Forgot your password?
typodupeerror
Security The Internet The Military IT

Cyberterror Not Yet a Credible Threat, Says Policy Thinktank 165

Posted by timothy
from the got-to-be-right-all-the-time-though dept.
Trailrunner7 writes "A new report by a Washington policy think tank dismisses out of hand the idea that terrorist groups are currently launching cyber attacks and says that the recent attacks against US and South Korean networks were not damaging enough to be considered serious incidents. The report, written by James Lewis of the Center for Strategic and International Studies, looks at cyberwar through the prism of the Korean attacks, and calls the idea that terrorists have attack capabilities and just aren't using them 'nonsensical.' 'A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market. The evidence for this is partial and anecdotal, but the trend has been consistent for more two decades,' Lewis writes."
This discussion has been archived. No new comments can be posted.

Cyberterror Not Yet a Credible Threat, Says Policy Thinktank

Comments Filter:
  • by thhamm (764787)
    cyberterror? someone posted something about 'What If They Turned Off the Internet? [slashdot.org]'. now that's a threat!
    let me share somethin' special with you, which i call perry's perspective. [youtube.com].
    • by sopssa (1498795) * <sopssa@email.com> on Sunday October 25, 2009 @06:07PM (#29867421) Journal

      Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.

      Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet. Yeah, you can cause some minor annoyance or accidentally route traffic elsewhere like what happened with YouTube for ~30 mins a few years ago, but those are quickly fixed when upstream ISP's responsible notice.

      Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

      • A lot of it depends on what's being attacked, and how.

        A concerted effort to blow up / corrupt / poison the DNS root servers? Could be considered as something to worry about. A DDoS against any IP belonging to $targetNation, or even just all major banks belonging to $targetNation? Probably not as much (mostly due to the sheer size of the target, the bandwidth soaking that doing so would require, etc).

        • by sopssa (1498795) * <sopssa@email.com> on Sunday October 25, 2009 @06:45PM (#29867571) Journal

          But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv. Terrorism doesn't do terror just for the fun of it, but there's always some reasoning behind it - sometimes rational, sometimes more irrational. However script kiddies do it just for the fun of it, to gain that small time period of fame for randomly hacking something.

          • by uuddlrlrab (1617237) on Sunday October 25, 2009 @09:45PM (#29868389)
            I think you're hitting the nail on the head with your post. Bothering Google, or various other sites, even if it's for a day or two, would likely cause nothing more than a lot of annoyed muttering and sighs. However, there are still some things to consider.
            As you say, the main goal of terror groups will be to intimidate and cause widespread panic and lasting fear. Now, how that's done depends largely on the environment. If we're talking domestically, e.g. in the US, and I'm going to assume we are, the greatest threats online IMHO are things like identity theft, financial fraud (they're always looking to fund their activities), target profiling, and causing temporary disruptions of service (power, emergency services, telecom, transportation, etc) just before an attack. Those are all places where vulnerabilities are definitely present, and where we could and should definitely make changes for the better. Such a glib assessment that there is no threat smacks of the same arrogance/ignorance that led a certain ship to be called "unsinkable."
          • by _Sprocket_ (42527) on Monday October 26, 2009 @12:07AM (#29868987)

            But if we consider that usually terrorism tries to get some point across (with inhuman ways) and get people to hear them, causing disturbance for the Internet would be quite stupid, as it's actually the first worldwide medium to get your word across without goverment control like with radio and tv.

            You're assuming that:

            1) Everyone in the world understands what the Internet offers.

            2) That those who would target the Internet don't see it as a symbol of Western power / pride.

            3) Everyone WANTS people to have access to a worldwide medium that gives them free access to thoughts and ideas not dictated by their regional government / society.

      • by MichaelSmith (789609) on Sunday October 25, 2009 @06:41PM (#29867555) Homepage Journal

        A guy I work with likes to point out that we always protect against the last terrorist attack, not the next one. You have listed a bunch of things which probably won't work and are not a concern. We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.

        • Once you start down that route then your hypothetical ideas go three places: people who do not care, government investigative agencies, and actual terrorist groups.

          The people who don't really care are probably the people with which you discuss these things.

