Australia ‘must prepare for cyber attack’, according to internet security experts. We only have a few years to prepare for a potential cyber attack that could cripple our infrastructure.
Sure, Cyber-War! is a great title for a 50s C-movie. But it’s just a reoccurring beatup: one of those beatups that only deep foreign policy thinkers do best. This piece in Wired, written after the highly-publicised attacks in Estonia in 2007, explains how we’ve never actually seen any cyber-war. What we do see is more like cyber-vandalism. (The critical infrastructure which was “knocked out” during the Estonia episode was banks’ websites, not their ATMs or vault security. Annoying, sure. Devastating, not so much.)
The hook for today’s panic is a spate of recent “attacks” in July 2009. Of course, these “did not cause casualties, loss of territory, destruction or serious disruption of critical services.” Oh, and something to do with terrorists.
It’s a big leap from internet vandalism to warfare. But the fact that there has never really been a cyber-battle, let alone a cyber-war, doesn’t restrain the Centre for Strategic and International Studies from urging us to set up an elaborate and well-funded Homeland Security Agency to tackle this imminent threat.
9 Comments
I agree that it’s important to look out for people talking up imaginary threats to feather their nests. But there are real threats online.
I touched upon this in a Crikey piece, eCrime: the bad guys pwn the internet. The guys who know about this stuff — the guys who spend their days monitoring the bad guys — agree that there’s a lot of seriously scary stuff out there.
A bank’s website being knocked out also means that businesses can’t transfer money via internet banking. Employees can’t get paid. Many companies depend on online systems for processing orders, trading shares, coordinating logistics… Taking out the internet for a few days would cause millions of dollars of economic damage.
In 2003, huge sections of the US power grid were taken out by the W32.Blaster worm. That wasn’t a targeted attack. There have been analyses which reckon that a serious attempt to cause problems could well bring down big slabs of infrastructure.
I could go on…
There hasn’t been a cyber-Armageddon just yet — and I truly loathe the prefix “cyber-” stuck on everything, as well as attaching the word “terrorism” to anything and everything. But we also went 60 years without nuclear weapons being lobbed around, even though nuclear warfare was a very real threat. The lack of disaster so far doesn’t mean there’s no risk.
I noticed the fear aspect in this story, but from a slightly different angle: check out the ABC’s two different headlines.
@Robert Corr: Interesting point about the re-worded headlines which look like they say the opposite thing. Bad ABC! [slap!] Hover I agree with both headlines as written. Much of our information infrastructure is poorly defended and needs more attention. But pitching it in terms of “terrorism” is overstated. IMHO. YMMV.
Diehard 4 anyone, mind you I was talking to my neighbours son over from the west recently and he was targeted and suffered a temp loss due to his wife’s home pc (microsoft) being raided whilst his own apple was incident free. The bank refunded his loss because he was quick off the mark in spotting it. He sounds like one of the lucky ones.
It will probably take a major outage until and users, banks and governments realise the the risk.
However I don’t think most of the security packages that are advertised will provide the expected level of protection.
So even if people installed the software, I don’t think it would make much difference.
Hmmm…. I’m always a bit cynical when an IPA’er has a go at deriding technological threats. For some IPA’ers it’s a proxy war about global warming. The ‘reasoning’ goes like this – the experts told us Y2K was a problem. It turned out not to be. Network security threats are similarly overblown. That tells us scientists are all on the gravy train promoting fear, uncertainty and doubt to boost their research grants. Consequently, we can conclude that global warming is a big fraud…
To be fair to Chris, the articles by him I’ve just googled don’t seem quite as strange as others from IPA’ers and his current discussion with Guy Rundle about Libertarianism has been very interesting. But I think his article here is faulty.
As Stilgherrian has pointed out we know there are lots of weaknesses in the Internet security architecture. We know there are lots of exploits. We know there is real economic impact. We also know that at the moment it’s mostly vandalism rather than coordinated attacks. And yes, there’s a difference between defacing a bank’s web site and shutting down its operations. But there is no doubt that there are risks out there. Just because we haven’t seen something that can be classified as warfare doesn’t mean we won’t.
Nigel, if you read my post backward, you get a extract from Ian Plimer’s book.
Stilgherrian, I think we’re talking a bit past each other. My argument (insofar as I have a strong one!) is that the fear of cyberwar – state on state, or terrorist – is massively overblown. I’m certainly not trying to downplay criminal threats. I just find it hard to get excited about national security threats that have never yet happened. It’s like China-hawks – war with China has always been imminent.
After all, even the most aggressive interpretations of the Estonia attack struggle to claim that they were an attack by the Russian state – merely that they originated from Russian territory.
Having said all that, I’ll digest the material you passed me over twitter (for those reading at home, here, and here).
@Chris Berg: We quite possibly are coming from different angles. Anyway, here’s some more links…
1. Bing, a man from China not the Microsoft search engine, managed to bring down the internet across much of southern China. If h can do it with $40k of rented botnet, imagine a professional job.
2. Renting a botnet is cheap.
3. China is believed to be pushing ahead in cyberwar capabilities.
Happy reading!
Chris Berg said “Nigel, if you read my post backward, you get a extract from Ian Plimer’s book.”
Ok. I deserved that. Very amusing…
Like I said you do seem to be the only rational IPA’er I’ve encountered. It must be very uncomfortable around the water cooler in the mornings when you’re the only one without the tinfoil hat…