“You need to prepare because it’s going to come here,” John Carlin, assistant attorney-general for national security, said at a conference in Washington, D.C., according to a report in the Financial Times. “We’re watching as they actively try to acquire the capability to match their intent.”

American officials have long feared of the consequences of a cyberterror attack. Back in 1991, the National Research Council warned that “tomorrow’s terrorist may be able to do more damage with a keyboard than with a bomb.” Since that time these fears have only grown as American society becomes more reliant on the Internet.

Thus far, the most successful cyberattacks against the U.S. have actually come from rival nation states, rather than rogue terrorist organizations like ISIS. Last week, the Justice Department charged individuals from Iran for their involvement in cyberattacks against New York financial institutions and a dam. And in September an attack on the U.S. Office of Personnel Management by hackers was believed to be tied to the Chinese government.

But it’s only a matter of time before terrorist organizations build or buy the capability to launch serious attacks here. “There’s not going to be any dollar amount you can pay,” Carlin said. “We’re in a race against time.”