[1]What Happened to Cyber 9/11?:

[1]What Happened to Cyber 9/11?:

A [2]recent article in the Atlantic asks why we haven't seen a"cyber
9/11″ in the past fifteen or so years. (I, too, remember the
increasingly frantic and fearful warnings of a "cyber Peal Harbor,"
"cyber Katrina" - when that was a thing - or "cyber 9/11." I [3]made
[4]fun of those warnings back then.) The author's answer:

Three main barriers are likely preventing this. For one,
cyberattacks can lack the kind of drama and immediate physical
carnage that terrorists seek. Identifying the specific perpetrator
of a cyberattack can also be difficult, meaning terrorists might
have trouble reaping the propaganda benefits of clear attribution.
Finally, and most simply, it's possible that they just can't pull it
off.

[5]Commenting on the article, Rob Graham adds:

I think there are lots of warning from so-called "experts" who
aren't qualified to make such warnings, that the press errs on the
side of giving such warnings credibility instead of challenging
them.

I think mostly the reason why cyberterrorism doesn't happen is that
which motivates violent people is different than what which
motivates technical people, pulling apart the groups who would want
to commit cyberterrorism from those who can.

These are all good reasons, but I think both authors missed the most
important one: there simply aren't a lot of terrorists out there.
Let's ask the question more generally: why hasn't there been another
9/11 since 2001? I also remember dire predictions that large-scale
terrorism was the new normal, and that we would see 9/11-scale
attacks regularly. But since then, nothing. We could credit the
fantastic counterterrorism work of the US and other countries, but a
more reasonable explanation is that there are very few terrorists
and even fewer organized ones. Our fear of terrorism is [6]far
greater than the actual risk.

This isn't to say that cyberterrorism can never happen. Of course it
will, sooner or later. But I don't foresee it becoming a preferred
terrorism method anytime soon. Graham again:

In the end, if your goal is to cause major power blackouts, your
best bet is to bomb power lines and distribution centers, rather
than hack them.

Tags: [7]bombs, [8]cyberattack, [9]cyberterrorism, [10]fear,
[11]risk assessment, [12]terrorism

(Via [13]Schneier on Security)
Also on:

[14]Twitter
__________________________________________________________________

My original entry is here: [15]What Happened to Cyber 9/11?. It posted
Tue, 27 Nov 2018 20:44:11 +0000.
Filed under: business,

References

1. https://www.schneier.com/blog/archives/2018/11/what_happened_t.html
2. https://www.theatlantic.com/international/archive/2018/11/terrorist-cyberattack-midterm-elections/574504/
3. https://www.schneier.com/essays/archives/2010/07/threat_of_cyberwar_h.html
4. https://www.schneier.com/blog/archives/2012/10/stoking_cyber_f.html
5. https://blog.erratasec.com/2018/11/why-no-cyber-911-for-15-years.html
6. https://www.foreignaffairs.com/articles/2006-09-01/there-still-terrorist-threat-myth-omnipresent-enemy
7. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=bombs&__mode=tag&IncludeBlogs=2&limit=10&page=1
8. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=cyberattack&__mode=tag&IncludeBlogs=2&limit=10&page=1
9. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=cyberterrorism&__mode=tag&IncludeBlogs=2&limit=10&page=1
10. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=fear&__mode=tag&IncludeBlogs=2&limit=10&page=1
11. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=risk assessment&__mode=tag&IncludeBlogs=2&limit=10&page=1
12. https://www.schneier.com/cgi-bin/mt/mt-search.cgi?search=terrorism&__mode=tag&IncludeBlogs=2&limit=10&page=1
13. http://www.schneier.com/blog/atom.xml
14. https://twitter.com/prjorgensen/status/1067520510983135238
15. https://www.prjorgensen.com/?p=2357