Single cyber attack not likely to cause global shock
Posted by Elena del Valle on January 24, 2011
Photos: Organization for Economic Co-operation and Development, Peter Sommer, Ph.D.
How fragile are our cyber systems? How much effort and sophisticated technology would it take to bring a company or a government office down with a cyber attack? What about a global disruption? Although the technology is constantly changing and no one seems to know the answers for sure there is concern and much speculation on the topic.
A reassuring report released last week indicates it would be difficult to cause serious problems on a world wide scale although it cautions that “Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services.”
Examples of single cyber-related events with vast capacity for damage could include an attack on one of the technical protocols the Internet depends on like the Border Gateway Protocol which determines routing between Internet Service Providers; and a very large-scale solar flare if it physically destroys key communications components like satellites, cellular base stations and switches.
What about malicious attacks designed for espionage, to affect distributed denial of service, and the acts of criminals, recreational hackers and hacktivists? According to the two researchers who authored the report such attacks would have a local impact and a brief duration.
They believe cyber warfare is the source of myths mostly. The reason they believe such a situation would be unlikely is because essential computer systems are designed to resist such attacks and malware. Because identifying the actual attackers in cyber attacks is very difficult they suggest defense against cyberweapons should focus on resilience, a combination of preventative measures and alternative plans to allow rapid recovery in case of a successful attack.
They also point out that a significant portion of the infrastructure is most of the countries they studied (OECD countries) are privately owned and not government controlled.
Peter Sommer, Ph.D., coauthor, Reducing Systemic Cybersecurity Risk
“The specific challenges faced by the US, apart from the range of entities that regard it as a target, are the number of powerful Departments (and their supporters in the Senate, the Congress and the arms industry lobbyists) all claiming that they should lead,” said Peter Sommer, Ph.D., coauthor of the report, by email in response to a question about the cyber risk issues as they relate to the United States. “The main players are: the Pentagon (and indeed individual armed services), Department of Homeland Security, Department of Commerce, NSA and FBI. So far President Obama and his cybersecurity advisor Howard Schmidt do not appear to have been able to knock heads together.”
Sommer, visiting professor in the Information Systems and Innovation Group in the Department of Management at the London School of Economics, and Ian Brown, Ph.D., research fellow, Oxford Internet Institute, Oxford University are the coauthors of Reducing Systemic Cybersecurity Risk, a 121-page report published by the Organization for Economic Co-operation and Development (OECD), part of the OECD/International Futures Programme Project on Future Global Shocks.
Brown’s research is focused on public policy issues around information and the Internet, particularly privacy and copyright. He also works in the more technical fields of communications security and healthcare informatics. The Organization for Economic Co-operation and Development provides a forum for member governments to compare policy experiences, “seek answers to common problems, identify good practice and coordinate domestic and international policies.”