Computer Crime Research Center

Experts try to salve business fears of cyberterrorism
(by Esteban Parra)

Cyber-attacks have long posed trouble to large companies, which increasingly depend on electronic data and the Internet to conduct business. But small and mid-sized businesses are beginning to ask for more help in protecting themselves.

``A lot of people are asking about this,'' said Brendon Carew, an account manager for InterActive Network Systems Inc., an electronic-business consulting firm in Blackwood, N.J. ``There are a lot of hackers out there that people don't consider terrorists, but they are ... because their whole goal is to disrupt lives.''

Terrorist attacks in 2001, coupled with continued threats to the Internet, have led some experts to worry that attacks on corporate computer systems could cause serious disruption to the economy on a local, regional and national scale.

Sheikh Omar Bakri Muhammad, a London-based Islamic cleric with ties to Osama bin Laden, told Computerworld magazine in November that al-Qaida and other radical Muslim groups are actively planning to use the Internet as a weapon against the West.

Reported attacks on Internet networks have increased by 3,337 percent during the last five years, according to one survey, while another found that computer crimes cost companies an average of $14 million each last year.

Some experts insist such incidents are not terrorism, just annoyances from hackers that inconvenience businesses and the public. Others say such infiltrations, including breaching a credit card issuer's customer records, can be considered terrorism because the incidents disrupt lives and can cause fear and economic chaos.

Either way, cyber-attacks have resulted in a greater awareness of the importance of detecting and protecting against attacks.

``If anything, it's better than Sept. 11 (2001) from a risk standpoint. Sept. 11 created the general awareness of vulnerability,'' said Jim Maher, chief technology officer at Info Systems Inc., an Internet and computer-network consulting firm near Newport, Del. Just how real cyberterrorism is depends on whom you ask.

Bruce Schneier, chief technology officer of Counterpane Internet Security Inc. in Cupertino, Calif., said he equates cyberterrorism with people using computers to kill people -- and that's not happening. ``You can't kill people with a computer -- yet,'' he said. ``Disrupting business is not terrorism, it's like spray-painting the building. That causes annoyance, not terror.''

The possibility exists for terrorists to break into computer networks and reroute airplanes to fly into each other; cause dams to release massive amounts of water, flooding communities; or cause a meltdown at a nuclear power plant, Schneier said. But those threats likely are years away, he said.

``Cyberterrorism is a very real concept,'' said Dan Verton, senior writer at Computerworld. ``What is not real is the doomsday scenario that most experts attach to the term. In cyberterrorism, the target is the economy, not the individual.''

The public is more likely to witness cyberterrorist activity on a regional scale than on a national scale, Verton said. Regional disruptions to infrastructure are much easier to conduct successfully and might have a sufficient ripple effect throughout other infrastructures to cause a national-level emergency.

A series of successful attacks against critical nodes in the electric power industry, for example, could cause prolonged power failures that would keep businesses off-line, he said. Successful attacks against particular banks or financial-services companies could result in widespread fear and doubt about the security of the nation's financial institutions. According to a February study by the University of Texas at Dallas, a compromised company tends to lose approximately 2.1 percent of its market value within two days after disclosing an Internet security breach.

``All of these goals are in line with bin Laden's stated strategic goal of targeting the economic pillars of the U.S. to force a military withdrawal from Saudi Arabia,'' said Verton, who interviewed Bakri in November.

By contrast, the market value of security developers tends to increase about 1.36 percent, according to the survey.

According to the 2002 Computer Crime and Security Survey, 90 percent of respondents -- mostly large companies and government agencies -- experienced computer security breaches last year. And about 80 percent of respondents acknowledged financial losses because of those breaches, according to the survey by the Computer Security Institute and the FBI.

Copyright 2002 Gannett News Service. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright Computer Crime Research Center 2001, 2002 All Rights Reserved.
Contact the CCRC Office at +38 0612 220-12-83

Rambler's Top100 Rambler's Top100