CyberwarFears of cyberwar exaggerated: report
New report says that analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language; the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks; the authors say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training
When the writer of a notorious book for hackers says we should stop panicking about cyberwar, it is probably time to sit up and take notice.
“Governments should take a calm, disciplined approach and evaluate the risks of each type of attack very carefully rather than be swayed by scare stories,” says Peter Sommer of the London School of Economics.
Under the pseudonym “Hugo Cornwall,” Sommer published the Hacker’s Handbook in 1985. Since then he has become a noted security researcher and expert witness. Now he has co-authored a report for the Organization for Economic Co-operation and Development (OECD) which warns governments against swallowing wholesale stories about “cyberwar” and “cyberweapons”.
New Scientist reports that in Reducing Systemic Cybersecurity Risk, published yesterday, Sommer says that a true cyberwar would have the destructive effects of conventional war but be fought exclusively in cyberspace — and as such is a “highly unlikely” occurrence.
“Analysis of cyber-security issues has been weakened by the lack of agreement on terminology and the use of exaggerated language,” the report says. “Cyber-espionage is not a few keystrokes away from cyberwar, it is a method of spying.”
Controversially, the OECD advises nations against adopting the Pentagon’s idea of setting up a military division — as it has under the auspices of the U.S. Air Force’s Space Command — to fight cyber-security threats. While vested interests may want to see taxpayers’ money spent on such ventures, says Sommer, the military can only defend its own networks, not the private-sector critical networks we all depend on for gas, water, electricity, and banking.
Co-authored with computer scientist Ian Brown of the Oxford Internet Institute in the United Kingdom, the report says online attacks are unlikely ever to have global significance on the scale of, say, a disease pandemic or a run on the banks. They say, though, that “localized misery and loss” could be caused by a successful attack on the Internet’s routing structure, which governments must ensure are defended with investment in cyber-security training.
Jay Abbott, a security manager at the consultancy PricewaterhouseCoopers, agrees that the routing structure is indeed vulnerable. “Short of physically cutting the wires, it’s the best way to take down a country from the internet,” he says.