• On MovieTome: Megan Fox on TRANSFORMERS 2!

November 23, 2005 7:41 AM PST

Cyberterror 'overhyped,' security guru says

Fears of cyberterror could actually hurt IT security, a threats expert asserts.

Bruce Schneier, who has written several books on security and is the founder of Counterpane Internet Security, told ZDNet UK that officials claiming terrorists pose a serious danger to computer networks are guilty of directing attention away from the threat faced from criminals.

"I think that the terrorist threat is overhyped, and the criminal threat is underhyped," Schneier said Tuesday. "I hear people talk about the risks to critical infrastructure from cyberterrorism, but the risks come primarily from criminals. It's just criminals at the moment aren't as 'sexy' as terrorists."

Schneier was speaking after the SANS Institute released its latest security report at an event in London. During this event, Roger Cummings, director of the U.K. National Infrastructure Security Coordination Center, said that foreign governments are the primary threat to the U.K.'s critical infrastructure.

"Foreign states are probing the (critical infrastructure) for information," Cummings said. The U.K.'s (critical infrastructure) is made up of financial institutions; key transport, telecom and energy networks; and government organizations.

Schneier, though, is concerned that governments are focusing too much on cyberterrorism, which is diverting badly needed resources from fighting cybercrime.

"We should not ignore criminals, and I think we're underspending on crime. If you look at ID theft and extortion--it still goes on. Criminals are after money," Schneier said.

Cummings also said that hackers are already being employed by both organized criminals and government bodies, in what he termed the "malicious marketplace."

Schneier agrees this is an issue.

"There is definitely a marketplace for vulnerabilities, exploits and old computers. It's a bad development, but there are definitely conduits between hackers and criminals," Schneier said.

Click here to read the full interview with Schneier.

Tom Espiner of ZDNet UK reported from London.

See more CNET content tagged:
criminal, cyberterrorism, terrorist, infrastructure, computer network

Add a Comment (Log in or register) 3 comments
Cyber terrorism is real
by n3td3v November 23, 2005 11:21 AM PST
I guess these guys would have said the same before 9/11 happened. Cyber terrorism is real and its only a matter of time.
Reply to this comment
Easy does it Bruce....
by Inetsec November 23, 2005 12:22 PM PST
Although I'd agree that cyber terrorism is somewhat over hyped I'd be extremely careful not to put your considerable weight behind turning all the attention to ID theft and cyber crime (opinion wise - physically you are somewhat skinny).

You have quite a few ears out there listening to what you have to say and I think you and I both know that as far as ID theft is concerned, ID theft is mainly related to dumpster diving and mailbox pillaging. There is not anything cyber related - other than maybe purchases made under an assumed identity. That is not a cyber related issue; it's an education / physical security issue.

The "old computer" issue and the rest of the interview also has me in somewhat in a snit. I agree to a point that old computers and the future degradation of rights is an issue, but come on Bruce. Were you in a bad mood the day of the interview?

Most of the "latest / greatest" ID compromises were accomplished via "recently deployed" systems (NT4 and above ? and yes there were other OS?s involved) that were just not kept up to date with current patches or had bad custom programs written by the violated company installed on them. That IS NOT an issue for Government spending. That is an issue for the violated companies to address.

One thing that I would hope that you and I could agree on is that "better, faster, cheaper" never works. Pick two, but trying to do all three spells disaster.
Reply to this comment View reply
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from CNET News sponsors
You Need The Speed of Norton 2009
Introducing Norton Internet Security™2009

Click Here!
With one-click, one-minute install, under 8MB of memory usage and fewer, shorter scans, it's the fastest security suite anywhere. Norton. Smart Security, Engineered for Speed. Get a FREE trial today!

Click Here!
The Fastest Security Suite Anywhere

Experience the revolutionary Norton Internet Security™ 2009. With Norton™ Insight, a new feature, you get precision security that targets only at risk files for fewer, faster, shorter scans

Win a Trip to Space!*

Enter the Blast Off with Norton Sweepstakes for your shot at a trip to space. You could experience being fast and weightless, just like the new Norton 2009. *No purchase necessary; click for full details.

FREE Trial!

Act now to get your FREE trial of Norton Internet Security 2009. Try it for the protection. Love it for the speed

Norton Safe Web NEW!

A community-based system that rates web site safety

Norton Labs NEW!

Users can download new security technologies and share input directly with developers. Help us shape our future products!

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

advertisement

Inside CNET News

Scroll Left Scroll Right