Intelligence and defense officials are reportedly skeptical of potential terrorists" technical ability to launch a cyber attack.

However, it was reported Thursday that the United States has uncovered an Internet trail left by al Qaeda operatives who apparently were investigating instructions for using the software and technologies controlling major infrastructure systems. Ninety percent of such systems are controlled by the private sector.

"This is the strongest indication so far that al Qaeda is interested in developing cyber attack capabilities," SecurityFocus senior threat analyst Ryan Russell told NewsFactor.

Cyber Susceptible

According to published reports, the U.S. military in January discovered a computer left behind by al Qaeda members in Afghanistan. The computer contained models of dams as well as programs for analyzing structures, 3D imaging and other infrastructure-related purposes.

The computer also reportedly logged a path to Web sites showing infrastructure control software and instructions.

Russell said that based on the nature of such control devices and technology, if it is accessible remotely by engineers, then security holes or back doors exist that would allow access by others.

Rapid Recovery

Russell echoed other security experts in pointing out that terrorists are unlikely to favor cyber attacks because the loss of power, water or phone service simply does not compare in terms of impact to the devastation of physical attacks, such as those of last September 11th.

Russell, who cited the financial sector as an exception, also said that while the security gaps that exist in software, hardware and the Internet might make cyber systems an easier target, code and bit-based infrastructures are much more robust.

"A key point with the whole cyber thing is that recovery is vastly easier in that case," he said.

Sobering Surveys

Worries about terrorist cyber attacks were reinforced this week by surveys from the Business Software Alliance (BSA) indicating that IT professionals believe attacks on government and cyber infrastructure are likely in the next year.

While one BSA survey revealed that 60 percent of IT security specialists believe the government will be hit with a major cyber attack in the next year, a more troubling survey result indicated that 74 percent of IT professionals say an attack on Wall Street or on large banks is nearly certain.

"Two-thirds said it is certain or near certain that a major financial institution, communication system, transportation or utility will be hit in the next year," BSA director of Internet and network security policy Mario Correa told NewsFactor.

"It's disconcerting that the folks that know IT best say it's not only possible, but are fairly certain it will happen," Correa added.

Combination Fears

While security experts say terrorists might prefer traditional physical attacks, many worry that a cyber attack could be launched in concert with a physical attack to cripple communications or otherwise hamper relief and recovery efforts.

"It's where the electric world meets the physical world, and where the two intersect, that [a possible attack] is scary," Russell said. "I think there's a real possibility we will [get hit by a cyber attack]. Any single individual out there could accomplish it in a very real way."