Cyberterrorism Concerns IT Pros

Threats of terrorism concern IT professionals, and almost half of those surveyed indicated that a major cyber attack on the U.S. government could be imminent.

Anxieties regarding possible assaults are legitimate. Speaking before the Senate Select Committee on Intelligence, Dale L. Watson, Executive Assistant Director, Counterterrorism and Counterintelligence, Federal Bureau of Investigation (FBI) discussed the emerging threat of “cyberterrorism,” which he defined as “…the use of cyber tools to shut down critical national infrastructures (such as energy, transportation, or government operations) for the purpose of coercing or intimidating a government or civilian population.”

However, renewed awareness of the potential for destructive cyber attacks has led to increased efforts by federal agencies, such as the partnership between the The National Infrastructure Protection Center (NIPC) and the National Association of State Chief Information Officers (NASCIO) to form an Interstate Information Sharing and Analysis Center (ISAC). The alliance was formed to disseminate intelligence quickly, preventing unauthorized, and destructive, infiltrations.

Despite stepped up security measures, an Ipsos Public Affairs survey of 395 IT professionals, conducted on behalf of the Business Software Alliance during June 2002, revealed a lack of confidence about the government’s ability to defend itself against a cyber attack, and concerns have increased since 9/11.

While 49 percent feel an attack is likely, 55 percent say the risk of a major cyber attack on the U.S. has increased since 9/11. The figure jumps to 59 percent among the IT pros that are responsible for their company’s computer and Internet security.

Almost three-quarters (72 percent) say there is a gap between the threat of a major cyber attack and the government’s ability to defend against it, with the figure increasing to 84 percent among the IT pros that are most knowledgeable about security.

Furthermore, 86 percent say the U.S. government should devote more time and resources to defending against cyber attacks than it did to addressing Y2K issues, and 96 percent stress the importance of securing sensitive information so hackers will not be able to access it even if they break into government’s computer system.

IT professionals are not only concerned about attacks on the government, but other likely targets as well. Almost three-quarters (74 percent) believe that national financial institutions, such as Wall Street or big national banks, will be likely targets within the next year; more than two-thirds (67 percent) believe an attack on communications systems, such as telephones and the Internet, is likely; 67 percent think that transportation infrastructure, such as air traffic control computer systems, could be targeted; and 64 percent are concerned that utilities, such as water stations, dams or power plant computer systems, will come under cyber attack in the next year.

“Our survey and these news reports support what we have been saying for months: That there is an urgent need to accelerate efforts to ensure that sound cyber security technologies are a major part of the homeland security focus,” said Robert Holleyman, President and CEO of BSA.

Security data gathered by Riptech from 400 companies in over 30 countries found that Internet attacks grew at an annualized rate of 64 percent worldwide during the first half of 2002, with Iran, Pakistan, Egypt, Kuwait, and Indonesia accounting for the most cyber attack activity among U.S. designated terrorist states.

Substantiating the concerns of the IT professionals surveyed by Ipsos, Riptech found that 70 percent of power and energy companies suffered a severe attack, as opposed to 57 percent in the prior six-month period. However, assuaging some of the fears about attacks on the U.S. government are Riptech’s findings that public companies were twice as likely to experience at least one severe attack and twice as likely to suffer a highly aggressive attack than private, nonprofit, and government entities combined.