At Senate hearing, cyberterrorism fears on the rise

Computerworld - With every passing day and with every new network installed, the U.S. becomes more vulnerable to terrorist activity online, federal officials said this week.
Since Sept. 11, national security officials have redoubled their efforts to find ways to better protect the nation's telecommunications and electric power grids, financial institutions, oil, gas and water systems, and transportation and emergency services, all of which constitute what is known as critical infrastructure.
There's a "new urgency" in Washington to find ways to protect critical infrastructure from future attacks, said Sen. Joseph I. Lieberman (D-Conn.), chairman of the Senate Governmental Affairs Committee. At a hearing on information-sharing efforts between the government and the private sector, which owns and operates 90% of the nation's critical infrastructure, Lieberman characterized these private systems as "our nation's vital organs" and echoed concerns that if the nation doesn't act now, it could find itself trying to recover from another massive terrorist attack.
Sen. Robert Bennett (R-Utah) introduced a bill that would foster more information-sharing about cybervulnerabilities by exempting private-sector data from inadvertent disclosure under the Freedom of Information Act. He also said "the future battlefield is in private, not public hands." Bennett cited a quote attributed to terrorist leader Osama bin Laden instructing his followers to "concentrate on hitting the U.S. economy."
However, John Malcolm, head of the U.S. Justice Department's Criminal Division, took the cyberterrorism threat a step further, warning lawmakers about the potential links between physical attacks and those in cyberspace. "A vulnerability in the [Federal Aviation Administration] control system could allow a hacker to crash an airplane," said Malcom. "That example is not entirely hypothetical."
Meanwhile, no mention was made during the hearing of that opinion of some prominent terrorism experts who fear that the U.S. may be wasting vital resources by focusing too heavily on a threat that isn't imminent.
For example, Eric Shaw, a former CIA profiler and a clinical psychologist who now works as a cybercrime specialist at New York-based Stroz Associates LLC, fears that the government's electronic "Pearl Harbor" rhetoric is generated by outdated approaches to threat assessment and by political goals.
"When threat assessment is based on all possible scenarios or mirror-imaging [what one party would or could do if roles were reversed] the threat is often misconstrued or exaggerated," said Shaw. "Considering all possible threats is a nice, creative process, but there is little evidence to suggest its practical benefit, other than funding of security-related projects that may not be needed."
In addition, Vince Cannistraro, the former chief of counterintelligence at the CIA, in recent interviews with Computerworld has acknowledged that there is little evidence to suggest that terrorists value the outcome of cyberattacks. "They're not bloody," said Cannistraro.