The cyberterrorism threat is overstated — terrorists won't strike the Internet because bombs are more effective, an expert panel agreed Friday.
“Cyberterrorism is largely overblown,” Bruce Schneier, founder and chief technical officer of Counterpane Internet Security in Cupertino, California, said speaking in a panel on cyberterrorism at the CeBIT technology trade show.
“I don't see a cyberattack as a terror attack of choice. Dropping ATM networks and shutting down e-mail is not terrorism. If I can't get to my e-mail for a day I am not terrorised. We are many years away from somebody being able to launch large-scale electronic attacks that have the effects of a bomb,” Schneier said.
Other panellists, executives from security software vendors RSA Security and Trend Micro and representatives from the European Union and the North Atlantic Treaty Organization (NATO), agreed. They blame the US government, certain IT vendors and the media for creating cyberterrorism angst.
“Terrorists will use the Internet to communicate, which is different from an attack. We do not see a terrorist attack on the Internet happening,” Rainer Fahs, senior information security engineer of NATO's Air Command & Control Systems Management Agency said.
Fueled by post-September 11 fears, the US government and its agencies especially warned of terrorists bringing down the Internet or using the network to topple critical infrastructure such as telecommunications and electric power grids, oil, gas and water systems, and transportation and emergency services.
Panelists had this to say about those warnings:
— “Critical systems don't run on the Internet, they are based on secure networks, we have protected our systems and do not rely on the Internet,” Fahs said.
— “I don't want to belittle the threats (to the Internet), but they are not coming from terrorists. The threat from common criminals is understated,” Schneier said.
— “I think the threat of cyberterrorism is overstated,” but general threats to IT systems are in some cases underestimated, Arthur Coviello, president and chief executive officer of RSA said. He advises companies to assess risks and then apply security measures.
— “The US government after September 11 wanted a broader front to attack terrorism an cyberterrorism is part of that. Some in the industry got headlines by calling a lot of attention to this,” Coviello said.
NATO's Fahs understands the US government's reasoning, but warned that civil liberties may be at stake because of a push against a threat that is not actually there.
“This is something that was created and I think there is a big risk that the liberty of people will be sacrificed for the sake of security,” Fahs said.
The panellists' opinions match a Symantec Corp. survey released last month that found that cyberterrorism is more fear than reality. None of the severe events detected by Symantec were traced to countries linked with terrorism and less than 1 per cent of all attack traffic came from such countries.