          The government investigative agencies, depending upon the quality of your hypothetical ideas, may begin to monitor or make inquiries about you. Many people are not comfortable with vague gray fuzzy inquiries from vague gray fuzzy characters. Look for t

          • Re: (Score:3, Interesting)

            by dbIII (701233)

            Iraq had some things that US leaders were uncomfortable with

            Yes, things like dragging half of their equivalent of congress out the back and forcing the other half to shoot them. It makes everybody that knows it in anything faintly resembling a Democracy uncomfortable.
            But that's not a reason for the invasion, earlier administrations were quite happy to deal with them and some current military allies such as Algeria are far more of a basket case. There were plenty of stupid, petty, greedy or strategic reaso

          • Iraq had some things that US leaders were uncomfortable with, therefore they deserve to be invaded.

            Actually, the decision process went more like this: 1) Iraq deserves to be invaded. 2) How can we justify invading them? 3)I know, let's say they have nukes!

            Oh, yeah, and 4) profit (for oil companies).

          • Re: (Score:3, Funny)

            by StikyPad (445176)

            Sounds like somebody's been watching too many X-Files reruns...

            There will be a vague gray fuzzy knock on your door shortly. Do not remove any of the crawlies from under your skin -- there's no time for that now. Pack only what you need, wrap your cash in tinfoil to attenuate the signal from the embedded tracking devices, and just RUN!!! When you arrive at the previously agreed-upon meeting place, then we can use my ultrasonic humidifier to examine you and find out how many organs they've already stolen.

        • We should try to think about the things which we are outside our idea of the scope of terrorist operations. Prior to 911 we didn't consider suicide hijackings to be a threat.

          I disagree. While it may be entertaining to worry about new and innovative ways to cause mass hysteria and panic, we should only give minor attention to potential attacks because, frankly, the field is so wide open that we could spend all our money and not protect us from 1% of it.

          For example, even if we had taken suicide hijackers seriously before 911, what would we have done about it? Even after 911 99% of the effort is a total waste - the only useful measures taken have been reinforcing the cockpit doo

          • Re: (Score:2, Informative)

            by maxume (22995)

            Not to belabor the point, as he is already rather overexposed, but Bruce Schneier repeatedly makes the point that funding good investigative police work is also an effective measure (because it is often the case that the bad guys are making mistakes, regardless of the particular vector they have chosen to focus on).

        • by dimeglio (456244)

          Sure they did consider suicide hijackings to be a threat. This was not new at all. They simply underestimated the willingness to pull it off or that it would have such an impact. Even the 911 terrorists themselves, I'm certain, were sure the towers would not fall as they did.

          I consider cyberterrorism less of a threat to my health than drunk drivers are. Anyone who think otherwise, to me, is simply for self-interest purposes. It would simply feed the well known conspiracy theory that malware detection/remova

        • by houghi (78078)

          The problem with protecting against the next way of attacking is that the protection is more harmfull then the (possible) attack itself.

      • by demachina (71715) on Sunday October 25, 2009 @06:54PM (#29867597)

        "What are you going to on the internet,"

        The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage. Its open to debate how feasible these are but they are certainly plausible and the systems involved may all interact with the Internet now in one form or another.

        I find this statement amusing to no end:

        "A very rough estimate would say that there is a lag of three and eight years between the capabilities developed by advanced intelligence agencies and the capabilities available for purchase or rental in the cybercrime black market."

        It basically implies that advanced intelligence agencies are years ahead in developing the tools for Cyberterrorism. If that were actually true, which I doubt, then why wouldn't you still be "afraid" some advanced intelligence agency will launch a cyber terror attack, or is this submission implying that just because a nation state does it, its not terrorism?

        • by sopssa (1498795) *

          The classic examples are hacking in to the computers that control the power grid(s) and causing a widespread blackout, taking down the air traffic control system, opening flood gates on a dam, or causing a wide spread phone/cell phone outage.

          Except the last one, I dont think those systems should be running on the internet anyway. Even if some terrorist group isn't going to hit them, some script kiddie will.

          • Re: (Score:3, Interesting)

            by demachina (71715)

            Air traffic control and power grids are inherently networked operations. You need to transfer planes from one control center to another, and to report loads or faults on the grid to various control centers, or turn generators on and off to balance load across wide areas. Only way you wouldn't have these functions on the Internet is if you go back to using phones to call people which is brutally inefficient and error prone. One hopes these networks are very secure VPN's but who knows.

            Not sure if big dams

            • Re: (Score:2, Insightful)

              by maxume (22995)

              'only' is a pretty strong word in that particular statement. For instance, imagine if someone ran a network very similar to the internet, except for all of the pesky public access.

