Corporate and government computer users should not relax their guard just yet, with terrorist groups still suspected to be plotting cyber attacks a year after September 11.
Terrorism Research Centre director Mathew Devost warned complacent network operators who thought terrorist groups had abandoned attempts to hack critical infrastructure were leaving the door open to attack.
“It hasn’t happened yet, but that doesn’t mean there isn’t a risk,” he said. “It just means the variables haven’t aligned to ensure a successful operation.”
Mr Devost – whose company consults to a number of US corporate and government clients on physical and virtual counter-terrorist strategies – told a briefing at the US Consulate General in Sydney today that the September 11 attacks had made cyber terrorism more attractive to some groups.
Terrorist groups that previously used political violence in a “very calculated” way had traditional methods like extortion-related hijacking closed off thanks to the World Trade Centre and Pentagon attacks.
“For those groups seeking strategic influence, cyber terrorism may be attractive,” said Mr Devost.
But with no attacks observed – at least in the public arena – and little information available to corporates on the level of threat and the types of attacks possible, businesses in particular were reluctant to invest in security.
“Private infrastructure is subject to a classic risk assessment model, but most companies just don’t have a good awareness of the threat,” he said. “If you have no evidence (of a threat) then you won’t fund security.”