Bruce Schneier, who has written several books on security and is the founder of Counterpane Internet Security, said that officials claiming terrorists pose a serious danger to computer networks are guilty of directing attention away from the threat faced from criminals.
"I think that the terrorist threat is overhyped, and the criminal threat is underhyped," Schneier said on Tuesday. "I hear people talk about the risks to critical infrastructure from cyberterrorism, but the risks come primarily from criminals. It's just criminals at the moment aren't as 'sexy' as terrorists."
Schneier was speaking after the SANS Institute released its latest security report at an event in London. During this event, Roger Cummings, director of the UK National Infrastructure Security Coordination Centre, said that foreign governments are the primary threat to the UK's critical infrastructure.
"Foreign states are probing the (critical infrastructure) for information," Cummings said. The UK's (critical infrastructure) is made up of financial institutions; key transport, telecom and energy networks; and government organisations.
Schneier, though, is concerned that governments are focusing too much on cyberterrorism, which is diverting badly needed resources from fighting cybercrime.
"We should not ignore criminals, and I think we're underspending on crime. If you look at ID theft and extortion--it still goes on. Criminals are after money," Schneier said.
Cummings also said that hackers are already being employed by both organised criminals and government bodies, in what he termed the "malicious marketplace."
Schneier agrees this is an issue.
"There is definitely a marketplace for vulnerabilities, exploits and old computers. It's a bad development, but there are definitely conduits between hackers and criminals," Schneier said.
