The destruction of a computer, its files and backup media through accident can be a disaster. A business' ability to carry on operations can be halted through fire or explosion in a computer room. Records and files of a mainframe, mini or micro computer can be destroyed through operator error, electrical surges like from lightning, radiation from microwave oven and similar devices or physical abuse. A single process failure can cascade through a networked system that handles computing routines in serial fashion.
Vulnerability increases with the increase in quality and performance of modern technology. The higher level of performance of most technological advances relies upon a reduction of the margins of error that a system can tolerate without breakdown. Accidents and management mistakes may still occur, but their effects now have more costly systemic consequences. "Leanness" of systems (in which redundancies, backup procedures and check systems have been eliminated in the name of efficiency) also makes the system highly vulnerable. Compounding the structural fragility of computer systems is that the extent of their interconnectedness with modern life is largely invisible and unpredictable. The problem is only seen as such when the relationships are already disrupted.
The FBI list 3 levels of vulnerability risk for computer systems to outside interference: High - A vulnerability that will allow an intruder to immediately gain privileged access (e.g., sysadmin, and root) to the system. An example of this would be a vulnerability in which a sequence of instructions is sent to a machine by an unauthorized user and the machine responds with a command prompt. Medium - A vulnerability that will allow an intruder immediate access to the system that is not privileged access. This allows the intruder the opportunity to continue the attempt to gain root access. An example would be a configuration error that allows an intruder to capture the password file. Low - A vulnerability that provides information to an intruder that could lead to further compromise attempts or a Denial-of-Service (DoS) attack. The reader should note that while the DoS attack is deemed low from a threat potential, the frequency of this type of attack is very high. DoS attacks against mission-critical nodes are not included in this rating and any attack of this nature should instead be considered as a "High" threat.
One study by the USA Department of Defence concluded that only 30 out of 17,000 computers then used by the DOD met minimum standards for protection from attack. The computers were vulnerable to a broad range of high-tech hit-and-run spying techniques, such as "spoof" programs which appear to be conducting routine activities while they are actually collecting passwords or other useful information; or the implementation of undetectable instructions into the software which might order the alteration or destruction of highly classified data.
2. To err is human, but really foul things up requires a computer.
3. Our ability as an economy and as a society to deal with disruptions and breakdowns in our critical systems is minuscule. Our worst case scenarios have never envisioned multiple, parallel systemic failures. Just in time inventory has led to just in time provisioning. Costs have been squeezed out of all of our critical infrastructure systems repeatedly over time based on the ubiquity and reliability of these integrated systems. The human factor, found costly, slow, and less reliable has been purged over time from our systems. Single, simple failures can be dealt with; complex, multiple failures have been considered too remote a possibility and therefore too expensive to plan for.