While many hackers have the knowledge, skills, and tools to attack computer systems, they generally lack the motivation to cause violence or severe economic or social harm.
The concern is over what will happen as strong encryption becomes commonplace with all digital communications and stored data. Right now the use of encryption isn't all that widespread, but that state of affairs is expected to change rapidly.
If we take as given that critical infrastructures are vulnerable to a cyber terrorist attack, then the question becomes whether there are actors with the capability and motivation to carry out such an operation.
Cyber terrorism could also become more attractive as the real and virtual worlds become more closely coupled, with automobiles, appliances, and other devices attached to the Internet.
I don't have a particular recommendation other than that we base decisions on as much hard data as possible. We need to carefully look at all the options and all their ramifications in making our decisions.
I favor strategies that encourage industry to include some sort of key recovery capability in their systems which would also address user requirements for access.
We have never really had absolute privacy with our records or our electronic communications - government agencies have always been able to gain access with appropriate court orders.
With those people, I'm very far apart, because I believe that government access to communications and stored records is valuable when done under tightly controlled conditions which protect legitimate privacy interests.