By John Lettice
Cyberterrorism hyping has reached new heights - according to a report in the Melbourne Herald Sun, at least. The Herald quotes expert Matthew Devost, speaking at a meeting at the US consulate there recently, as claiming the CIA believes at least 100 countries are investigating waging war by computer, or cyberterror.
Mr Devost is proprietor of terrorism.com, incidentally, which is something of a misnomer, as he's in the counter-terrorism game. Should any bona fide terrorist take him to the ICANN disputes panel we fear he'd be on difficult ground. But 100 countries? Could the CIA possibly believe this? Who are these countries?
"How many do we need to worry about - six? Twelve?," Devost is quoted as saying. "What are the capabilities of number 100 on the list?" Disappointingly, it turns out that "a lot of questions haven't been answered." So we've no idea what the point of saying 100 countries are working on it is, aside from trying to grab headlines.
The CIA itself, in the shape of its most excellent World Fact Book, reveals (as of July 1st 2001) that the top 100 countries by GDP per capita is headed by Luxembourg, with Gabon coming in at number 100. Per capita GDP is however clearly a hopeless yardstick to try to estimate cyberterror capability against. There are a lot of names in the top 100 (San Marino? Aruba?) that sound improbable proprietors of cyberwarefare development programmes, and some obvious suspects who are just to poor to make it. Yugoslavia, for example, is there way down at 160, and we seem to recall the locals nevertheless being pretty handy when it comes to the deployment of cyber weapons.
So GDP doesn't really work. How about Internet connections? One can of course wreak a deal of havoc with just one Internet connection, but the number of them in a country ought to provide some kind of measure of the potential raw expertise. This chart here isn't ordered, nor is it weighted by population, and the figures are a tad old. But there are somewhere in excess of 30 countries with more than a million people connected. Again, it's a very rough yardstick, and our friends in Yugoslavia are still nowhere near the cut. However, the more you look at the list, the less probable it seems that you can drag out 100 with even the capability for a stupid, futile and laughable stab at a cyberweapons development programme.
So maybe you just go anecdotal. Start with major, rich economies with developed IT businesses. Add other economies known to have expertise and/or strategic plans in that area (so India definitely qualifies on expertise, China on both). Cross out the ones who don't have serious armies (e.g. Andorra). Add in a couple of mad dictators. Add in those with money and known agendas. Add in anybody you don't like. Add anybody whose justice minister has pissed-off the White House recently. On our turn through the whole list on this basis, we come to a total of approximately 60, many of whom are barely credible and who would only be counted by the most paranoid and drug-addled CIA operative.
For example, we included the Vatican on the basis of money and known agenda, and Finland and Estonia on the basis of sheer cleverness (nothing personal people, we mean to flatter). We offer our services to the CIA should it wish to recruit a research capability willing to try to justify future ludicrous claims in exchange for money.
Mr Devost himself seems an intriguing cove. He is co-author of "Information terrorism - can you trust your toaster?", which won the 1996 Sun Tzu Art of War Research Award (disappointingly, we are unable to identify any other winners of this award, which in any event seems to be no more). This document includes the phrase "digital Pearl Harbor," which may be one of the first recorded uses of the expression. ®