Cyber Terrorism - is it a Serious Threat to Commercial Organizations?
by David Love - Head of Security Strategy, EMEA for Computer Associates - Tuesday, 1 April 2003.
Information Warfare, the generic title that includes Cyber terrorism covers a spectrum ranging from full scale attack by one state on another (to cripple the communications and computing capabilities of an adversary) to concerted action by a group of individuals to attack a particular Web site to express disapproval or to disrupt the smooth functioning of the target. The formation of the Nation State millenniums ago, saw the rise of standing armies the role of whom was to protect the state against attack. The ultimate goal of taking control of such a nation state entailed the destruction or elimination of the standing army that provided protection. This model has lasted over the centuries through all aspects of modern warfare until the late twentieth century. What has changed? Whilst the military have the responsibility for protecting their own resources, they have no such responsibility for the general assets of the state. Consequently an Information Warfare attack, of which Cyber terrorism is a manifestation, does not necessitate the defeat of the standing army as a precondition of the attack on the state. Such attacks by pass the military and can be directed on the State with no warning.

Whist most responsible Western governments have taken steps to protect their Critical National Infrastructure (the aspects of modern living essential to modern urban life including communications, utilities, transport, national and local government) typically some 85% of the ownership of such infrastructure is owned by the private sector and not by the State. Does this matter? Yes it does when expenditure is required over and above the perceived level to protect the shareholders investment to give a supra level of protection to the well being of the state. Does this matter? Yes, when the threat exists of such a group who’s interest is inimical to the State itself.

The £64,000 question then is does such a threat exist today. Whilst we have not yet seen any such manifestation, the effects of such an attack could at the least seriously inconvenience us and, at the worst, be catastrophic to our Western style of life. We must not make the mistake of over estimating the capability or intention of potential foes but, on the other hand, must recognize that al Qaeda has threatened attack by all means on the capitalist West; there is no doubt that they are sufficiently sophisticated as an organization to have the capability of mounting such an attack. In that Cyber terrorism is relatively easy and inexpensive to mount, we must of course expect that other organizations may also have such a capability.

How do we protect ourselves? As with any other aspect of IT security protection, the basis of adequate protection is a sound understanding of the value of the systems, the value of the data contained on such systems and an appreciation of the consequences of any such disruption. In the main, it is the organizations defined as part of the Critical National Infrastructure who are most risk but, whilst it may not affect the running of the state, the paralysis or destruction of the data for an individual company will give no joy to the owners or employees of even small scale enterprises. A good sophisticated and integrated protection strategy, especially one containing elements of artificial intelligence to spot previously unknown weapons, will adequately protect against cyber crime in all aspects, including Cyber terrorism.

Computer Associates are exhibiting at Infosecurity Europe, Europe's largest and most important information security event. Now in its 8th year, the show features Europe'smost comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003.

Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Nov 30th