              • by demachina (71715)

                Building an isolated network covering the entire nation is very expensive. Just about all network activity is running over the same backbone. I think by saying virtual private network I was saying what you are saying. But, when you have hundreds of thousands of computers on a private network its exceptionally easy for someone to hang one of them on their LAN too and open the whole thing up to the Internet. If completely private networks were so easy I don't think you would read so many stories of defens

            • Air traffic control and power grids are inherently networked operations.

              "Networked" != "accessible via the internet". While it's possible to break into some of these kinds of networks, it generally requires 1) physical access to a terminal (for wired networks) or 2) at least physical proximity to the system (for wireless networks).

              I think it's highly, highly unlikely that bad guys in China or Pakistan or whatever are going to be able to break into systems controlling big, dangerous infrastructure like this

      • "Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up."

        A list of possible targets:
        banking transactions being disrupted tends to terrorize people with money
        taking down the power grid can be scary
        disrupting mass transit can be scary
        actually causing crashes of mass transit would be outright terroristic
        publishing false news stories ranks som

        • by dkf (304284)

          A list of possible targets:

          Get real...

          banking transactions being disrupted tends to terrorize people with money

          Terrorizing bankers? That's likely to win them a medal from everyone else...

          disrupting mass transit can be scary

          Except the safety-critical parts of mass transit systems are designed to fail safe. Disrupt them and all you get is a bunch of cross people on a stopped train; hardly terror.

          actually causing crashes of mass transit would be outright terroristic

          And also highly unlikely.

          publishing false news stories ranks somewhere between scary and terroristic

          Quick everyone! We've got to arrest the "journalists" at Fox News as terrorists!

          disrupting news services is at least mildly scary

          But disrupting all news sources is really difficult because they are a diverse bunch.

          disrupting or taking over Department of Defense networks can contribute to terror

          Are we talking about delaying the email of low-level folks (a

          • by Monsuco (998964)
            To reply to two people at once

            Terrorizing bankers? That's likely to win them a medal from everyone else...

            Yes, I would sure love the person who stole my 401K.

            publishing false news stories ranks somewhere between scary and terroristic

            Gasp your right. In that case all bloggers should be shot. Markos Moulitsas should be shot twice, or at the very least made into even more of a laughing stock then he already is. All readers of blogs are guilty of aiding the enemy and should be punished by being forced to move out of their parent's basement.

            actually STEALING Department of Defense secrets is REALLY scary

            That's more cyber-spying than cyber-terror. That being said the NSA and CIA spend millions here.

          • by Dorsai65 (804760)

            Terrorising banks: Sure, no biggie -- right up until it happens for the eleventy-seventh time this year at YOUR bank, and you can't use your ATM/debit card/credit card...

            Disrupting transit: Similar to above, but add in the perceived risk of actual physical harm.

            Deliberately wrecking transit: "Highly unlikely"... like, say, crunching an airplane into a building on purpose?

            Publishing false stories: Good thing bogus stories don't get spread by word of mouth as rumors...

            Disrupting news sources: Unless, of c

            • by Svartalf (2997)

              You hit it on the head of the nail in your last line there- the magic word here is " YET ". The last three ones are deeply troubling if you think about it and the power grid one's much, much more possible than most would think and they're just going to make it more doable with the current Smart Grid stuff they're planning on doing.

        • I disagree. None of those situations you describe are terrifying. They are annoying. Disrupting the banking system means people don't get access to their assets for days or even weeks until it's straightened out. But it is eventually straightened out, and rational people know that. They also know that losing their money is not the same as literally losing an arm and a leg (as happens when you stand too close to an exploding bomb).

          Even things like shutting down power or communications can cause deaths,
          • by Svartalf (2997)

            Heh... Rolling brownouts/blackouts over the entire country or a blackout that makes the 2003 East Coast one look like a picnic are very possible and doable right now with the infrastructure the way it is. Do you think that it will be annoying the populace or freaking them out at that point?

          • In the Foundation series, the Foundation won a war because they stopped providing helpful but not essential consumer goods to the people attacking them. Eventually, the aggressor's population became so unhappy with their leaders depriving them of shiny toys that they rebelled. Obviously this is fiction, but it made a good point. People are much likely to care about small things that affect them directly than larger things that only affect other people.
            • The word for that is "sacntions", not "terrorism". And I think that, in general, history does not agree with Isaac Asimov. See Cuba for example.

