Cyber Eye: Is cyberterrorism a Chicken Little event?

William Jackson

The Information Technology Association of America recently published a glossy booklet of essays, The Long Campaign: Information Security in the Age of Cyberterrorism. In his introduction, ITAA president Harris N. Miller wrote, 'Welcome to the age of cyberterror.'

Harris briefly recounted the SQL Slammer worm attack as an example of how vulnerable our networked, IT-dependent world has become.

But in the next essay, presidential cybersecurity adviser Howard Schmidt cast doubt on whether we have really entered an age of cyberterror at all. 'Terrorists are but one of the threats we face,' he wrote. 'Whether, when and how they attack us remains to be seen.'

So far, the United States has yet to suffer any real acts of cyberterror. There have been breaches, high- and low-profile, serious and trivial, but we have not identified any as coming from a nation or organized group whose goal is to terrorize for political motives. Damage from the worst of these incidents has been estimated in billions of dollars to businesses. But such figures are hard to document, and public reaction has rarely risen above mild annoyance.

Hacktivism, or defacing Web sites with political statements, is the equivalent of graffiti and hardly rises to the level of terrorism.

Don't get me wrong: Data security is vitally important, and the threats are real. But the best way to meet the threats is by getting an accurate picture of their significance.

No, this is not yet an age of cyberterror, and a growing body of evidence indicates it may be some time before we get there, if ever.

The Internet and associated networks are insecure, as everyone knows. Yet this infrastructure is so distributed that trying to seriously damage it is like throwing rocks at the ocean. Individual targets can be successfully attacked, but we are so accustomed to information glitches at the bank, at the office and at home that workarounds are common, even expected. The typical result is inconvenience. More serious consequences have been so sharply focused that they do not inspire terror.

Many experts believe the greatest threat from cyberattacks is as a force multiplier'magnifying the impact of a physical attack by disrupting communications and control grids and interfering with the ability to respond. That kind of hacking could be a serious threat, but it requires a coordinated physical attack.

Sen. Robert Bennett (R-Utah), who once warned of a digital Pearl Harbor, believes terrorists still focus on telegenic targets that generate publicity and visceral response.

'We have time' before the cyberworld becomes a major terrorist target, Bennett said recently. But he warned that there are real vulnerabilities, regardless of whether the threat comes from terrorism, crime or random vandalism.

The best way to safeguard networks is to go at it with a clear understanding of the real risks.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.