SARS. The fluctuating economy. Frightening stuff. But cyberterrorism? It doesn't spook Michael Miora, the CEO and founder of ContingenZ Corp., a Playa del Rey, California-based incident management and planning firm. Miora has 25 years of experience in the security industry. A typical gig on his resume: offering expertise to the National Reconnaissance Office-a government agency that builds the nation's spy satellites. If anybody should know about cyberterrorism, Miora should. And he thinks the threat is way overblown.
Are you kidding? We've been hearing forever that cyberterrorism is a powder keg, just waiting to explode.
Michael Miora: While cyberterrorist attempts are possible, the effort required to bring them about is very high, while the yield is very low. It's much more likely we'll see a traditional terrorist attack. For the same effort, expertise, time and money, a terrorist can have a much bigger effect. If you bring down the New York Stock Exchange (NYSE) Web site, it might be down, what, 15, 30 minutes? You might make some headlines, but it probably won't even be on the front page that day. Everybody knows where they were on 9/11, but nobody is likely to ask where you were the day the NYSE Web site went down. And the probability that a cyberterrorist attack would target a small company is virtually nil.
But aren't there terrorists content to commit a series of smaller attacks over time?
Miora: Cyberterrorism requires technology, knowledge and funding, but most of all, it requires access. We know terrorists come in all stripes. They can get the funding. They can get equipment. But they have to do it from someplace that has a persistent [Internet] connection. Besides, attacking from a computer increases the odds of capture. Conducting cyberterrorism while eluding capture is very difficult.
So are you saying companies don't need to protect themselves against a cyberterrorist attack?
Miora: No, but the preparation should focus on real threats rather than fleeting headlines. A small firm needs to worry about regularly occurring cyber-attacks such as viruses and worms, and about hackers trying to gain access to information. The small company also needs to concern itself with attacks from the inside by disgruntled employees-present or former. Protection against these risks is possible even with a reasonably small budget.
Geoff Williams is a writer in Loveland, Ohio. He can be contacted at firstname.lastname@example.org.