              However, you do raise a good point about "things that affect them directly". I think terrorism, to be effective, requires people to think that it could have affected them. So a random car bomb that kills 10 people is terrifying, because people think they could have been one of those people. On the other hand, thousands of people dying each year because they dri
      • by Anonymous Coward on Sunday October 25, 2009 @06:56PM (#29867615)

        Having worked for three letter agencies, let me say that yes, China is engaged in this activity. Certainly the Russians, French, US, British, and any other country with a foreign intelligence service. In China's case, it's very hard to officially link it to the government because the PLA owns so many companies in the country they can have one of those entities engage in the action with plausible deniability.

        As far as it not being a "real" threat, I'd ask the Estonians what they think about that....

        • by gmhowell (26755)

          And your post gets today's award for being a truffle amongst the shit that makes up slashdot.

        • by smoker2 (750216)

          Having worked for three letter agencies, let me say that yes, China is engaged in this activity

          PLO, IRA and ETA ?

        • Isn't it true that the main threat from the Chinese, et al, is industrial espionage? I find it very, very difficult to believe that it's even possible to do things like bring down power plants, screw around with dams, etc, over the internet.

      • Re: (Score:2, Interesting)

        by iamsolidsnk (862065)
        Terrorism is meant to cause terror while performing everyday activities or a general sense of fear and paranoia in the general population. General public != internet-using public, and I find it hard to believe that any type of act committed in cyberspace would cause such feelings in any average internet-using person. Until cyber-activity gets to a point where such activity causes personal harm, whether psychologically or physically, I would say the term cyber-terrorism has no relevancy to the general publ
      • by blueg3 (192743)

        Another thing is that it's quite hard to launch such a catastrophic, large-scale attack against the internet.

        That's not the attack of interest.

        Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com (if you even could hack it - I bet there have been many that have tried)? It just doesn't sum up.

        While stealing, destroying, or maliciously altering important data -- financial or medical records, for example, or military technology -- are interesting attacks, most of the interesting cyberterrorism scenarios involve disabling or damaging non-Internet infrastructure, such as power generation.

      • by Monsuco (998964) on Sunday October 25, 2009 @09:28PM (#29868303) Homepage

        Also isn't terror's one meaning to cause, well, terror? What are you going to on the internet, put a scary picture on google.com

        You have gravely underestimated the power of goatse.

      • by Herkum01 (592704)

        Yeah, well what if they take away all your internet games [slashdot.org], that would be something to be scared about.

      • Ok, it's an acronym, possibly not a real word. But SCADA (jfgi) is the most likely target we need to defend against in any cyberattack. SCADA systems measure voltages, control levels and flip switches on industrial and civil infrastructure systems such as those controlling water and sewerage systems, and running petrochemical plants.

        Most of the truly scary scenarios are being looked at by security experts now (disclosure: the company I work for is involved in this sort of work) and a lot of SCADA system

        • by Svartalf (2997)

          THANK YOU!

          And I'd go so far as to say most of them have not been properly secured. Just putting up TLS security to secure the links isn't good enough. Just piling DNP3 authentication or comparable for other SCADA protocols on top of things isn't good enough.

          I've been asking the embarrassing questions for a while now. Which reminds me...need to pester the NIST guys again over something... :-D

      • by _Sprocket_ (42527)

        Well I think this whole "cyberterror" idea is pretty funny. I even remember that back in 2000 in school we had to write about some article where they described "cyber attacks from China goverment". Has anyone actually proven that China as a goverment is doing those? It still seems like a myth. Considering world is filled with script kiddies, and China+India together have half of the population on Earth, it's not surprising that many percentage of them could be from there.

        I view anything with the "Cyber" prefix that intends to be serious as suspect. It works great in science fiction. Most of what exists in the real world with such naming tends to be a lot of noise with little substance - mere marketing. So I have a lot of skepticism towards "cyberterror" at face value.

        But I have a hard time being entirely dismissive of the concept. I've been witness to all manner of attacks on Government and defense contractor networks. Most of them have been very much the described scr

      • There was actually a really interesting talk at Defcon this year where they characterized how different countries approach cyber warfare or crime.

        The speaker spent a good amount of time on China and it's history. What it boiled down to is China's cyberware abilities are kind of like militias. They're different local groups tied tightly to the government and to academia.

        In contrast, the US seems to either be research associated with academia or action explicitly part of military groups, (like the cyber

  • by Anonymous Coward

    It seems to me that even if this report was accurate, we shouldn't be resting on our laurels until the threats become credible and too late to stop.

    Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages, not when the have assembled and planted the bomb. Cyberterrorism should be no different.

