#1:
Cyber terrorism: it does not exist. There are no – repeat, zero – documented incidents of cyber-terrorism. The idea that al-Qaeda will use virtual reality technology to train terrorists here in America (which I heard today) is simply ludicrous. Bin Laden didn’t even use e-mail! And anyone who’s tried streaming Hulu over a wireless connection will appreciate just how hard it is to use high-bandwidth apps even in a broadband environment.
via Info/Law, Cybersecurity Theory and Myths.
Cyber-security purveyors are certainly relying on an over-hyped threat model. That’s how you get funding. But doesn’t the Stuxnet worm suggest that there are other sorts of cyber-terrorism that might be practicable? And if Stuxnet was launched by a government, as some suspect, can we really say there’s never been any cyber-terrorism? Perhaps, because then it counts as an act of war by a nation-state, not terrorism as such.
Go read the rest — the other three top myths seem right on target.
I would disagree that the supply chain terrorism is so unlikely as to be a myth. We might argue whether “terrorism” is the proper word…
It’s already happened, though I can’t go into it (but if you’ve been paying attention over the last few years and understand it when you see it…). Like stuxnet it’s also a governmental thing, so perhaps gains its mythic status that way.
However, as a more interesting possibility, we allow all kinds of software and hardware gladly into our lives on a daily basis. We also don’t see particularly phased as a group when it’s disclosed that personal information of one type or another is being farmed from our phones, computers, social networking sites, etc. A few people stand up and shout, but by and large everyone else just wants to get back to their Angry Birds game. It is not at all inconceivable that someone, terrorist or otherwise, will find a way to exploit that in a way we can’t even guess at now. It’s fair to say it hasn’t really happened yet, but it’s NOT fair to say it’s a silly idea.
Actually, according to the accounts he DID use email. He just did it through a trusted intermediary, who’d carry his emails via thumb drive to a remote computer, and send them from there, and return with responses on the thumb drive.