Cyber Eye: Cyberterror is still a long way from reality
- By William Jackson
- Feb 04, 2003
The specter of cyberterror has become a driving force in the IT security debate.
Sen. John Edwards (D-N.C.), who introduced new IT security legislation last month, warned that 'cyberterrorists could shut down power grids, contaminate water supplies or disrupt military command systems.'
He predicted that any large, successful attack on systems 'would damage our economy to an extent not seen since Sept. 11, 2001.'
Maybe. But each year we manage to weather disruptions of our critical infrastructures far more serious than cyberterrorists could achieve. A study released in December by Washington's Center for Strategic and International Studies separated some facts from the hyperbole.
'Computer network vulnerabilities are an increasingly serious business problem, but their threat to national security is overstated,' author James A. Lewis said. 'A brief review suggests that while many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable.'
For a cyberattack to be as effective as physical terrorism, it would have to do serious, widespread and persistent damage beyond routine outages, Lewis said, and cyberattacks aren't much good at delivering that kind of blow.
A study of World War II Allied bombing campaigns showed that even under a rain of millions of tons of high explosive, industrial production in Germany actually rose for two years.
The irony is that our networks' unreliability may even be their strength. We're so used to working around outages, even of essential services, that a successful cyberattack probably would amount to little more than a nuisance.
'The United States has already run a large-scale experiment on the effects of disrupting electrical power supplies, thanks to California's experience with deregulation' in 2001, Lewis wrote. The results were widespread, disruptive and expensive, but they hardly reached the threshold of terror.
When a computer failed at a Miami air traffic control center that was handling most of South Florida's airspace, hundreds of flights were delayed but none cancelled. The incident went largely unnoticed, Lewis wrote.
Of course it's important to secure systems and data against tampering and to ensure their availability so we can continue to enjoy the benefits of a networked world. A cyberattack could do real damage, especially if coordinated with a physical attack.
But let's keep things in perspective. It's prudent to seek shelter during a thunderstorm'just remember that the sky isn't falling.
William Jackson is freelance writer and the author of the CyberEye blog.