Cyberterrorism a reality 'in two years'

SC Conference: The Royal Mail's director of information security warns that cyberterrorism will become a reality in the next two years
Written by Dan Ilett, Contributor
Cyberterrorism could become a reality in 2006, a leading UK information security expert has said.

Speaking at the SC Magazine Conference in London on Thursday, director of information security for Royal Mail David Lacey said that that the world would witness cyberterrorism within two years.

"Cyberterrorism will be happening," said Lacey. "But it certainly won't happen until 2005 or 2006. There is a lot of consistency in research that shows many of the real risks won't come to a crescendo until then."

Lacey, who helped to found the Jericho Forum -- a group of FTSE 100 firms that are pushing for 'perimeterless' security -- added that terrorists are currently not using the Internet for their work.

"We know a lot about some of the trends coming," said Lacey. "Real terrorists have not had the capability to carry out threats. But that will change as the stakes get higher."

Lacey also said that for the next two to three years, the IT industry would produce more of the same technology. But following this period, people would begin to see a radical change in security.

"By 2005, 2006 -- could be sooner or later -- we will come to a critical convergence period where we have to make a step change in security to manage risks."

Lacey said his findings were the result of talking to 100 to chief information security officers over the last six years.

Yesterday at the conference, director of incident response for Cable & Wireless Richard Starnes said that cyberterrorism was an over-used term.

"Cyberterrorism is a word that the press loves because it gets people to read stories," he said. "A good portion of what we get is not terrorism. Terrorism is where you try and change the political situation of a country by using terror. Web defacements don't really count for that. Terrorists use the Internet for recruiting, fundraising and research, but not a lot else."

Other observers share his scepticism. Speaking at the CeBit technology fair last year, Bruce Schneier, security expert and chief technology officer of network-monitoring company Counterpane Internet Security, said the threat posed by cyberterrorism had been overestimated.

"The hype is coming from the US government and I don't know why. If they want to attack they will do it with bombs like they always have," he said.

He added that rather than fostering a climate of fear, disrupting the Net and other communications networks would probably just annoy people.

Editorial standards