Feeds

Cyber-terror drama skates on thin Black Ice

Essential bedtime reading for the paranoid

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Book Review Computerworld columnist Dan Verton has covered the security beat for several years. He has recently weighed in on the cyber-terror discussion with a book called Black Ice: The Invisible Threat of Cyber-Terrorism.

Verton gets off to a good start in his introduction, where he notes that physical attacks against high-value communications infrastructure are an important area of concern. He also suggests that the destructive effects of a physical terror attack could be intensified by a simultaneous attack against local communications infrastructure by hampering rescue efforts. At that point, I was anticipating a balanced discussion of the threats and risks associated with cyber terror, which is, after all, something that has never occurred.

Unfortunately, the book soon loses its balance and tips increasingly in the direction of paranoid speculation. This shift in tone culminates on page 96, where Verton claims that "we can safely discard the opinions of those who argue that cyber-terrorism ... is impossible." At that point I lost all sympathy for what the author was saying. It is indeed reasonable to question the plausibility of cyber-terrorism; and it's quite preposterous to "discard the opinions" of sceptics. There are some very smart and knowledgeable people who think cyber-terror is a myth.

Dire predictions

But discard them Verton does. His book is far more concerned with the wholesale retailing of dire predictions from paranoid bureaucrats like former cyber-security czar Richard Clarke and ex-Microserf Howard Schmidt than a realistic exploration of the dangers involved.

Indeed, wherever Verton writes about cyber-terror per se, it is always in the form of a fictional scenario. Because we've yet to experience cyber-terrorism, there's little one can say about it from a strictly factual point of view - certainly not enough to fill a book.

And this leads to another problem: the book spends a great deal of time talking about al-Qaeda and radical jihadists in general, showing us what creeps they are, as if we didn't already know, and speculating that if these creatures ever decided to blow up power stations and telephone infrastructure, or become elite hackers, we'd all be in serious trouble.

Hollow center

This general material takes up a great deal of the book, and forms is its hollow center. We can talk about terrorist possibilities until we're blue in the face, but at its core, terror is about sudden and violent death, not inconvenience. It's hard to imagine a terror outfit attacking power distribution infrastructure after seeing the complete lack of panic and mayhem in the wake of this Summer's blackout in the US and Canada. People were inconvenienced, all right; but they coped with it, the broken stuff got fixed, and no one was killed, traumatized, or horrified.

Terror doesn't come from having the lights go dim or the phones go dead or the ATM go haywire. Terror comes from hundreds or even thousands of people suddenly and violently murdered in an instant. This is what terrorists are after, not power outages. Unfortunately, the book emphasizes threats to infrastructure as if they were the primary worry, when, in fact, an infrastructure attack can only intensify a real terror attack. It is not one in itself.

Verton's sources are almost exclusively himself, and bureaucrats concerned with cyber-terror. There are no sceptical voices in the book, and not even an attempt at offering counter-arguments to a sceptical point of view. The book barely acknowledges that there are valid arguments questioning cyber-terror and its significance. And Verton's habit of using his own articles for reference gets suspicious after a while. There's certainly nothing wrong with a journalist pointing readers to his articles for additional information; but here, because there is so little hard evidence Verton can supply to substantiate his claims, the self-references take on a flavor of, "and you know it's true because I've said it before."

Opposing views

The book is highly speculative and fails to confront opposing views. We're told that we can "safely discard the opinions" of sceptics, but we're not told why. The book's argumentative force rests on the assertion that we should worry about cyber-terror because Richard Clarke, Howard Schmidt and Tom Ridge worry about it - and because security vendors reaching out for juicy gobbets of Homeland Security pork "worry" about it too.

Black Ice will appeal to readers who already believe that cyber-terror is a clear and present danger. Those who have yet to make up their minds will find a one-sided discourse, and would do well to follow it with a more balanced book such as Beyond Fear by Bruce Schneier before drawing any conclusions. Cyber-terror sceptics will not be persuaded by Verton's arguments, or his sources, and should probably avoid it. ®

Related Story

Security experts duped by Slammer 'jihad' rot

Security for virtualized datacentres

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.