Truth About Computer Security Hysteria
A simple question with too many wrong answersRob Rosenberger, Vmyths co-founder
Sunday, 17 June 2001
SARAH GORDON (SYMANTEC) will give an interesting lecture on Monday at the NetSec 2001 conference. The title: " 'Cyber-terrorism' and the Real World." I'll see you there.
If you can't make it to Gordon's gig, you can always do what I do — order a tape. The Sound of Knowledge usually transcribes NetSec conferences, so give them a holler at (858) 483-4300. Tell 'em Vmyths.com sent you. (We won't earn any money from it. I just want you to moan our name over the telephone.)
I spoke to Gordon last week about her upcoming lecture. She'll ask a simple question: "what is cyber-terrorism?" Her audience may know a good answer, but the rest of the world doesn't. She'll go over "the varied definitions used by governments, [security] vendors, media, corporations, users, etc."
Gordon's slides will expose some stretches of the imagination. In California, for example, a cyber-terrorist who illegally uses a domain name may face a $250 fine. And a first-time cyber-terrorist faces a $5,000 fine and/or a year in jail in the Golden State if his computer virus causes no harm. The penalties worsen if your handiwork erases critical poet laureate data. Yes, you'll definitely fry in the electronic chair if you ever commit such a monstrosity.
"[Makes you] wonder how cyber-terrorism can cause no harm," Gordon noted. "Weird." Her cynicism will certainly show up on one slide: "California is sending a message that cyber-terrorism will not be tolerated." (You go girl.)
Gordon will show her audience we need to overcome the idiotic hype. I hope she asks my standard philosophical question: "if this is what you call 'cyber-terrorism,' what word will you cheapen when something worse comes along?" Cyber-holocaust? Cyber-genocide? Cyber-what?
What, indeed. We can't combat cyber-terrorism until we combat the hysteria surrounding it.