Security expert Bruce Schneier was interviewed by Tom Espiner of ZDNet UK regarding the notion that foreign governments are a serious threat to a nation's critical national infrastructure and whether cyberterroism is a more potent threat than the rampant cybercrime. Schneier views cyberterrorism threats as overstated.
"The US government gives a lot of money to fight terrorism, so cyberterrorism is hyped. I hear people talk about the risks to critical infrastructure from cyberterrorism, but the risks come primarily from criminals...at the moment, criminals aren't as 'sexy' as terrorists. We should not ignore criminals and I think we're under-spending on crime. If you look at ID theft and extortion — it still goes on. Criminals are after money."
Identity theft, phishing schemes, spyware, IP theft are causing more havoc than any cyberterrorism, worm or virus incidents. The Federal Trade Commission's started an awareness and education campaign in 2002 to help consumers and businesses stay safe online. It even included a mascot, Dewie the e-Turtle, with his always present security shell. The last press release on the site is dated August 2003. It's obvious that Dewie hasn't become the cybercrime version of Smokey the Bear. Technology executives have been to Capitol Hill, and have asked for a commission on organized cybercrime. [Check out McAfee's Virtual Criminology Report for some detail on the scope of organized cybercrime.] Security vendors can't really keep up with the cyberattackers, and their efforts to educate users and sell products are limited. U.S. government efforts to prosecute cybercrime or legislate stiffer penalties isn't having much effect at diminishing cybercrime, which is borderless. If education is one of the keys to reducing cybercrime, then the government and the private sector need to fund programs that will bring the problem and solutions more into focus for the masses. Revivify Dewie the e-Turtle or come up with some other idea, but current approaches to reducing the scourge of cybercrime aren't working.