• silicon.com
• Technology
• Security

By silicon.com, 22 March 2005 11:00

A former chair of the Metropolitan Police Authority yesterday issued a warning about a potentially crippling cyber-terror attack on the UK.

Lord Toby Harris of Haringey pointed the finger of blame at the Middle East, citing terrorist groups who could turn to the internet to launch devastating attacks on our society and reduce the UK to disorder and chaos at the push of a button.

It all sounds fairly familiar and, as is often the case, the details were pretty sketchy.

It's a worst case scenario which owes a great deal to the uninformed hype peddled on this particular subject by a number of sources - and discredited by most others.

A number of security experts have previously expressed concerns about politicians buying into hype about a 'digital doomsday' and the words of Labour peer Harris certainly suggest those fears were well-founded.

Harris told a conference in London: "The threat could come from teenage hackers with no more motivation than proving that it could be done but even more seriously it could come from cyber-terrorists intent on bringing about the downfall of our society."

Unlike others who prophesise 'digital Armageddon' on a fairly regular basis, Harris has put a name to the tabloid courting tag of 'cyber-terrorist'. And he picked the most tabloid friendly figure for such scaremongering - that of Osama bin Laden - to point the finger at.

Harris added: "An organised attack would be many times more dangerous. I am not alone in these fears. General John Gordon, the White House's homeland security adviser, has said he believes Osama bin Laden plans to use the internet to cause serious damage to the economies of the west."

Must be true, because the US has never put a foot wrong in the past as far its Osama-based intelligence is concerned.

Phrases such as "many times more dangerous" which are easy to say but impossible to responsibly quantify should also cause alarm.

This writer is put in mind of the famous Donald Rumsfeld quote: "We know there are known knowns: there are things we know we know. We also know there are known unknowns: that is to say we know there are things we know we don't know. But there are also unknown unknowns - the ones we don't know we don't know."

These attacks may or may not be a virus. They may or may not be a denial of service attack. Or they may or may not be something much, much worse - to paraphrase the lack of genuine intelligence surrounding this issue.

Which introduces the next point. There is no credible research to suggest a threat from a terrorist will be any worse than that posed currently by organised criminals and dealt with on a daily basis. Despite this, senior figures - or rather their advisers - allow themselves to believe there is some uber-attack method out there hitherto unimagined by experts in the field.

The effect of course is that it irresponsibly whips up fear and hysteria around a non-issue. What it doesn't do is move us any closer to understanding the nature of real IT security threats.

Harris is so busy warning everybody to watch out for a Yeti attack they'll miss the snake that really bites them on the ankle.