Term 'cyber-terrorism' damaging security investment, says ex-White House advisor

Overuse of the term 'cyber-terrorism' is confusing board directors and preventing much needed investment in IT security, says former White House security advisor Richard Clarke.

By describing denial of service attacks, hacking and defacement of corporate web sites as cyber-terrorism, IT directors are negatively affecting the amount of investment companies makes in IT by failing to properly communicate the real risks to businesses, he says.

'If you say cyber terrorism they get confused and think it's Osama Bin Laden in cave with a laptop,' said Clarke during his keynote speech at RSA Conference 2004 in Barcelona.

'And CEOs don't want to spend money on that because they don't think it's a real threat to them, they think it's a cost and not a benefit.'

Clarke explained: 'Say information security, say information assurance, say cyber security, say cyber crime but don't say cyber terrorism.'

But Clarke, who spent 11 years advising the last three Presidents on national security and IT threats, says firms also need to do more to join up physical and IT security procedures and that lack of attention could threaten business continuity.

'We go into a lot of buildings and sign-in and most of the time no one knows who we are,' said Clarke. 'I sign my name Benjamin Franklin most of the time and no one notices.'

By creating secure computing and using two-factor authentication devices for access to both buildings and technology systems companies can hugely improve security, he says.

'If you worry about security you need to worry about cyber security as well - our economy is increasingly dependent on the internet,' he said.

Clarke was also critical about the current US administration's commitment to internet security, saying more action was needed to combat growing threats.

'If the US administration keeps going through cyber security directors at the pace it is we could fill up this hall with them next year,' said Clarke. 'They are very good at saying they care about cyber security and then they don't give them the money or the power to do anything about it.'

The Bush administration should also do more to allay citizen concerns around biometric citizen identification trials, says Clarke.

'An awful lot of people are concerned about civil liberties and see security technology as a threat,' he said. 'But technology is a tool - it's neither good or bad - it depends on the way that we use it.'

He concluded that both governments and businesses need to be forward looking when it comes to security, rather than being reactive.

'I think that one of the lessons we learned from 9/11 is that shouldn't wait for something to happen,' he said.