Cyber terrorism 'merely a theory'

Technology-based terrorist attacks remain a theoretical phenomenon, and businesses should focus instead on protecting themselves from demonstrable threats, according to a Gartner analyst

Gartner's information security and risk research director has dismissed cyber-terrorism as a "theory". The comments came during a media round-table session at the Gartner Symposium and IT Expo, which began this week in Sydney. The director, Rich Mogull, told journalists that despite the incidence of high-profile digital attacks, cyber terrorism is a phenomenon that has never occurred.

"The goal of terrorism is to change society through the use of force or violence, resulting in fear," he explained. "I want to put this cyber terrorism thing to rest. It's a theory, it's not a fact."

Even though there were examples of attacks that has physical consequences -- such as the case of Vitek Boden, who was sentenced to two years in prison for releasing up to 1 million litres of sewage into the river and coastal waters of Maroochydore, Queensland in 2001 -- they could not be described as terrorist acts, Mogull explained. To a large extent it comes down to motive, he said.

"If a directed cyber attack on, say, a power system that... resulted in the blackout of an entire nation or a large region and deaths because of that... that would constitute cyber terrorism if they claimed they did this as a terrorist act," he said. "The motive will define what's terrorism and what's not."

Mogull maintains the argument is largely academic -- it doesn't matter who's attacking an organisation, it should be doing the best it can to protect itself in the first place, whether attacks are coming from criminals or "cyber terrorists".

"Let's stop running around being scared about these esoteric threats out there. Let's look at protecting ourselves by closing the vulnerabilities we know exist, and protecting ourselves from the attacks that we know exist," he said.