March 21, 2003 4:00 AM PST
Perspective: Cyberterror and professional paranoiacsSee all Perspectives
Now wait for the hype about "cyberwar" and "cyberterrorism" to follow.
The first onslaught came this week when Homeland Security Secretary Tom Ridge said he was ratcheting up to an Orange Alert to coincide with the U.S. invasion. Ridge said his department would "monitor the Internet for signs of a potential terrorist attack, cyberterrorism, hacking, and state-sponsored information warfare."
Then, during an appearance on Thursday to ask a House panel for a fatter 2004 budget, Ridge claimed that cyberterrorists were just as dangerous as physical ones.
"We will not distinguish between physical and cyber in this new unit," Ridge said. "We will pay as much attention to the Internet as we do physical."
What is this guy thinking?
Last I checked, it was physical terrorists who bombed the Marine barracks in Lebanon, who attacked the U.S.S. Cole, who took out the Oklahoma City federal building, and who suicide-bombed the World Trade Center and the Pentagon.
Wily-fingered hackers had nothing to do with it.
Until recently, Ridge has seemed basically levelheaded about the real dangers of cyberterrorism. Someone who's close to Ridge told me that the secretary simply doesn't care that much about the topic, which would explain his silence.
But now that agency budgets are up for review, Ridge seems to be treading the same alarmist path as did his former cybersecurity deputy, Richard Clarke, who quit in January.
Clarke was a professional paranoiac, a modern-day Chicken Little blinkered by a career spent in the cloistered intelligence community. It didn't help that Clarke's résumé featured such harrowing tasks as planning for the "continuity of government" after a nuclear strike on Washington--a job where no precaution is too extreme. Soon after President Clinton appointed him to a "national coordinator" post in 1998, Clarke became infamous for darkling warnings about the specter of a "digital Pearl Harbor" that would snarl computers and roil the world's economy.
Last I checked, it was physical terrorists who suicide-bombed the World Trade Center. Wily-fingered hackers had nothing to do with it.
Clarke's penchant for the dramatic, which I witnessed firsthand when I spent an hour interviewing him in December 2001, extended to a farewell statement he circulated in January. It warned of the dangers of the SQL Slammer worm, which infected servers running Microsoft software.
In that statement, Clarke claimed that Slammer "disabled some root servers, the heart of Internet traffic." Not true. A report from the RIPE Network Coordination Center--one of the Internet's four regional registries--said that at most the worm slowed connectivity to two of the 13 root servers and did not disable any of them. "This did not cause any degradation in (domain name system) service," RIPE concluded.
Clarke also claimed that "a national election/referendum in Canada was canceled" due to computer mischief. At best, that was a reckless exaggeration. What actually happened is that Canada's New Democratic Party held a leadership convention and found their Internet voting to be sluggish. CBC reported that voting was completed just 45 minutes behind schedule.
It's not just Clarke and Ridge. Exaggeration is easy when you're a bureaucrat hoping to make yourself seem more important and thereby
Have digital myths diverted
attention from true threats?
It's important to remember that, as CNET News.com reported in detail last year, it's always easier to bomb a target than hack a computer. Although it is possible for electronic intrusions to damage infrastructure and threaten physical danger, taking control of those systems from the outside is extremely difficult, requires a great deal of specialized knowledge and must overcome noncomputerized fail-safe measures.
Put another way, I've never heard of one death that could be attributed to "cyberterrorism." Not being able to check your e-mail for a day is an annoyance, not terrorism, as Counterpane's Bruce Schneier said last week.
On Thursday evening, President Bush said he would nominate Frank Libutti to be Ridge's undersecretary for "Information Analysis and Infrastructure Protection," a position that will have key Internet responsibilities. Libutti currently is deputy commissioner for counterterrorism at the New York City Police Department, and is also a retired lieutenant general in the U.S. Marine Corps.
The Internet community should work with Libutti to put the threat of cyberterrorism in perspective. We don't need any more government officials clamoring for intrusive new laws and claiming, against all common sense, that a "digital Pearl Harbor" is just around the corner.
Declan McCullagh is CNET News.com's chief political correspondent. He spent more than a decade in Washington, D.C., chronicling the busy intersection between technology and politics. Previously, he was the Washington bureau chief for Wired News, and a reporter for Time.com, Time magazine and HotWired. McCullagh has taught journalism at American University and been an adjunct professor at Case Western University.