The OECD (the Organisation For Economic Cooperation and Development) reckons that the threat of cyber warfare is being exaggerated. Many will venture to disagree. Martyn Warwick reports.
The OECD, founded in 1948 and headquartered in France, defines itself as "a forum of countries committed to democracy and the market economy." The organisation recently commissioned a couple of academics, Professors Somner and Brown, to write a paper called “Reducing Systemic Cybersecurity Risk“.
Peter Somner is Visiting Professor at the London School of Economics. Ian Brown is a professor at the Oxford Internet Institute which is a part of the University of Oxford. The purpose of the treatise was to consider the question “How far could cyber-related hazards be as devastating as events like large-scale pandemics and the 2007-10 banking crisis?“. The writers come to the conclusion that “very few single cyber-related events have the capacity to cause a global shock.” Oh, really?
According to the professors there there are only two possible cyber attack scenarios that would have a global impact, cause worldwide disruption and that could result in economic recession and possible social breakdown. One is a massive solar flare that would fry comms systems and take out satellites, telecoms systems, switches, mobile base stations, GPS tracking etc. The second is a concerted blitzkreig on the basic protocols that keep the internet up and running. The first one we can do very little about, the second one we could act to protect ourselves against.
This, the professors say is the only kind of “pure” cyber war there can be. However, the writers do not examine so called, "hybrid or multi-modal warfare where cyber is one component of a kinetic attack." And that's where the problem lies.
Like any other kind of warfare, the capability to wage cyber war is evolutionary and developmental. The game is changing daily and attacks are getting more and more sophisticated with every iteration. What is there to say (or prove) that there won't be ten, twenty or a hundred ways to wage total cyber war in the years to come? Answer? 'Nothing'.
The OECD report is strong and long on reasons why there won't be a full on cyber-war. For example, it says that many "critical" systems are already protected against "known exploits and malware". Thus, it says, the perpetrators of cyber attacks have to find new chinks in the armour-plating and devise new ways of expoiting what they find..
Yes? Isn't that exactly what is happening - all the way through from criminal gangs subverting security systems for financial gain to governments all over the world devoting massive but usually secret resources to devising methods to bring down the military, political and economic and social systems of of those nations currently classified as "hostile "or enemy" as well as those that could potentially be put in those categories in time to come.
Where shall we start? Well, in no particular order, how about with the UK, the US, Israel, France, Germany, Iran, Russia, China, North Korea, South Korea? And then and just keep going until you run out of countries.
The report is redolent with ivory tower academic dissociation from the real world. The UK internet security specialist, MWR InfoSecurity says the OECD report will do little more than encourage complacency. I agree.
Managing Director, Ian Shaw, says, "The whole point is that [cyber] attacks are increasing... and while they are normally launched on a one-off basis there is no doubt that there is a persistent threat to both government and enterprise information security. We have seen evidence of this during the Wiki leaks protests where hundreds of people joined together to try and bring systems down. My main worry is that people will become even more complacent than they are now about the risk of attacks. Many business organisations are just not taking the threat levels seriously enough and safeguarding the information that they hold."
Mr. Shaw adds, “ There is a clear threat to the economy, as the OECD commented in this and a prior report - malicious attacks are a threat to the Internet economy. As the internet economy plays a greater role in the overall economy the risks need to be carefully monitored.”
As Sun Tzu, the military theoretician and strategist extraordinaire of ancient China, wrote in his seminal work "The Art of War", "The skillful leader subdues the enemy’s troops without any fighting; he captures their cities without laying siege to them; he overthrows their kingdom without lengthy operations in the field.”
That's as true now as it was when it was written thousands of years ago. Back in the mid-20th century the Neutron Bomb was designed and built to kill people whilst leaving much of a enemy's infrastructure as intact as possible for exploitation later by occupying forces. Time and technology moves on. Now the same strategic effect can be achieved by conducting electronic and cyberwarfare to cause economic devastation, neutralse military responses and bring nations to their knees.
Plans are in hand everywhere to do just that and for an important report to examine these crucial issues in such a limited way does the subject a disservice. Indeed, it might be argued that it will lead to complacency and a dangeropus 'head-in-the-sand' attitude. Meanwhile the cyber Cold War is hotting-up.
Photo: Wikimedia Commons
please sign in to rate this article