Cyber Eye: Cyberterror is still a long way from reality

William Jackson

The specter of cyberterror has become a driving force in the IT security debate.

Sen. John Edwards (D-N.C.), who introduced new IT security legislation last month, warned that 'cyberterrorists could shut down power grids, contaminate water supplies or disrupt military command systems.'

He predicted that any large, successful attack on systems 'would damage our economy to an extent not seen since Sept. 11, 2001.'

Maybe. But each year we manage to weather disruptions of our critical infrastructures far more serious than cyberterrorists could achieve. A study released in December by Washington's Center for Strategic and International Studies separated some facts from the hyperbole.

'Computer network vulnerabilities are an increasingly serious business problem, but their threat to national security is overstated,' author James A. Lewis said. 'A brief review suggests that while many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable.'

For a cyberattack to be as effective as physical terrorism, it would have to do serious, widespread and persistent damage beyond routine outages, Lewis said, and cyberattacks aren't much good at delivering that kind of blow.

A study of World War II Allied bombing campaigns showed that even under a rain of millions of tons of high explosive, industrial production in Germany actually rose for two years.

The irony is that our networks' unreliability may even be their strength. We're so used to working around outages, even of essential services, that a successful cyberattack probably would amount to little more than a nuisance.

'The United States has already run a large-scale experiment on the effects of disrupting electrical power supplies, thanks to California's experience with deregulation' in 2001, Lewis wrote. The results were widespread, disruptive and expensive, but they hardly reached the threshold of terror.

When a computer failed at a Miami air traffic control center that was handling most of South Florida's airspace, hundreds of flights were delayed but none cancelled. The incident went largely unnoticed, Lewis wrote.

Of course it's important to secure systems and data against tampering and to ensure their availability so we can continue to enjoy the benefits of a networked world. A cyberattack could do real damage, especially if coordinated with a physical attack.

But let's keep things in perspective. It's prudent to seek shelter during a thunderstorm'just remember that the sky isn't falling.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Russia prying into state, local networks

    A Russian state-sponsored advanced persistent threat actor targeting state, local, territorial and tribal government networks exfiltrated data from at least two victims.

  • Marines on patrol (US Marines)

    Using AVs to tell friend from foe

    The Defense Advanced Research Projects Agency is looking for ways autonomous vehicles can make it easier for commanders to detect and track threats among civilians in complex urban environments without escalating tensions.

Stay Connected