Don't cry wolf over cyberterror

Don't cry wolf over cyberterror

Summary: Despite all the the talk of cyberterrorism, we've still to see a single conviction under terrorism legislation

TOPICS: Security

Can terrorists use computers? We might as well ask if they can use the kitchen sink. Can they use them to create terror? Of course they can, but the evidence that anybody has done so, as with most evidence of the imminent terrorists threats that our governments continuously fire at us, is lacking. Bruce Schneier is quite right to pour scorn on the use of the term cyberterrorism; it is a term that gained currency with the publication of the Anti-terrorism, Crime and Security Act 2001, but which has not been used in the courts in the four years since.

It has, however, been used virtually everywhere else. Governments and (some) security software vendors never tire of warning us of the threats of cyberterrorism. Remember the story about the 12 year-old hacker who took control of the floodgates at the Roosevelt Dam? Scary stuff indeed, and surely a likely cause of terror to those living downstream. Only, as the site documents, what actually happened was that a 27 year-old hacker dialled into a server that monitored the water levels of canals in the Phoenix area. Investigators concluded it posed no threat to safety, though in 2002 this did not stop the then White House cybersecurity advisor declaring: "we've seen 14- and 15 year-olds hack their way into things like the control system for a dam in Arizona".

Hacking is certainly a nuisance. It can cost money and be offensive, and is something that we should protect ourselves from (obviously), but probably not through terrorism laws and certainly not through over-hyped alerts.

On the same day that Schneier castigated those who cry wolf, Spamhaus took a bite out of ISPs, pointing out that it is they who should in fact be supplying proper security products to their customers, along with broadband. Spamhaus has a point, even if it's not a particularly new one. If telcos, ISPs and security companies won't take a more responsible attitude then customers — from big enterprises to individuals — need to take matters in hand by dealing only with those companies who make a proper commitment to security. And that means protecting, not crying wolf.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Although cyberterror itself could not cause catastrophe, we should not underestimate it. Because of the anonymity it's easy to be exploited as a new pretext of warfare.
  • Actually, there's no reason hackers couldn't cause catastrophe. But they haven't and we shouldn't succumb to hysteria. Neither should we resort to over hyped sensationalist terminology like 'cyberterror' hacking suffices and promotes cooler heads in the discussion. Finally, the last thing we need is a spate of new laws written by bureaucratic morons to address a problem that has yet to emerge. What we do need is for vulnerable entities, whoever they may be, to be responsible and ensure they have whatever security on-site that they may need.
  • The point of terrorism is to terrorise, (no seriously). They don't actually have to achieve anything much if enough people panic and adversly change their habits they achieve their aim. Sometimes it seems that panicing government and misplaced announcements do the work before the terrorist have even lifted a finger. The best solution is to take a brief pause assess the threat, deal accordingly and then carry on as normal. Making rash statements backed up by little fact & running round like L/Cpl Jones achieves nothing.
  • Why can't politicians and the public accept the facts. "Cyberterrorism" ia a good and cnd correct definition of what can become. Whereever cables are connected, terrorists can access control of the computers. The FBI claim the US is not under any threat and over recent years, their military have been hacked many times. At the time of the events, the US Military have admitted the seriousness and that weapons could have been controlled. Also, take a close look at our own military forces around the world. What info is stored on computers? The answer is known to all, including terrorists. Military operations, movements etc. that soldiers, sailors and airmen cannot disclose even to their nearest and dearest. Imagine the outcome if terrorists got details of military flight plans etc. Our forces would be sitting targets before they arrive at their destinations. The answer here is not around the security of the computers but more of knowing who is accessing them at any time and what they are accessing. If anybody does hack into our defence sysem, we need to know at the time, not 3 months later like the US. We need to know who it is and where they are so we can act fast, not arrest somebody 2 years later like the US do. The answer is not to panic, not to disbelieve, try to ignore the reality or go into tota denial mode. The answer is about awareness and acting before talking as we do in the West. Talking takes time and wastes lives, acting can be swift and save lives. Finally, "WAKE UP!" Cyberterrorism is here...
  • Not yet?

    Surely it would be more accurate to say that the threat of or potential for cyberterrorism exists rather than saying cyberterrorism is here?