Governments are shifting their national security focus away from the threat of cyber attacks launched by terrorist groups to enhancing eavesdropping capabilities to monitor such groups, according to Gartner.
After much publicity, the threat of cyberterror has failed to materialise, said Gartner research director for information security and risk Rich Mogull.
"There has not been a single case; we've talked with governments, businesses and the military and there has not been a single occurrence," Mogull said, adding that the high availability of those willing to die for a terrorist cause was of far more immediate concern.
Western cyber efforts against asymmetric threats were being deployed to exploit intelligence from the internet, which terror groups have readily used to facilitate communications between members and promote their causes.
"Governments are dealing with this and [the US and allies] are monitoring and looking… for example, we have now eliminated the ability of certain groups to use mobile phones," Mogull said.
Critical infrastructure protection, especially utilities, will continue to face challenges, not least because many Supervisory Control and Data Acquisition (Scada) systems now used Windows-based front ends which were highly vulnerable. To counter this problem, he added, it was necessary to decouple such machines from the internet at large.
"You need to separate physical systems [those that control physical actions such as water or electricity] from enterprise systems. You need a virtual air gap," Mogull said, adding that if companies involved in critical infrastructure failed to secure their IT, there was always a helping hand ready to assist.
"If critical infrastructure cannot regulate itself, the government will step in and regulate it. [That said] governments, including the US government, do not always do the right thing," Mogull said.
He estimated that it will initially cost around 8% of a utility company's annual IT budget to become compliant with critical infrastructure IT security standards, a cost that would then decline after it was rolled out.
Julian Bajkowski writes for Computerworld