Don't cry wolf over cyberterror

Despite all the the talk of cyberterrorism, we've still to see a single conviction under terrorism legislation

Can terrorists use computers? We might as well ask if they can use the kitchen sink. Can they use them to create terror? Of course they can, but the evidence that anybody has done so, as with most evidence of the imminent terrorists threats that our governments continuously fire at us, is lacking. Bruce Schneier is quite right to pour scorn on the use of the term cyberterrorism; it is a term that gained currency with the publication of the Anti-terrorism, Crime and Security Act 2001, but which has not been used in the courts in the four years since.

It has, however, been used virtually everywhere else. Governments and (some) security software vendors never tire of warning us of the threats of cyberterrorism. Remember the story about the 12 year-old hacker who took control of the floodgates at the Roosevelt Dam? Scary stuff indeed, and surely a likely cause of terror to those living downstream. Only, as the site documents, what actually happened was that a 27 year-old hacker dialled into a server that monitored the water levels of canals in the Phoenix area. Investigators concluded it posed no threat to safety, though in 2002 this did not stop the then White House cybersecurity advisor declaring: "we've seen 14- and 15 year-olds hack their way into things like the control system for a dam in Arizona".

Hacking is certainly a nuisance. It can cost money and be offensive, and is something that we should protect ourselves from (obviously), but probably not through terrorism laws and certainly not through over-hyped alerts.

On the same day that Schneier castigated those who cry wolf, Spamhaus took a bite out of ISPs, pointing out that it is they who should in fact be supplying proper security products to their customers, along with broadband. Spamhaus has a point, even if it's not a particularly new one. If telcos, ISPs and security companies won't take a more responsible attitude then customers — from big enterprises to individuals — need to take matters in hand by dealing only with those companies who make a proper commitment to security. And that means protecting, not crying wolf.