Very few European companies or organisations analyse their electronic security needs, despite the growing threat posed by organised crime and terrorism, a former head of military security at NATO said this week.
Mr David Love, a security specialist now working for US multinational Computer Associates, also suggested the Republic would not escape the consequences of electronic warfare because of its pre-eminence in information technology.
Mr Love, who was due to speak at the cancelled E-volution: virtual business in the real world conference in Dublin, told The Irish Times that organised crime was funding research in electronics at some US universities.
He said the events of September 11th made it more important for firms to assess their IT security. The terrorist attacks had changed one of two essential elements that made up security risk.
"The risk to systems is made up of threat and vulnerability. While the vulnerability of corporate systems hasn't really changed since September 11th, the threat has increased," he said.
Cyber warfare was one of the few ways smaller states could carry out attacks on larger states with impunity. One of the first examples of this was when the Indonesian regime brought down an internet service provider in the Republic for hosting a pressure group's website, he added.
Mr Love said European corporations and organisations were behind the US in terms of awareness of electronic security.
One European bank that he visited recently hadn't even basic IT security. The financial institution had put this off until February 2002 because of the introduction of the euro.
"Very few companies have done the work to analyse their security needs in Europe. Whereas in the US, we are beginning to see a gradual move where IT security is handled at boardroom level."
Mr Love said there was a fear that IT warfare could be the next method of targeting the western world. He cited the specific danger of fast-spreading viruses and worms, which deliver malicious code to computer systems.
This type of electronic warfare would impact on the Republic, he said.
"If someone wants to attack the US with a form of cyber warfare there is no way it will just affect the US. It will spread to everyone with computer networks."
The Nimda worm was extremely virulent but not particularly damaging. It still cost billions of dollars, with companies shutting their systems, he said.
Mr Love said organisations and companies did not understand well enough the risks posed by cyber crime.
"There is still a perception that the hacking community comprised a group of 16-year-olds who download hacking tools from the Web. But the greatest problem is from organised crime, which is sponsoring research into hacking at universities in the US."
This type of crime is very difficult to combat as the particular hacking tools that are developed are kept secret and not made available on the Web.
Security measures now have to include artificial intelligence to build up experience of repulsing cyber attacks, said Mr Love. But even the most modern systems do not provide absolute protection.
"A recent survey showed that for every thousand lines of code, there are 50-150 bugs in the software. This demonstrates we can never have 100 per cent security.
"Companies need to understand their own systems and business processes to provide adequate security to protect their business," he said. "This depends on the crucial nature of the information and data they have."
Companies must balance adequate security with increased risk and total cost of ownership, said Mr Love.
He said the worst thing that had happened since September 11th was that people were rushing to buy IT security and they didn't know why. This will just build disillusionment when they find out they are losing money, he added.
Few prosecutions of hackers have succeeded because presenting evidence was very difficult. And many police forces and investigators were inadequately trained. This means a lot of crime goes unreported, he added.
"We just don't know what is happening at the minute," said Mr Love. "It is a worldwide issue and there needs to be global response."
The future of electronic warfare by terrorists remains unclear, said Mr Love.
"Many gurus have been predicting a Pearl Harbour-type event in this area but I don't have a crystal ball and there is just no way to know. But if we neglect IT security we are increasing the risk of that happening."
