Cyberterrorism is low risk
7 February 2008
Going through old Bruce Schneier essays, I came across one that downplays the danger of cyberterrorism:
The worry is that a terrorist would cause a problem more serious than a natural disaster, but this kind of thing is surprisingly hard to do. Worms and viruses have caused all sorts of network disruptions, but it happened by accident. In January 2003, the SQL Slammer worm disrupted 13,000 ATMs on the Bank of America’s network. But before it happened, you couldn’t have found a security expert who understood that those systems were dependent on that vulnerability. We simply don’t understand the interactions well enough to predict which kinds of attacks could cause catastrophic results, and terrorist organizations don’t have that sort of knowledge either — even if they tried to hire experts.
But Schneier says that worrying about cyberterrorism can have useful side-effects:
Luckily, the same countermeasures aimed at cyberterrorists will also prevent hackers and criminals. If organizations secure their computer networks for the wrong reasons, it will still be the right thing to do.
Read more about security