Cyberterror and professional paranoiacs

• Tags:
• Exaggerated Threat,
• Homeland Security,
• Cyberterrorism

Declan McCullagh, CNET News.com CNET News

Published: 24 Mar 2003 15:27 GMT

• 
• 
• 
• 
• 

To understand this bureaucratic mindset, consider that -- while at the US State Department in the mid-1980s -- Clarke concocted a zany plan to incite a coup against Moammar Gadhafi to punish the Libyan strongman for embracing terrorism. Clarke's suggestion: SR-71 spy planes would buzz Libya, creating sonic booms that would appear to herald an invasion, thus unnerving Gadhafi. Meanwhile, the US Navy would fake hostilities off the coast and the State Department would encourage "speculation about likely Gadhafi successors," according to a memo coauthored by Clarke. After news of the plan leaked, an embarrassed Reagan White House unceremoniously ditched it. The New York Times' William Safire dubbed the scheme "stupid and venal".

Clarke's penchant for the dramatic, which I witnessed firsthand when I spent an hour interviewing him in December 2001, extended to a farewell statement he circulated in January. It warned of the dangers of the SQL Slammer worm, which infected servers running Microsoft software.

In that statement, Clarke claimed that Slammer "disabled some root servers, the heart of Internet traffic." Not true. A report from the RIPE Network Coordination Center -- one of the Internet's four regional registries -- said that at most the worm slowed connectivity to two of the 13 root servers and did not disable any of them. "This did not cause any degradation in [domain name system] service," RIPE concluded.

Clarke also claimed that "a national election/referendum in Canada was cancelled" due to computer mischief. At best, that was a reckless exaggeration. What actually happened is that Canada's New Democratic Party held a leadership convention and found their Internet voting to be sluggish. CBC reported that voting was completed just 45 minutes behind schedule.

It's not just Clarke and Ridge. Exaggeration is easy when you're a bureaucrat hoping to make yourself seem more important and thereby fatten your paycheque at your next job, or when your funding is up for review, or when you want to lobby for new and probably unwise laws that would endanger privacy or impose additional costs on technology firms (one of Clarke's pet ideas).

It's important to remember that, as CNET News.com reported in detail last year, it's always easier to bomb a target than hack a computer. Although it is possible for electronic intrusions to damage infrastructure and threaten physical danger, taking control of those systems from the outside is extremely difficult, requires a great deal of specialised knowledge and must overcome noncomputerized fail-safe measures.

Put another way, I've never heard of one death that could be attributed to "cyberterrorism." Not being able to check your email for a day is an annoyance, not terrorism, as Counterpane's Bruce Schneier said last week.

On Thursday evening, President Bush said he would nominate Frank Libutti to be Ridge's undersecretary for "Information Analysis and Infrastructure Protection," a position that will have key Internet responsibilities. Libutti currently is deputy commissioner for counterterrorism at the New York City Police Department, and is also a retired lieutenant general in the US Marine Corps.

The Internet community should work with Libutti to put the threat of cyberterrorism in perspective. We don't need any more government officials clamouring for intrusive new laws and claiming, against all common sense, that a "digital Pearl Harbor" is just around the corner.

---

Go to section: Cyberterror and professional paranoiacs Page Two

• 
• 
• 
• 

• Share this article:
• Digg
• Slashdot
• Del.ici.ous
• Stumble
• Reddit