, is baffling to me.