The head of the UK Government's Computer Emergency Response Team has hit a welcome note of commonsense by stating that the September 11 terrorist attacks have changed nothing in the way the country needs to defend against electronic attack.
Stephen Cummings, director of the National Infrastructure Security Coordination Centre (NISCC), said in the wake of September 11 it received numerous inquiries from its finance and utility sector clients asking about the possibility of electronic attack by hackers.
Little had changed, NISCC told concerned companies. But considering the levels of interest, it has published a booklet on the risks of terror - in a general sense. The Unified Incident Reporting & Alert Scheme, which NISCC, part of the Home Office, runs, reports that thefts and threats from insiders form the worst security risks.
September 11 does have some implications for Internet security, but these risks should be put in context.
Cummings told an audience at a presentation at the Compsec security conference in London this morning that post-September 11 there was a heightened risk of denial of service attacks on UK Government web sites.
This risk comes from sympathisers of the Taleban cause or "some pretty high level groups supporting terrorism" but not from the Taleban itself.
Afghanistan does not have the Internet infrastructure to support the launch of a hacking attack and the Taleban does not have people with hacking skills, Cummings said.
During his presentation Cummings gave an outline of NISCC response to the Code Red outbreak which succeeded in keeping people informed of the issue but keeping the assessment "less drastic" than that of its US counterparts and the delivery more low-key.
"We need to give a balanced message that is not too alarmist," Cummings told us. ®