Critics claim that the legislation covers attacks on utilities and hospitals, but has no provision for the prosecution of a cyber terrorist who attacks a bank or business.
The Terrorism Act represents the latest attempt by the Government (following on from the Regulation of Investigatory Powers Act 2000) to revamp its enforcement powers to address the possibilities the internet offers to criminals and subversive elements.
Garcia Hanson, chief executive of network security consultant WRDC said, "This legislation has been drawn too narrowly and too unimaginatively. There are other targets that are more vulnerable - and more likely to suffer cyber attack - but which remain effectively uncovered by the legislation. We know from our own experience of protecting major financial institutions and government organisations that such attacks are already taking place, although the policy is to avoid publicising them."
WRDC claims that the security services suspect that politically motivated attacks on business are being launched from within the UK.
"We are now having to advise banks and government organisations to create additional layers of internal protection," says Garcia Hanson. The concern is that without such steps employees sympathetic to a political cause could betray to cyber-terrorists information that would allow them to penetrate and compromise the integrity of computer systems.
Kit Burden, an IT law partner at Barlow Lyde and Gilbert, claimed the Government should expand the resources and training available to the police in order to tackle the problem fully.
"The ongoing problems in Israel have illustrated how hacking and denial-of-service attacks can be used as part of a campaign of terror," said Burden. "This can often achieve as much disruption and publicity as a car bomb attack, but with much less chance of causing moral outrage or accidentally targetting innocent victims."