    We wouldn't want the smoking gun to be a complete breach and shutdown of our networks would we. I favor a more proactive and preemptive approach. Attack them now befo

    • by thhamm (764787)

      Its clear the best way to stop and prevent terrorism is at the point of planning or in the initial stages

      yes exactly, because changing things so that noone will have to resort to terrorism is just too easy. and expensive. and inconvenient.

      • Re: (Score:3, Insightful)

        by John Hasler (414242)

        On the contrary. It's too inexpensive and too convenient. Worst of all, it might actually work (though not with politicians in charge).

  • Hy-Brasil is not sinking...nope, not happening. No need to panic, we are NOT sinking...
  • by DeadPixels (1391907) on Sunday October 25, 2009 @06:29PM (#29867507)
    Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?
    • That would go along with the strategy of the US government for the last while now. Ignore the threat of a housing meltdown for nearly a decade until it is too late and nothing can be done about it. Ignore the national deficit and ballooning budget until it is too late and there is nothing we can do about it (actually there is still time on that one, just not much). Ignore the levees until it is too late and an entire city is under water. Ignoring the real problems while instead focusing on things that seem
    • by awc (1656865)
      just use linux, then we'll be good to go.
    • by Monsuco (998964)

      Sure, I agree that we might not see cyberterror attacks for years yet. Does that mean we should turn a blind eye to our infrastructure and ignore the issue of proper security?

      No but societies have scarce resources with alternative uses and realizing how big a risk this presents versus how big a risk other potential problems present helps us assign priorities. If you are worried about someone breaking in to your house, priority number one should be to get in the habit of locking your doors when not using them. Looking at things like motion lights are good, but locking doors is the best problem to solve first. It is all about relative risk.

      • by Svartalf (2997)

        I contend that we're not even at the "locking your doors" stage on a good portion of things out there. I don't think they've figured out the "lock" part of the whole equation there in at least a few of the cases.

  • terror? (Score:1, Redundant)

    by Fuzzums (250400)

    my spambox is fullfilled with cyber terror

  • by Hurricane78 (562437) <deleted.slashdot@org> on Sunday October 25, 2009 @06:47PM (#29867577)

    To me, all that fearmongering of "terrorists" (that don't exist) is creating terror itself. So all the censorship and surveillance on the net would be the actual "cyberterror". If there were a point in adding "cyber-" in front of everything. It's just plain terrorizing the people. For the usual reasons: To gain control over them.

    • Even if these terrorists did exist, it wouldn't be worth throwing our freedoms away to stop them.

      • by Svartalf (2997)

        Okay...

        In what way is putting decent security measures, including intrusion detection, into your SCADA network going to be throwing away your freedoms?

        It's not.

        Instead of decrying the hype and putting up counter rhetoric, why don't we start asking the troubling questions of people and insisting upon getting better answers that will actually mitigate the problem? Doing the rhetoric is as bad as the hype and will just leave us open for another incident like 9/11.

  • by darthwader (130012) on Sunday October 25, 2009 @07:25PM (#29867761) Homepage
    "Terrorism" requires terror, not inconvenience or annoyance.

    A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

    It's not about the amount of damage, it's about the effect. A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on. A car exploding next to a bistro may only kill two or three people, but it is far more effective terrorism.

    For terrorism to be effective, it has to produce terror. That's an emotional reaction, not an intellectual one. And to get that emotional reaction, there has to be real tangible threats, like flames, blood and gore, falling rocks, etc.
    • If New York lost power for more than a week (especially in the middle of winter or summer), there would be real terror. By day four, you'll have fucking retarded amounts of looting. Plus all the deaths from exposure. Maybe the thought of it won't induce terror in us now. But if it did happen, the very idea of shit like that happening in your city would very much induce a terror response. Seriously.
      • by Zerth (26112)

        And that's why I have a generator and half a dead animal in the freezer.

        Stupid power company spends more on advertising than they do on maintenance around here, went a week without winter before last and didn't much care for it.

      • by Monsuco (998964)

        If New York lost power for more than a week (especially in the middle of winter or summer), there would be real terror. By day four, you'll have fucking retarded amounts of looting. Plus all the deaths from exposure. Maybe the thought of it won't induce terror in us now. But if it did happen, the very idea of shit like that happening in your city would very much induce a terror response. Seriously.

        Loss of power does not in any way mean law enforcement would simply abandon the city. I suspect more property damage would occur in a sports riot than in an overloaded power grid. It would be a problem, but police would still be there, and they have probably trained for such scenarios.

