Cyberterror Not Yet a Credible Threat, Says Policy Thinktank 165
Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."
Not yet - shouldn't we still care? (Score:4, Insightful)
Re:That's Why We Must Be Proactive now (Score:3, Insightful)
On the contrary. It's too inexpensive and too convenient. Worst of all, it might actually work (though not with politicians in charge).
Re:bring back the pr0n! (Score:5, Insightful)
A guy I work with likes to point out that we always protect against the last terrorist attack, not the next one. You have listed a bunch of things which probably won't work and are not a concern. We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.
Re:bring back the pr0n! (Score:5, Insightful)
But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv. Terrorism doesn't do terror just for the fun of it, but there's always some reasoning behind it - sometimes rational, sometimes more irrational. However script kiddies do it just for the fun of it, to gain that small time period of fame for randomly hacking something.
Depends on the definition. (Score:5, Insightful)
To me, all that fearmongering of "terrorists" (that don't exist) is creating terror itself. So all the censorship and surveillance on the net would be the actual "cyberterror". If there were a point in adding "cyber-" in front of everything. It's just plain terrorizing the people. For the usual reasons: To gain control over them.
Re:Of course they would say that (Score:4, Insightful)
Keep in mind that terrorist is a buzzword now, and means 'generic enemy' rather than 'psychological warrior'. Just like 'Commie' during the Cold War, or 'Nazi' during WWII.
Re:Sticking head in sand 101 (Score:3, Insightful)
Anyone who things "cyberterror" is not a credible threat is naiive, or completely clueless. Yes, terrorists use the Internet, and know how to get around being traced.
Everything that you described in your post is criminal action, not terrorist action.
Cyberterrorism is a silly concept (Score:5, Insightful)
A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.
It's not about the amount of damage, it's about the effect. A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on. A car exploding next to a bistro may only kill two or three people, but it is far more effective terrorism.
For terrorism to be effective, it has to produce terror. That's an emotional reaction, not an intellectual one. And to get that emotional reaction, there has to be real tangible threats, like flames, blood and gore, falling rocks, etc.
Re:Of course they would say that (Score:1, Insightful)
Re:bring back the pr0n! (Score:2, Insightful)
'only' is a pretty strong word in that particular statement. For instance, imagine if someone ran a network very similar to the internet, except for all of the pesky public access.
Re:"not yet credible" (Score:3, Insightful)
Google (or anybody) hasn't solved any spam problem, they keep doing what I do - spend money/resources to filter it on the server side. Everyone else who is running an email server does the same. The effort and resources are still wasted, whether the clueless lusers see it or not.
The "government" (especially that of the US, which is still the top spammer, accounting for more spam than the next 9 in the top list) can do many things -- like hitting the spammers and their customers hard, and press other governments to the same. They do it very well for a lot of things (including "intellectual property" rights) already.
Instead, we see large budgets spent on "cyber terror", tons of spam, and people with their heads up in the cloud, or darker places.
Re:bring back the pr0n! (Score:4, Insightful)
As you say, the main goal of terror groups will be to intimidate and cause widespread panic and lasting fear. Now, how that's done depends largely on the environment. If we're talking domestically, e.g. in the US, and I'm going to assume we are, the greatest threats online IMHO are things like identity theft, financial fraud (they're always looking to fund their activities), target profiling, and causing temporary disruptions of service (power, emergency services, telecom, transportation, etc) just before an attack. Those are all places where vulnerabilities are definitely present, and where we could and should definitely make changes for the better. Such a glib assessment that there is no threat smacks of the same arrogance/ignorance that led a certain ship to be called "unsinkable."
Cyber "terror"? (Score:3, Insightful)
"Not yet?" Maybe "not ever." Cyber-sabotage? Sure. But people are pretty jaded about computers. Windows still has huge marketshare. Bring all of society crashing down and I'm still not sure it'll be "terror." People will be pissed, but will they feel the safe has become unsafe? Either they already think that, or they never will.
Comment removed (Score:3, Insightful)
Re:bring back the pr0n! (Score:4, Insightful)
So, what's the difference between an attacker looking for fun and an attacker with a political agenda?
Cyberterror is not a credible threat because we're already up to our necks with spammers, script kiddies, whatever. Whether or not they have reasons to do it other than "I want your money", we don't know and we don't care.
Maybe, maybe not... (Score:2, Insightful)
It seems that cybersecurity is only as good as who is administering it. If we take the object lesson of British Hacker Gary McKinnon, who is actually now in the process of being extradited to the U.S. to face prosecution for hacking various Pentagon and other miltary computers, he claims that various "highly sensitive" systems (running Windows operatin systems at the time) where on the network with the then default password "Admin".
In fact Mr. McKinnon doesn't really consider himself to be a very accomplished hacker at all, but that the systems he infiltrated were simply easy to break into. Not only was he able to easily gain access, but while on these networks logged IPs from numerous other individuals from various other countries who were after the same "free candy". Having the capability to be totally secure and doing the proper "housekeeping" necessary to be and remain secure are often two different things.
It seems as though U.S. Cybersecurity may be mistaking the obvious fear of punishment for breaching sensitive systems, for a lack of ingenuity and skill on the part of potential troublemakers on its networks, which is a pretty big mistake. That is how it seems at least
I think you've got the order backwards here (Score:3, Insightful)
Actually, the decision process went more like this: 1) Iraq deserves to be invaded. 2) How can we justify invading them? 3)I know, let's say they have nukes!
Oh, yeah, and 4) profit (for oil companies).