A sustained digital attack on critical U.S. infrastructure wouldn’t be easy to execute, but there are indications that some groups might be investing in the human resources such an attack would require, a consultant told Washington law enforcement and intelligence officials today.
"We really haven't seen an act of cyberterrorism," said Matthew G. Devost, president of the Terrorism Research Center of Burke, Va. "I don't know if we would recognize it if it happened. It’s more difficult to execute than you have been brought to believe."
But terrorist groups may be financing the education of computer science students to acquire the needed expertise, he said, because "we're starting to see an increase in sponsorships of degrees."
Devost spoke at a seminar sponsored by the Terrorism Research Center and the Washington Metro Transit Police. He said terrorist organizations have shown a willingness to spend years in target selection and preparation for major attacks.
Only now "are they in the process of capability acquisition" for cyberattacks, he said, and no students pursuing computer science degrees through sponsored scholarships have been tied to a particular organization.
Devost said his security consulting work has revealed an increase in insider attacks at companies by employees who appear to have sought their jobs specifically for that purpose, he said. So-called insider placement only becomes apparent when illegal or disruptive systems activity is noticed, Devost said, and a sleeper agent in a sensitive position probably could not be detected beforehand