Cyber Terrorism is a hot topic in the popular press and on general Computer industry web sites. Unfortunately, the ‘hype’ surrounding the topic is actually doing a disservice to the application of sensible security defences in the commercial and industrial sectors. Not many years ago, the preferred method of selling IT Security was to exaggerate the threat and thus the risk to systems without the more professional rigour of making a business case for the application of security to the specific business requirement. Selling by ‘Fear’ never did work well. From the less sophisticated sectors of the industry, the same discredited method of selling Cyber terrorism protection is now in evidence. However, decision making in corporate protection is now moving from the IT Department to the Boardroom and, in general, Directors will not authorize expenditure on protection without the presence of a sound business proposal.

Similarly, there are several analyst companies who are forwarding ’evidence’ to the general IT industry of large scale intrusions, the explosion of cyber crime, cyber espionage and cyber terrorism without any real evidence to support their wilder prognostications. Unfortunately, the general current climate of fear is leading to an atmosphere where credibility is assigned to these unsubstantiated reports. From the particular analysts perspective, this wide scale reporting and subsequent television appearances serve only to increase their revenue from an industrial and commercial audience that is normally not so unusually gullible. There has never been a time when one should exercise more caution on unsubstantiated intelligence - reading it on the Web does not make it fact!


What is the problem then with the current statistics that show precise exponential rises in all aspects of cyber crime? It is because the components of the UK industry have no precise way of measuring the scale of attacks and, in the majority of cases, still no capability to determine that an attack has taken place that such reports have to be viewed with real scepticism. Using such statistics to extrapolate future trends in threat is intellectually unsustainable.