Terrorism fears to fuel IT spending

The threat of online terrorism is overblown, according to Ira Winkler, head of security strategy at HP. However, concerns about such attacks could help to increase security budgets to deal with other online threats.

At the RSA Security conference in Paris this month, Winkler argued that terrorists have little interest in online attacks. "Terrorists are less likely to use cyber-terrorism than actual physical acts. That's their style," he said.

But IT departments could exploit the fear of terrorism to fix other security holes. "The hype surrounding the threat has got boards interested in security. If you promise them you can protect against the terrorists your budgets will go up. Then you can deal with basic security problems," Winkler said.

Winkler argued that instead of worrying about who could attack their networks, managers should concentrate on eliminating vulnerabilities that would allow attacks to be made. This should include regular and prompt updates of operating systems and application patches, he said.

George Papapavlou, a member of the Directorate-General at the European Commission, said the perceived threat of terrorism has been useful: "The fear of cyber terrorists, even if it is ungrounded, will help implement better policies overall."

Winkler argued that the EU has taken the right approach to improving security by developing new laws. He compared this with the US government's policy of encouraging voluntary action by industry to improve security. He added that firms spend a lot of time and money fighting legislative proposals that would require them to implement better security, and that voluntary measures were unlikely to be sufficient.

Have your say: contact IT Week