Cyberterrorism Fears Continue to Climb

With every passing day and with every new network installed, the U.S. becomes more vulnerable to terrorist activity online, federal officials said this week.

Since September 11, national security officials have redoubled their efforts to find ways to better protect the nation's telecommunications and electric power grids, financial institutions, oil, gas and water systems, and transportation and emergency services, all of which constitute what is known as critical infrastructure.

There's a "new urgency" in Washington to find ways to protect critical infrastructure from future attacks, said Senator Joseph I. Lieberman (D-Conn.), chairman of the Senate Governmental Affairs Committee.

Need for Protection

At a hearing on information sharing efforts between the government and the private sector, which owns and operates 90 percent of the nation's critical infrastructure, Lieberman characterized these private systems as "our nation's vital organs" and echoed concerns that if the nation doesn't act now it could find itself trying to recover from another massive terrorist attack.

Senator Robert Bennett (R-Utah), who introduced a bill that would foster more information sharing about cybervulnerabilities by exempting private-sector data from inadvertent disclosure under the Freedom of Information Act, said "the future battlefield is in private, not public hands." Bennett cited a quote attributed to terrorist leader Osama bin Laden instructing his followers to "concentrate on hitting the U.S. economy."

However, John Malcolm, head of the U.S. Justice Department's Criminal Division, took the cyberterrorism threat a step further, warning lawmakers about the potential links between physical attacks and those in cyberspace. "A vulnerability in the FAA [Federal Aviation Administration] control system could allow a hacker to crash an airplane," said Malcolm. "That example is not entirely hypothetical."

Wasting Time and Money?

Meanwhile, no mention was made during the hearing of opinion by prominent terrorism experts who fear that the U.S. may be wasting vital resources by focusing too heavily on a threat that is not imminent.

For example, Eric Shaw, a former CIA profiler and a clinical psychologist who now works as a cybercrime specialist at New York-based Stroz & Associates, fears that the government's electronic "Pearl Harbor" rhetoric is generated by outdated approaches to threat assessment and political goals.

"When threat assessment is based on all possible scenarios or mirror-imaging [what we would or could do if we were them] the threat is often misconstrued or exaggerated," said Shaw. "Considering all possible threats is a nice, creative process but there is little evidence to suggest its practical benefit, other than funding of security-related projects that may not be needed."

In addition, Vince Cannistraro, the former chief of counterintelligence at the CIA, in recent interviews with Computerworld has acknowledged that there is little evidence to suggest that terrorists value the outcome of cyberattacks. "They're not bloody," said Cannistraro.