BP: Cyberterrorism threat is increasing

Attacks on the critical national infrastructure are becoming increasingly likely, claims BP's manager of digital security services

BP has warned of an increasing terrorist threat to the critical national infrastructure.

As businesses move away from proprietary networks onto increasingly web-based systems, they are increasingly becoming targets for terrorist attacks, according to security chiefs at the oil company.

Rob Martin, manager of digital security services, said: "Terrorism will increase. There's been a lot of hype about cyberterrorism, and, in a sense, it's been dismissed as a threat — but we have to look at how society has changed. Young terrorists have grown up with computers, and we've seen society become reliant on technology. They will use this against us."

Martin said that BP had gained this information by talking to the secret services of several different countries, including the US and the UK. However, he said that terrorists were unlikely to hack through five firewalls when putting explosives on a gas pipeline would "get the point made" more effectively.

While BP says it is hard to monitor underground groups, Martin said that intelligence services let the company know how much it is being mentioned so it can adjust its threat alert. He said BP was more likely to be affected by cybercrime than cyberterrorism. However, the impact of terrorism was "likely to be far more significant" than cybercrime if it occurred.

Art Wong, senior vice president of managed security services for Symantec, said he had noticed an increasing trend for cyberattacks to be politically motivated, but that most attacks were launched for financial gain. "The problem is becoming more prominent," Wong said. "In Estonia and Italy recently governments or political organisations were attacked. [However] most threats are attempts to gain financial information."

But Paul Simmonds, chief of information security at ICI, said he "was yet to be convinced the situation is as bad as it's hyped to be".

"There's always a risk from cyberterrorism, especially to the national critical infrastructure — but there's a question of how real it is," he said. "It's been hyped quite a bit. As Rob Martin said, you get much more spectacular effects with a lump of C4 [explosive] rather than trying to go through firewalls. It's not high on my threat radar. It's on it, but not high."

The Centre for the Protection of National Infrastructure (CPNI) said that it "wouldn't be appropriate to comment" as to whether the threat level from cyberterrorism is increasing.

"The [current] threat level remains unchanged," said a CPNI spokesperson. "We will respond when evidence is presented. We monitor the situation, and the threat level will be amended if required."