        • by a whoabot (706122)

          From New_York_City_blackout_of_1977#Effects [wikipedia.org]:

          "Looting and vandalism were widespread, especially in the African American and Puerto Rican communities, hitting 31 neighbourhoods, including every poor neighbourhood in the city."

        • by Svartalf (2997)

          The police would be overwhelmed as there's most definitely a disparity of people to police officers. Training not withstanding, if you're outnumbered 1000:1 (and they would be...) there's a threshold that if the crowd in question goes over, the cops will be injured or killed as the crowd takes them at some point.

          You put too much faith in law enforcement. It only works well when the bulk of the populace are law abiding. When the population largely is not law abiding and obviously outnumbers the enforcemen

    • by TubeSteak (669689)

      A few years back, we had an accidental shutdown of the power supply of most of the eastern North America. It was very inconvenient, and it cost a huge amount of money, and it even resulted in the loss of some lives. But it wasn't terrifying. It was just annoying.

      Now imagine if N. Korea or Iran had caused it.
      Would it still be annoying or would it be a tangible threat?

      Personally: I'm betting a large portion of the populace would call it an Act of War.

    • Great point. I think electronic infrastructure security should be beefed up, but I doubt it would be done in an intelligent manner.

    • tangible threats, like flames, blood and gore, falling rocks,

      WOW addicts stumbling down streets, moaning incoherently...

    • by sorak (246725)

      It may not be "terror", but if they could cripple our economy for a few days, then that would be an effective tool for them. Executives and politicians would not be yelling "run for your lives, our website is down!", but they would be worried, and they would be willing to change the way they did business if it were the only way to prevent this from happening again. In this respect cyberterror could be the most effective means of terror there is, as it would directly hurt the wallets of the people who have t

    • A cyberterror event like a power or communications failure could result in hundreds of deaths, but there's nothing to focus on.

      What's more, it probably wouldn't even become APPARENT that the event was caused by a "terrorist" until long after the fact. That really limits the utility of this kind of thing from the "terrorist's" standpoint - it's hard to terrorize people when they don't even realize you've done something.

    • by StikyPad (445176)

      It's not about the effect, it's about the intent. The effect and reaction are up to *us*.

  • This three to eight year lag is the spread of cyberweapons is supposed to reassure us? :-( What other weapons have three to eight year lags in being available to everyone?

    We need to move beyond war, in part because it is too terrible to contemplate at this point:
    http://educationanddemocracy.org/FSCfiles/C_CC2a_TripleRevolution.htm [educationa...ocracy.org]

    We need to transition to "intrinsically secure" infrastructure:
    http://en.wikipedia.org/wiki/Brittle_Power [wikipedia.org]
    that we protect by means of "mutual security":
    http:/ [beyondintractability.org]

  • Once the terrorists have taken down all their pr0n sites, we'll probably get red alert.
  • Cyberterror could do some nasty things, such as stealing financial information; but as far as disrupting vital systems, we're pretty safe... because computers and software are so damn unreliable that nobody EXPECTS them to work all the time. Every business and organization should KNOW, from experience, that their computer system could go belly up at any time, and have backup methods and redundancies ready to go.

    I'd wager that lots of cyber-terrorist attacks would just seem like a normal Monday. If a co
    • by Valdrax (32670)

      Every business and organization SHOULD know, from experience, that their computer system could go belly up at any time, and have backup methods and redundancies ready to go.

      Fixed that for you. Unfortunately, many don't.

  • Cyber "terror"? (Score:3, Insightful)

    by Sloppy (14984) on Sunday October 25, 2009 @10:45PM (#29868681) Homepage Journal

    "Not yet?" Maybe "not ever." Cyber-sabotage? Sure. But people are pretty jaded about computers. Windows still has huge marketshare. Bring all of society crashing down and I'm still not sure it'll be "terror." People will be pissed, but will they feel the safe has become unsafe? Either they already think that, or they never will.

  • by prometx42 (1107413)

    It seems that cybersecurity is only as good as who is administering it. If we take the object lesson of British Hacker Gary McKinnon, who is actually now in the process of being extradited to the U.S. to face prosecution for hacking various Pentagon and other miltary computers, he claims that various "highly sensitive" systems (running Windows operatin systems at the time) where on the network with the then default password "Admin".

    In fact Mr. McKinnon doesn't really consider himself to be a very accomplis

"It is easier to fight for principles than to live up to them." -- Alfred Adler

Working...