Large consultancies are paid a lot of money to provide companies with information to help them run their businesses. But sometimes the statements issuing forth from these consultancies has me questioning their value to users.

Last month at the Gartner Symposium and IT Expo in Sydney, Australia, Rich Mogull, Gartner's director of information security and risk research, declared that cyberterrorism is mainly a theory. He said we should "stop running around being scared about these esoteric threats out there. Let's look at protecting ourselves by closing the vulnerabilities we know exist and protecting ourselves from the attacks that we know exist."

Of course we all should be doing the day-to-day diligence of patches, upgrades and monitoring. However, in contrast to Mogull, I contend that we should not be worried about the threats we know about; we should worry about those we don't know about.

Cyberterrorism is not a theory: It is a fact of the future, and that future could be one day, one month or three years out. Today's biggest cyberterrorism threats come from three places:

• Trusted insiders about whom we know next to nothing yet have root control over critical infrastructure operations.

• The "weaponization" of otherwise benign technology.

• Advisers who live by the "security by denial'" axiom.

In my 1993 book Information Warfare, I said cyberterrorists' motivations are immaterial; what's important is their capabilities. Further, I argued that Class 1 Information Warfare (personal) was an emerging threat that now has become a multibillion-dollar epidemic, primarily in the area of identity theft. That was theory back then, and now it is fact. Class 2 Information Warfare (industrial espionage and criminal acts) is the second level to have graduated from theory to fact.

One simple argument to remember is: Why would the bad guys not use available technology in their endeavors? The answer - not theory - is that they have adopted the very technologies that Mogull seems to suggest we relegate to a theoretical junk heap.

Class 3 Information Warfare (cyberterrorism) involves powerful religio-, narco- and politico-terrorists attacking significant portions of the infrastructure. When I spoke to the Joint Chiefs of Staff a couple of years ago, they did not like hearing me say, "Generals, you are no longer in command of your armies," or the politically incorrect, "Why are foreign nationals running significant portions of the military's force projection systems?" But they did something about it.

Whitepapers

• Boost Productivity While Cutting Costs with Next-generation Collaboration
• Deploying Virtualized NetWare on Linux Whitepaper
• Driving Business Success Through Workgroup Choice and Flexibility
• Toward More Flexible, Next-Generation Collaboration Solutions
• Collaboration Tools and Organizational Success Whitepaper
• The ROI and TCO Benefits of Data Deduplication for Data Protection in the Enterprise

View more SECURITY whitepapers

Webcasts

• Creating a high performance workplace with wireless networking
• Harnessing the power of communications to increase workplace performance
• Making data centers the IT strategic focus
• Protecting assets and employees with IP Video Surveillance
• Stay out of the headlines: Detecting and preventing network intrusions
• Transforming the Enterprise WAN Edge: Video from Cisco

View more SECURITY webcasts

Special Reports

• The Evolution of Network Security
• IP address management in 2008 - six things to know
• The self-managed network

View more SECURITY special reports