|
|
|
|
|
|
Is cyberterrorism a real threat or just a distraction from the day-to-day job of maintaining network security? "Our enemies will use our technology against us...the fact that they may be from a Third World country should not in any way suggest to us that they will not understand how to use our technology. They will see the places where we did not think we needed to build in security and they will take advantage of those seams." This extract from a speech made by Richard Clarke, former special advisor for Cyberspace Security to the US president, in the December following the events of September 11th, describes a scenario that probably seemed entirely plausible and inevitable to the audience of the Global Tech Summit given recent events. But two years on and despite the numerous terror attacks in Bali, Turkey and Iraq, the consensus among security experts is that there has never been a recorded act of cyberterrorism pre- or post-September 11th. Despite no precedence to support the idea of an "electronic Pearl Harbour", governments continue to warn and even legislate around the issue. Just last month Singapore beefed up its Computer Misuse Act, giving police and other security agencies sweeping powers to "foil cyberterrorists before they attack." The controversial Act, which has been criticised by opposition MPs as an "an instrument of oppression itself" allows for pre-emptive action. Anyone who hacks or defaces a Web site may be jailed for up to three years or fined up to $10,000. "Instead of a backpack of explosives, a terrorist can create just as much devastation by sending a carefully engineered packet of data into the computer systems which control the network for essential services, for example the power stations," said Ho Peng Kee, Singapore's senior minister of state for law and home affairs.
The UK approach There are numerous UK government departments with responsibility for responding to an act of cyberterrorism, including GCHQ, CESG, and the Cabinet Office. The main body charged with monitoring attacks against the critical national infrastructure, the network of essential services both private and publicly owned, is the National Infrastructure Security Co-ordination Centre (NISCC). According to a Home Office spokesperson, although there have been no known cyberterror attempts against the UK so far: "The NISCC has assessed that the threat of electronic attack is increasing. The threat of the sort of attack that could disable a critical service is low but less serious and damaging attacks that might deface a Web site or deny service from a Web site are more likely."
Cyberterror or just cybercrime? The report cited four case studies as evidence of the growing menace of cyberterrorism. The first example, although not a terrorist incident per se, followed the mid-air collision between a US spy plane and a Chinese fighter on 1 April, 2001. The reports author, Michael Vatis, a director at the institute, claims that as a direct result of the incident approximately 1,200 US sites, including the White House, the US Air Force, and the Department of Energy were subject to DDoS attacks or defaced by pro-Chinese images. "Chinese hacker groups, such as the Honker Union of China and the Chinese Red Guest Network Security Technology Alliance, organised a massive and sustained week-long campaign of cyberattacks against American targets," the report states.
|
| ||||
|
|
|
|
