Is cyberterrorism a phantom menace?
Gartner's information security and risk research director dismisses cyberterrorism as a "theory."
The comments came during a media roundtable session at the Gartner Symposium and IT Expo, which began today in Sydney, Australia. The director, Rich Mogull, told journalists that despite the incidence of high-profile digital attacks, cyberterrorism is a phenomenon that has never occurred.
"The goal of terrorism is to change society through the use of force or violence, resulting in fear," he explained. "I want to put this cyberterrorism thing to rest. It's a theory, it's not a fact."
 | ||||
| | | ||
| Special report  Have digital myths diverted attention from true threats? | | ||
| ||||
| ||||
Even though there were examples of attacks that have physical consequences--such as the case of Vitek Boden, sentenced to two years in prison for releasing up to 1 million liters of sewage into the river and coastal waters of the town of Maroochydore, in Queensland, Australia, in 2001--they could not be described as terrorist acts, Mogull explained. To a large extent, it comes down to motive, he said.
"If a directed cyberattack on, say, a power system that...resulted in the blackout of an entire nation or a large region and deaths because of that...that would constitute cyberterrorism, if they claimed they did this as a terrorist act," he said. "The motive will define what's terrorism and what's not."
Mogull said the argument is largely academic--it doesn't matter who's attacking an organization. It should be doing the best it can to protect itself in the first place, whether attacks are coming from criminals or "cyberterrorists."
"Let's stop running around being scared about these esoteric threats out there. Let's look at protecting ourselves by closing the vulnerabilities we know exist and protecting ourselves from the attacks that we know exist," he said.
Patrick Gray of ZDNet Australia reported from Sydney.