Cyberwar or cybermirage?
Rory Cellan-Jones
The threat of war in cyberspace grows by the day.
We have already seen attacks launched on Estonia and Georgia, and the Stuxnet incident, which saw Iran's nuclear programme come under threat from a piece of malware this shows us how vigilant we need to be.
And as well as the state-sponsored assaults, there are bands of cyber terrorists who pose a real danger to our national infrastructure, capable, for instance, of sending a wave of sewage down the Thames just in time for the London Olympics.
Today the British Foreign Secretary William Hague will call for international agreement to combat the threat of cyber warfare, with countries urged to sign up to something between a highway code and a Geneva Convention for the internet.
But hold on a minute - are we now in danger of overhyping all of this?
Recently I spent a day at a conference listening to some very clever people discuss these issues in grave terms. I can't name them because the meeting took place under the Chatham House rule, but suffice to say they included a number of those responsible at the highest level for protecting Britain from cyber threats, in both the public and private sectors.
They all seemed terribly worried but as I looked round the room I realised that just about everybody had some interest in promoting the problem. The public sector people, facing big cuts in their budgets, had found something that the Treasury seemed prepared to fund, even as the rest of the defence budget went south.
The private sector executives know that billions of pounds worth of contracts are being handed out as countries try to shore up their cyber-defences and naturally they want their share. And yes, even I had a motive for talking up cyber terror - it does make for a good headlines.
But after a morning listening to thousands of words about the scale of the threat, the new government structures designed to protect our national infrastructure, and the way the private sector could feed into that process. I was left somewhat bemused.
Yes, there's evidence that criminals are launching attacks on banks and other private sector businesses, that consumers are suffering from the effects of cybercrime, and that poor security is allowing government secrets to flood out onto the internet. But where is this cyber terror or indeed warfare?
Everyone latched onto the Stuxnet incident - "if it was done to them, they could do it to us" the cry went up. But it became evident that nobody quite understood what had happened in Iran and whether it really was a symptom of a wider threat.
But there was a sober voice at the meeting, a man who had been studying the evidence of the nature of cyber threats. The danger of cyber terrorism, he told us, seemed limited. Terrorists got more publicity from a car bomb than from taking down a computer network, which was a complex operation to mount.
And many of the incidents referred to as cyberwarfare were "nothing of the sort". He pointed to the attacks on Estonia, on Georgia and South Korea, and quoted American officials describing them as "annoying and embarrassing", rather than really damaging. After all, they had caused no casualties or loss of territory. Cyberwarfare, it seemed, could only be a "support function", rather than a primary weapon.
After hearing this measured assessment, we moved straight on to a man from the private sector. He told us that cyberwar was going on right now, largely invisible to the public, from a whole variety of actors. He quoted the IRA, "You have to be lucky all of the time, we only have to be lucky once," and he called on the government and the private sector to spend even more on shoring up Britain's cyber defences.
Maybe he was right and we should not be complacent about the dangers to our national security lurking in cyberspace. But in the past the ICT and security industries have found it very easy to scare governments into spending huge sums on initiatives that have not always proved their worth.
Remember the Y2K bug that was going to devastate computer systems when 1999 became 2000? Or the desperate need for an identity card system and a massive NHS computer project? Previous governments took advice from the "experts" on those issues, and now the politicians have bought in to the idea that huge sums need to be spent to shore up our cyber defences.
And who is advising ministers on cyber security? Presumably the same giant international IT suppliers who have always rushed to help out. One person suggested at yesterday's event that maybe the government needed to use small start-up firms to address the cyber-security problem. That sounds attractive and if Cybergeddon does not happen in the next decade we might at least be left with a stronger digital economy.
Credit: BBC (www.bbc.co.uk)
No comments:
Post a Comment