- It's no secret. In addition to the US, at least six countries are known to be actively developing information warfare programs designed to cripple the IT, economic and military infrastructure of their potential adversaries.
However, a classified CIA warning, which detailed China's plans to launch cyberattacks against US business and military networks and was made public late last month, grossly misrepresents the threat to those responsible for protecting government and private IT networks in the US, experts say.
"China is developing a cyberattack capability, but it appears it is a component of their overall military strategy, to be used in case of [conventional] war," says Vince Cannistraro, former director of counterintelligence at the CIA.
Although experts agree that other nations and even terrorist groups are researching cheap and easy ways to use IT to offset the US' conventional military might, they say most reports have exaggerated the threat. Information warfare isn't something that's launched without plans for a conventional war, and terrorists have shown little interest in the bloodless outcome of cyberattacks, says Eric Shaw, a former CIA clinical psychologist and profiler.
Shaw and Cannistraro both say that most countries with cyberarsenals are unwilling to risk a conventional US military strike in retaliation for a cyberattack that cripples IT infrastructure and threatens the health and stability of the economy. In addition, most terrorist groups see little value in bloodless attacks, they say.
"Al-Qaeda views the internet as a method of communication, not as an avenue to carry out terrorism," Cannistraro says. "It isn't bloody."
"Considering all possible threats is a nice, creative process, but there is little evidence to suggest its practical benefit, other than funding of security-related projects that may not be needed," said Shaw. "So, in many ways, it wastes resources."