Security News > 2001 > November > RE: Cyber terrorism is 'fantasy'

RE: Cyber terrorism is 'fantasy'
2001-11-30 12:14

Forwarded from: Dan Verton From: Dan Verton, senior writer, Computerworld, and former intelligence officer Rosenberger is right on many points. This is something I have been writing about for more than a year and have even put Mr. Clarke on the spot in a public forum and got him to reverse on the use of the term cyber-terrorism (see CNN http://www.cnn.com/2000/TECH/computing/07/03/real.cyberterror.idg/index.html). I aired my concerns about the misguided use of language when it comes to discussions of cyber threats at the recent Black Hat briefings in Las Vegas. I watched as several so-called "visionaries" of the computer industry chuckled at my protestations that the phrase cyber-terrorism is a product of individuals with a vested interest in promoting fear and such a term demonstrates a profound ignorance of what terrorism is all about and what the future of terrorism is believed to hold. The more sophisticated view of national cyber security, however, accepts the possibility of a large-scale, surprise cyber hiccup or limited infrastructure attack (that, yes, may have a ripple effect on other sectors), but rejects the notion of planes falling out of the sky, nationwide train derailments or environmental disasters at the click of a mouse. Sophisticated observers also accept the threat of massive Internet-based bank fraud and the impact such incidents could have on the stock market. But they reject the notion that terrorists have all of a sudden come to value virtual bombs as opposed to the fear generated by images of bleeding children on the nightly news. Terrorism, as we in the U.S. have come to know it, is a form of violence that strikes fear in the hearts and minds of people because of its destructive power and its ability to wreak havoc and physical pain on unsuspecting, innocent people. Few people will ever forget the horrific scenes from Lockerbie, Scotland, where in 1988 a bomb ripped apart Pan Am Flight 103 in mid air, killing all 270 passengers. Likewise, the 1983 bombing of the U.S. Marine barracks in Beirut, Lebanon, that killed 241 Marines and Sailors, and more than 100 others, serves as a timeless reminder of what the destructive forces of terrorism are all about. The same can be said of the 1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma, which killed 168 and wounded more than 500. You would think with all of the talk about how much of a "surprise" Sept. 11 was (it was not) that our language surrounding so-called cyber-terrorism and information "warfare" would have evolved somewhat. The problem is that we have a large number of neophyte intelligence and warfare experts in the computer industry perpetuating the use of this misguided terminology. Its use does not advance our understanding of terrorism or warfare for that matter. It dilutes our understanding of the terrorist's intent -- intent is a concept that novices in intelligence and warfare do not readily grasp. Nor do they grasp the importance of building a capabilities matrix based on intent and intelligence requirements to conduct something like a cyber "terrorist" attack. What we are stuck with, however, is terminology that has been perpetuated by individuals with a vested interest in promoting fear -- and that goes for both the government and industry. I'll end with this interesting observation on the problem: I just finished reading a book on Information warfare by an industry type who has no formal training in any aspect of warfare, intelligence or the like. Although the book attempted to take the military concept of IW and apply it to private industry, how can anybody pretend to do that without a serious understanding of the first part of that equation? There's our problem. Dan Verton InfoSec News on 11/30/2001 07:14:50 AM Please respond to InfoSec News To: isn () attrition org cc: (bcc: Dan Verton/Computerworld) Subject: RE: [ISN] Cyber terrorism is 'fantasy' Forwarded from: Junkmail Rosenberger I reject Knowles' argument out-of-hand. He misses the point when he asserts "[who] would have thought that someone would have hijacked commercial jetliners and used them as cruise missiles." The simple fact is that terrorists *always* had the ability to turn planes into cruise missiles; their effectiveness as flying bombs merely grew in proportion to their fuel payload. On the other hand, Cluley & I & others insist no one [yet] has the ability to destroy America with a computer virus (read http://Vmyths.com/rant.cfm?id=410&page=4 for starters). We can therefore sum up Knowles' misguided argument as follows: --> "commercial aircraft as bomb" is VERY feasible but NOT likely; --> "computer virus as bomb" is NOT feasible but VERY likely. Knowles & others (e.g. Michael Vatis, Richard Clarke) could validate their cyber-terrorism arguments with just one -- I repeat, ONE -- technologically feasible idea for destroying America with a computer virus. Rob Rosenberger, Vmyths editor Truth about computer virus hysteria http://Vmyths.com [WK Note: One problem I have is occasionally I don't make myself clear in my commentary on ISN, this can be attributed to lack of sleep, lack of RedBull in the fridge, and the thought of business travel. There are others, but I'd have to sleep on that.


News URL

http://www.cnn.com/2000/TECH/computing/07/03/real.cyberterror.idg/index.html