Homeland Security Chair Likens 'Cyber Terrorists' to Al Qaeda

President Bush's Homeland Security Assistant Wednesday stopped just short of referring to hackers as Al Qaeda terrorists in a keynote at the RSA Conference in San Francisco.

But Gen. John Gordon, who also serves as chairman of the Homeland Security Council, did not balk at drawing key distinctions between the importance of securing the United States from terrorist attacks and protecting the Internet from possibly debilitating cyber attacks.

Speaking to attendees Wednesday afternoon, Gordon said that terrorists and so-called cyberterrorists--people that use the Internet to wreak havoc on the everyday lives of American citizens--have some key similarities in their tactics.

"The [Al Qaeda] enemy fights from the shadows," Gordon said. "This is similar to the cyberterrorist community." Both types of attackers also can carry out their plans on limited resources and can make multiple attempts to succeed in mounting an attack, he said.

Gordon said that whether someone detonates a bomb that causes bodily harm to innocent people or hacks into a Web-based IT system in a way that could, for instance, take a power grid offline and result in a blackout, the result is ostensibly the same; both are acts of terrorism. But rather than focus on identifying the individuals staging such the attacks, the Homeland Security Council must focus on creating more secure systems to deter and prevent them, he said.

"As long as there are major cybersecurity vulnerabilities, someone will exploit those," Gordon said. "The damage will be the same whether the attacker was a bored teenager, an organized criminal or a [hostile] nation or state. We need to focus on the vulnerabilities--and not get to hung up on who the attacker will be."

Because of the level of threat cyberterrorists pose, implementing cybersecurity technology is paramount among the aims of the Homeland Security Council, Gordon said. This is why the Bush administration implemented the policy on cybersecurity, with goals to reduce vulnerabilities and threats to Internet security, as well as the formation of the National Cyberspace Security Response System.

However, as the government moves forward to implement cybersecurity policies under the Homeland Security Council, that doesn't mean American's right to privacy should be ignored, Gordon said.

Rather than try to find "an acceptable balance" between security and privacy, Gordon said the approach should be that both concerns are handled simultaneously. "We should start with the proposition that we can do both," he said.

With continuing advances in security technology, this can be achieved, Gordon said. "With technical capacity, the trade between security and privacy is one I really hope we don't have to make."