This report discusses the vulnerability of the nation's information infrastructure to external attacks and other kinds of disruptions. It assesses the extent of the data available for measuring this threat and concludes that energy supplies, telecommunications, and computer-based systems should be of first priority for attention and remedial action. Finally, it suggests steps to reduce national vulnerability. The information security posture in both government and the private sector needs immediate examination and attention. Analytic studies should be performed to establish such infrastructure features as sources of resilience and the characterization of normalcy, and to specify R&D requirements. In addition, the nation should establish a warning mechanism and a supporting coordination center.