Cyber Eye: Is cyberterrorism a Chicken Little event?
The Information Technology Association of America recently published a glossy booklet of essays, The Long Campaign: Information Security in the Age of Cyberterrorism. In his introduction, ITAA president Harris N. Miller wrote, 'Welcome to the age of cyberterror.'
Harris briefly recounted the SQL Slammer worm attack as an example of how vulnerable our networked, IT-dependent world has become.
But in the next essay, presidential cybersecurity adviser Howard Schmidt cast doubt on whether we have really entered an age of cyberterror at all. 'Terrorists are but one of the threats we face,' he wrote. 'Whether, when and how they attack us remains to be seen.'
So far, the United States has yet to suffer any real acts of cyberterror. There have been breaches, high- and low-profile, serious and trivial, but we have not identified any as coming from a nation or organized group whose goal is to terrorize for political motives. Damage from the worst of these incidents has been estimated in billions of dollars to businesses. But such figures are hard to document, and public reaction has rarely risen above mild annoyance.
Hacktivism, or defacing Web sites with political statements, is the equivalent of graffiti and hardly rises to the level of terrorism.
Don't get me wrong: Data security is vitally important, and the threats are real. But the best way to meet the threats is by getting an accurate picture of their significance.
No, this is not yet an age of cyberterror, and a growing body of evidence indicates it may be some time before we get there, if ever.
The Internet and associated networks are insecure, as everyone knows. Yet this infrastructure is so distributed that trying to seriously damage it is like throwing rocks at the ocean. Individual targets can be successfully attacked, but we are so accustomed to information glitches at the bank, at the office and at home that workarounds are common, even expected. The typical result is inconvenience. More serious consequences have been so sharply focused that they do not inspire terror.
Many experts believe the greatest threat from cyberattacks is as a force multiplier'magnifying the impact of a physical attack by disrupting communications and control grids and interfering with the ability to respond. That kind of hacking could be a serious threat, but it requires a coordinated physical attack.
Sen. Robert Bennett (R-Utah), who once warned of a digital Pearl Harbor, believes terrorists still focus on telegenic targets that generate publicity and visceral response.
'We have time' before the cyberworld becomes a major terrorist target, Bennett said recently. But he warned that there are real vulnerabilities, regardless of whether the threat comes from terrorism, crime or random vandalism.
The best way to safeguard networks is to go at it with a clear understanding of the real risks.