The FBI’s head of cyber security, Shawn Henry said last week that Conficker media hype is distracting people from other threats. Henry is only half right in his comments, which he made at a speech at the RSA security conference in San Francisco.

Henry correctly pointed out that there are many other cyber threats out there that also deserve attention, and some of the threats may be bigger than Conficker. Henry praised the idea of public awareness, but said he wanted to see more coverage of the “entire threat vector.”

Conficker became big news, for several reasons: it was the biggest botnet to come along in years, and it ran differently than other botnets. And much of the media attention also came from the April 1 deadline, which was supposed to be the “launch date.” Nothing much happened on April 1 (except for a few April Fools jokes), and so what’s happening now is that we’re seeing a sort of “anti-hype” in some circles that is now downplaying Conficker. This is a dangerous thing. The April 1 deadline was obviously either a ruse, or the perpetrators decided to delay the launch date because of the media attention. Conficker is still with us, and reports are out that it is now coming to life, fulfilling on its promise to transform millions of victims’ PCs into spam-spewing robots.

Was Conficker a “false alarm”? Obviously not. The worst is yet to come–and the media attention served the purpose of getting more people to update their systems and install relevant patches. And there’s very little doubt that Conficker has had a monetary impact already. According to the Cyber Secure Institute, it has already consumed “an extraordinary amount of time and energy.” A cyber Secure Institute blog entry noted that because there was no major event on April 1, “numerous commentators are now downplaying the significance of the worm. This view is misguided.”

Cyber Secure Institute also discusses the overall financial impact of the worm in terms of wasted resources and time–and extrapolating from their previous studies about the average costs of other attacks, the agency estimates the total economic cost of Conficker to be as high as $9.1 billion.