Most of the actions that fall under the trilogy of cyber crime, terrorism,
and war exploit pre-existing weaknesses in the underlying technology.
Because these vulnerabilities that exist in the network are not themselves
illegal, they tend to be overlooked in the debate on cyber security. A UK
report on the cost of cyber crime illustrates this approach. Its authors
chose to exclude from their analysis the costs in anticipation of cyber
crime, such as insurance costs and the costs of purchasing anti-virus software on the basis that "these are likely to be factored into normal dayto-
day expenditures for the Government, businesses, and individuals.
This article contends if these costs had been quantified and integrated
into the cost of cyber crime, then the analysis would have revealed that
what matters is not so much cyber crime, but the fertile terrain of vulnerabilities that unleash a range of possibilities to whomever wishes to
exploit them. By downplaying the vulnerabilities, the threats represented
by cyber war, cyber terrorism, and cyber crime are conversely inflated.
Therefore, reassessing risk as a strategy for security in cyberspace must
include acknowledgment of understated vulnerabilities, as well as a better
distributed knowledge about the nature and character of the overhyped
threats of cyber crime, cyber terrorism, and cyber war.
Available at: http://works.bepress.com/audrey_guinchard/1/