International experts called on Wednesday for greater cooperation to fight threats to computer networks but they differed on the definition of cyberterrorism, with a top British security official describing it as a "myth".
Estonian defense ministry official Christian-Marc Liflander said sustained electronic attacks on his country last year came both from crude hackers and from sophisticated "cyberterrorists" remotely manipulating zombie computers known as botnets.
"I would say we have entered an era of cyber terror and perhaps even of cyber war," Liflander told a London security conference at the Royal United Services Institute.
Estonia has said it believes the Russian government was behind last year’s attacks, which came amid a diplomatic row over Tallinn’s decision to relocate a Soviet-era war memorial.
But Liflander said the botnet attacks came from computers in 76 different countries and it was hard to prove who sponsored them. "What we have is just a gazillion IP (Internet Protocol) addresses that don’t prove anything."
The effect was to paralyze websites and cause severe disruption to key services such as banking, in a country with one of the highest levels of Internet usage in the world.
But not everyone agrees that "cyberterrorism" is the best way to describe such electronic attacks.
Stephen Cummings, director of the British government’s Centre for the Protection of National Infrastructure, said he had seen no evidence to suggest terrorists were bent on using cyberattacks to generate the same devastating impact as their physical attacks.
Cyberterrorism "Myth"
"I think discussion of cyberterrorism distracts our attention from the more pressing terrorist threats, which are still physical," he said in a presentation which included a slide saying "Cyberterrorism is a myth".
Talk of cyberterrorism could distract people from addressing the real risks from malicious electronic attacks, he said. "Who knows, if we all talk about cyberterrorism enough, maybe the terrorists will twig on to its potential in a way we wouldn’t want them to."
Despite the differences over terminology, officials stressed the need for international collaboration.
"No one country can stand alone in facing cyberattacks and threats. Cyberspace is borderless and the attack usually does not originate from within," said Husin Jazri, director of CyberSecurity Malaysia.
He said governments and their computer emergency response teams needed to set up "pre-emptive arrangements" to cope with potential attacks.
Estonia, following last year’s crisis, has urged the European Union to harmonize laws against cyberattacks to make it easier to prosecute those behind them.
Liflander told Reuters it would also unveil a national cyberdefense security strategy in the next two weeks, aimed at better protecting key infrastructure and networks by "putting in place minimum standards that all enterprises have to adhere to".
He described the defense against last year’s cyberattacks as a game of cat and mouse.
"The attacks were very rapid and there’s a tendency to mushroom, so you have to be very agile in your response to them. And your response is only limited if you do it on a national scale — it has to be international as well."