Security and Beer Roundtable

I was going to post this here originally, but posted it in GD thinking someone might be interested. Since that seems not to be the case, I thought I'd offer it here as well.

http://www.watchguard.com/RSS/showarticle.aspx?pack=RSS.RTcyberterr

The link is to a portion of a transcript of a roundtable discussion of the potential threat posed by so-called cyberterrorists. It is quite interesting for reasons that should be clear, so I'll just post the introduction that provides the context and let you decide for youselves what you think.

Roundtable: Is the Cyberterror Threat Credible?

From a session hosted by WatchGuard's LiveSecurity writers

Normally, we keep all WatchGuard Wire articles short. This article is different. It proved so popular with LiveSecurity Service subscribers last month, we decided to share it with Wire readers, too.

Over our years in security, we've noticed that the top security thinkers treat security not as their job, but as their lifestyle. The best researchers seem to think about IT security constantly. We've also noticed that they express their most provocative opinions and intriguing insights not when pitching a product by day, but when swapping stories over a beer at night.

We wanted to see what would happen if we tried to capture those "stories over beer" insights for our readers. At Black Hat 2005 in Las Vegas last July, we invited some of the speakers we respect most to share a few drinks and swap opinions in a room at Caesar's Palace. We recorded the session (which was rambling, raucous, and sometimes hilarious), then transcribed it. If you've ever wished you could listen like a fly on the wall to leading security researchers in their less guarded moments, we present to you this excerpt from our Security and Beer Roundtable. The topic: Is there a credible threat to national infrastructure from cyberterrorists? We join the discussion, already in progress.

There's a reference to Blaster in the discussion, so I thought I'd provide a bit of mainstream context for those unaware.

There are three different threats to consider:

1.) Script kiddies and the like are out there in their legions, and will continue to be. This is not terrorism though, more like vanadalism, opportunistic exploits.

2.) Military attacks in the context of cold or hot war, with the intent of disabling enemy C4I capabilities. This is very real. How effective it would be would depend on the extent and manner of use of C4I capabilities. But this is not terrorism either.

3.) Terrorism, attacks on civilian infrastructure originating in non-state political groups. These could be aimed at military targets too, but civilian targets seem more likely, easier and more effective for the purpose of attracting attention and instilling fear. I would agree with some of these fellows that it seems a bit of a stretch. Explosives are just so much more ... explosive, if you see what I mean, a much better attention getting device. But you never know, it could happen.

Strangely enough, that's one of the things I liked about it. I got the sense I was reading an actual examination of a problem, not just reading a carefully prepared polemic with an agenda to push.

Of course, that makes it hard to wade though.

every day. I suppose that say more about me than these guys, they were not in such a hurry, which is nice when you think about it.