Re: Cyber terrorism not real: Gartner

[InfoSec News <isn () c4i org>]

Forwarded from: emerson <et () c4i org>

One major problem I see with cyber terrorism, is that it is very hard to 
distinguish a cyber anything strike, from an accident or service outage.

In order to be effective, any terror strike has to cause immediate
fear (it's not called terror(ism) for nothing). While you may be able
to turn out the lights, make the banking system shutdown for a day,
make peoples phones go funny and so on, it's not in the same immediate
scare league, as say, a two thousand pound ANFO truck bomb in the
middle of a crowded shopping district.

even Air traffic control periodically goes wrong, and although the
reaction to two planes crashing into each other will be bad, it's not
as bad as using anti-aircraft missiles to blow up a few airliners over
crowded metropolitan districts.

The aim to make people feel that they and the system are powerless.
You can change things like Air Traffic Control to make aircrew less
reliant on it, things can be done about network based attacks. However
versus the truck bomb, the suicide bomb, the missile and the fanatic
with a sniper rifle, the perception is that the state and the
individual is powerless to stop them, and that is what really inspires
fear. The problem is one of how people view risk and the way the media
informs our ability to judge the risks we face everyday.

Terrorists are not ingnorant of this, and go for maximum exposure to
ensure the perception of their abilities is much stronger than their
often puny real strength.

The thing about network based attacks is that they can make a bad
thing worse. Take out 911, then do any of the above in order to
inspire panic.  Take out electricity, then detonate bombs all over the
place and then watch people panic in the dark. If you time it right
and in the right place you can cause many many more casualties (see
bali for a tragic example).

Emerson

InfoSec News wrote:

> Forwarded from: GertJan Hagenaars <isn () hagenaars com>
>
> Apparently, InfoSec News wrote:
> % Forwarded from: Fredrich P. Maney <maney () maney org>
> % 
> % InfoSec News wrote:
> % 
> % > http://www.zdnet.com.au/newstech/security/story/0,2000048600,20280859,00.htm
> % > 
> % > The director, Rich Mogull, told journalists 
> % > 
> % > "The goal of terrorism is to change society through the use of force 
> % > or violence, resulting in fear," he explained.
> % 
> % That's just bunk.
> % 
> % The goal of terrorism is to bring attention to their cause, thereby
> % causing some people to change their own personal beliefs and
> % convictions to those of the terrorists and to eventually bring about
> % societal change because of that shift in mores.
>
> You are largely correct.


-- 
"For every complex problem there is an answer that is clear, simple, and 
wrong." ~ H.L. Mencken
Freelance Thinker:
Emerson Tan mICDDS, mRUSI
et () c4i org
PGP Key Fingerprint: 71E9 0C2A CD8F 44AC 4CA5  BB3D 09D4 0B6E 2734 DC72
Key available on request or from http://pgp.mit.edu or your favourite 
PGP keyserver.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.