Cyber terror – the “shark week” of defence rhetoric

by Toby Manhire / 07 January, 2013
The obsession with this spooky sounding phenomenon is wildly overblown, says analyst.
Eek. The information-security industry says a cyber-terrorist attack on the US is imminent.

From Ars Technica on Saturday:

A sampling of computer security professionals at the recent Information Systems Security Association conference found that a majority of them believe there will be a "major" cyber terrorism event within the next year. The survey, conducted by the network security and hardening vendor Ixia, found that of 105 attendees surveyed, 79 percent believe that there will be some sort of large-scale attack on the information technology powering some element of the US's infrastructure - and utilities and financial institutions were the most likely targets. Fifty-nine percent of the security professionals polled believed that the US government should be responsible for protecting citizens from cyber terrorism.


Certainly, there is no shortage of talk about such a threat. Peter W Singer has counted more than 31,000 articles about “cyber terrorism”. And “the number of people that who been hurt or killed by cyber terrorism”? Nil.

The category, writes the Brookings Institute Analyst in the US Armed Forces Journal late last year, is something of a “bogyeman”, having become a bit “like the Discovery Channel’s “Shark Week,” when we obsess about shark attacks despite the fact that you are roughly 15,000 times more likely to be hurt or killed in an accident involving a toilet”.

Cyber terrorism is defined by the FBI as a “premeditated, politically motivated attack against information, computer systems, computer programs and data which results in violence against non-combatant targets by subnational groups or clandestine agents.” And yet, writes Singer, “many discussions sweep all sorts of nonviolent online mischief into the ‘terror’ bin ...

Various reports lump together everything from Defense Secretary Leon Panetta’s recent statements that a terror group might launch a “digital Pearl Harbor” to Stuxnet-like sabotage (ahem, committed by state forces) to hacktivism, WikiLeaks and credit card fraud. As one congressional staffer put it, the way we use a term like cyber terrorism “has as much clarity as cybersecurity — that is, none at all.”

None of which is to say, Singer stresses, that terrorist groups aren’t keen to use cyberspace to enact violence. Nor is it of no concern whatsoever. But the evidence is clear:

So far, what terrorists have accomplished in the cyber realm doesn’t match our fears, their dreams or even what they have managed through traditional means.


Authorities would be better, he argues, to devote their attentions to “looking at how terror groups actually use the Internet, rather than fixating on nightmare scenarios, [so that] we can properly prioritize and focus our efforts”.

Singer elaborates:

While the cyber era allows terror groups to easily distribute the playbook of potential terrorist tactics, techniques and procedures, it also reveals to defenders which ones are popular and spreading. If individuals and groups can link up as never before, so too do intelligence analysts have unprecedented abilities to track them and map out social networks. This applies both to identifying would-be cyber terrorists designing malware as well as those still using the bombs and guns of the present world.


He concludes:

The advent of reliable post in the 1800s allowed the most dangerous terrorists of that time, anarchist groups, to correspond across state borders, recruiting and coordinating in a way previously not possible, and even to deploy a new weapon: letter bombs. But it also allowed police to read their letters and crack down on them. So, too, today with the digital post. When it comes to cyber terrorism versus the terrorist use of cyberspace, we must balance chasing the chimeras of our fevered imaginations with watching the information flows where the real action is taking place.


Singer’s argument echoes that made earlier last year in the journal Foreign Affairs by Micah Zenko and Michael A Cohen, in which they lay out “the chronic exaggeration of the threats facing the United States”.

From that piece:

Policymakers and pundits have been warning for more than a decade about an imminent “cyber–Pearl Harbor” or “cyber-9/11.” In June 2011, then Deputy Defense Secretary William Lynn said that “bits and bytes can be as threatening as bullets and bombs.” And in September 2011, Admiral Mike Mullen, then chairman of the Joint Chiefs of Staff, described cyberattacks as an “existential” threat that “actually can bring us to our knees.”


Although the potential vulnerability of private businesses and government agencies to cyberattacks has increased, the alleged threat of cyberwarfare crumbles under scrutiny. No cyberattack has resulted in the loss of a single US citizen’s life. Reports of “kinetic-like” cyberattacks, such as one on an Illinois water plant and a North Korean attack on US government servers, have proved baseless. Pentagon networks are attacked thousands of times a day by individuals and foreign intelligence agencies; so, too, are servers in the private sector. But the vast majority of these attacks fail wherever adequate safeguards have been put in place. Certainly, none is even vaguely comparable to Pearl Harbor or 9/11, and most can be offset by commonsense prevention and mitigation efforts.

MostReadArticlesCollectionWidget - Most Read - Used in articles
AdvertModule - Advert - M-Rec / Halfpage

Latest

First look: Poké Poké
Health Minister dismisses chocolate fundraiser ban
71842 2017-04-28 09:07:08Z Nutrition

Health Minister dismisses chocolate fundraiser ban…

by RNZ

Should schools be selling chocolate to raise funds? The Health Minister says it's ok, but nutrition experts disagree.

Read more
Film review: Denial
71718 2017-04-28 00:00:00Z Movies

Film review: Denial

by Peter Calder

The dramatisation of a Holocaust denier’s libel suit is both engrossing and moving.

Read more
Danish dramas versus Kiwi soaps
71634 2017-04-28 00:00:00Z Television

Danish dramas versus Kiwi soaps

by Jeremy Rose

A quarter of Denmark's population regularly watch Danish TV dramas, while the highest-rating Kiwi drama attracted an audience of just over 250,000.

Read more
A film fest, a stage classic and other highlights on Auckland's agenda
71779 2017-04-28 00:00:00Z What's on

A film fest, a stage classic and other highlights …

by India Hendrikse

What’s on in Auckland: Crystal Castles, a design and architecture film festival and lots of other excellent events to put in your diary

Read more
How do New Zealanders rank as philanthropists?
71583 2017-04-28 00:00:00Z Business

How do New Zealanders rank as philanthropists?

by Sally Blundell

Kiwis take little persuasion to give to a good cause, but the demands are ever-growing. How much money gets to where it’s really needed?

Read more
The fitness industry is on the eve of digital disruption
71733 2017-04-28 00:00:00Z Technology

The fitness industry is on the eve of digital disr…

by Peter Griffin

As technology changes the way we do business, the effects are extending from the office to most parts of our lives – including how we keep in shape.

Read more
Seeking out San Francisco's tasty gems