A research paper released last month by the Center for Strategic & International Studies (CSIS), a Washington-based think tank, argues that computer networks and critical infrastructures are distinct entities and that the threat from cyberterrorism is far less serious than the government and the media contend.
"The assumption of vulnerability is wrong," argues James A. Lewis, a CSIS analyst and author of "Assessing the Risks of Cyber Terrorism, Cyber War and Other Cyber Threats."
"While many computer networks remain very vulnerable to attack, few critical infrastructures are equally vulnerable," according to Lewis. "Computer network vulnerabilities are an increasingly serious business problem, but their threat to national security is overstated."
But Lewis offers few examples and technical details to support his claims, which stand in stark contrast to much of the new thinking by high-level national security experts on the issue of critical infrastructure protection and cybersecurity.
In a recent interview with Computerworld, for example, Brenton Greene, deputy director of the National Communications System, an executive-branch agency responsible for maintaining and restoring communications during times of national crisis, said the physical and cyber aspects of critical-infrastructure protection can't be separated. Major physical events will have digital ramifications and vice versa, said Greene.
That's also the conclusion of the recently released annual report of the Advisory Panel to Assess Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, led by former Virginia Gov. James S. Gilmore (see story). "Cyberspace has been isolated and specialized, thus limiting its perceived relevance to day-to-day outcomes and even its relevance to what are viewed as clear and present homeland security threats," the commission stated.
In an interview, Gilmore said the commission's studies show that cyberterrorism is a clear and present danger to critical infrastructure.
"The information technology, Internet and computer world that we now live in is vulnerable, and it must be analyzed together with other physical parts of critical infrastructure in order to protect the nation," he said.