At least 100 nation-states are investigating waging war by computer – so-called “cyberterrorism”, the United States believes.

That is the Central Intelligence Agency’s estimate of organisations “looking at or actively developing information warfare capabilities”, according to an American expert.

“It’s definitely an emerging threat,” said Matthew Devost, director of a private consulting firm whose clients include multinational corporations and government bodies in the US and Sweden.

“How many do we need to worry about – six? Twelve?

“What are the capabilities of number 100 on the list?

“A lot of questions haven’t been answered,” he said during an address at the US consulate in Sydney today.

Mr Devost said it was unlikely that terrorist groups like al-Qaeda would abandon what they knew and migrate their tactics to cyberterrorism.

But they could use cyberterrorism to magnify the impact of their activities, for example by eliminating emergency communications systems prior to a physical assault like the September 11 attacks.

He said cyberterrorists could also target critical infrastructure such as banking and finance systems, transport, water, electricity, gas and other power outlets.

There was no evidence yet to prove cyberterrorism had been used in such a way.

“But that doesn’t mean the threat isn’t real, or that infrastructures aren’t vulnerable, or that organisations aren’t seeking that capability,” he said.

“We have a window of opportunity where we can start being proactive.”

Mr Devost said United Nations inspectors in Baghdad could be looking in the wrong places if they were only searching for chemical, nuclear and biological weapons.

Information warfare could be waged using increasingly stealthy tools, he said, and the perpetrators need not be sophisticated.

A $7 billion attack on internet sites two years ago was launched by a “stupid” 16-year-old in Montreal who was “downloading tools he didn’t even know how to use”, according to Canadian police.