The World Hasn't Changed. We Have
Bruce Schneier-Author of Secrets & Lies: Digital Security in a Networked World, founder and CTO, Counterpane Internet Security.
People think everything has changed. Is air travel more dangerous than it was a month ago? No. Are there more terrorists? Actually, there are fewer terrorists. Is the world more dangerous? No. Is jet fuel somehow more lethal? No. [The US] is very much a bright-shiny-object sort of culture. We'll talk about whatever the bright shiny object is, and if the bright shiny object changes next month we'll talk about that. Right now, security is important. But will anything change? Who knows? Ask me in six months.
Wake-up calls are dime a dozen. Why wasn't the Code Red worm a wake-up call? Why weren't the denial-of-service attacks on sites like Yahoo and eBay in February 2000 a wake-up call? So here we are. We've got the largest loss of life in [the US] , and now this is a wake-up call. Is it really? You've got to hope so. We need something that will convince people that security is important. This might be it.
If, indeed, this physical attack changed people's perception of electronic security, then this talk about an electronic Pearl Harbour, a massive, high-profile cybersecurity breach, was wrong. It took a real-world attack to convince companies that there was a cyber risk. I would not have expected that. The question is: Is it permanent or just the thing I'm worried about today? I'd like to think it's permanent, because the threats are real.
Cyberterrorism is something that can be done. It takes a lot of expertise, but you can be safely at home in your own country and launch your attacks. You don't need a lot of logistical support. You do need expertise that your average terrorist doesn't have, even a terrorist who can fly a plane. I have a feeling cyberterrorism is going to happen, just like we see cyberorganised crime. You go where the money is; you go where the bang for your buck is. And as more of our critical systems go online, that'll be where terrorists launch their attacks. The Internet is really a target-rich environment, but most of the targets hackers select are dorky targets. So you knock down a CNN Web page, big deal. If you could knock down the power grid . . . But flying planes into buildings is a completely different league. If you're willing to do that, cyberterrorism is kid's stuff.
CIO staffers Simone Kaplan, Susannah Patton, Edward Prewitt, Megan Santosus, Sarah D Scalet and Ben Worthen interviewed the experts
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.