Q&A: Threat of cyberwar is "over-hyped"
By Nicole Kobie
Posted on 17 Jan 2011 at 16:37
A pair of UK researchers has one message when it comes to cyberwar: don't panic.
Cyber-attacks have caught the public's eye - and the Government's purse, with a £650 million investment - especially after hacktivist denial-of-service attacks connected to WikiLeaks put the issue in the headlines.
But the threat of cyberwar is "over hyped", according to Dr Ian Brown of the Oxford Internet Institute, and Professor Peter Sommer of the London School of Economics, who studied the situation for a report for the Organisation for Economic Cooperation and Development (OECD).
We spoke to Dr Brown to find out how well prepared the UK is to withstand attack - and whether cyberwar is likely at all.
Q. What did you research uncover?
A. Between well-equipped states, like the US, China, UK and so on, certain cyber-weaponry would likely be part of any future war.
But having said that, we think that less capable states and sub-state actors, like terrorist groups and individual hackers, will not be able to have an equivalent damaging effect using cyber attacks.
Describing things like online fraud and hacktivism as cyberwar is very misleading
We think that describing things like online fraud and hacktivism as cyberwar is very misleading.
Q. What attacks would you consider to be cyberwar?
A. I think so far there have been very few. In 2007, [there was] the denial-of-service attacks on Estonia, where it was claimed there was Russian involvement, but that was never proven. The Russian Government denied any involvement.
Again in 2008, when Russia and Georgia had skirmishes, there were claims that there had been attacks on systems in Georgia linked to the Russian state, but the Russian state denied that.
And I’m not saying: "nudge nudge, wink wink, of course, Russia was involved" – it’s actually very difficult to tell. With cyber-attacks, it’s very hard to know who’s behind them.
You might be able to trace them back to certain IP addresses, but you really have no idea who it was who was in control of that machine at that time. It may well have been a compromised machine under the control of someone else entirely.
So you found that cyber-attacks are more likely to be a weapon in the arsenal than the entire attack?
A. For example, there is little open information about it, but I’m sure during the recent US invasions of Iraq and Afghanistan there would have been cyber weaponry used, but of course those countries were less dependent on computer infrastructure than Western nations are today.
I’m just giving possible examples here, I’m not saying these things are likely to happen, but if – heaven forbid – North Korean attacked South Korea, I’m sure that [cyber-weaponry] would be some of the first things that would be unleashed on South Korea.
It’s at that level and it’s misleading to lump in things like the Anonymous attacks on supposedly anti-WikiLeaks sites, for example.
From around the web
wisdom in talking computers with economics professors?
I mean seriously, are you sure you don't want to query a doctor about jet propulsion?
Here's a good question for them that I encourage you, the journalist, to dig in some on-- what would the economic impact be of determining that a large security provider such as Symantec, had been the veteran of Chinese state-based intrusions into their computers?
What would the impact be if they hid it in hopes of not undermining their customers faith in their security products?
Seriously, screw estonia, that was kids running ping, if you actually looked around, war in this realm has been waged for well over a decade by a high volume of players.
No one really talks about it (sans Google), but it's there.
- just another mercenary
By storm311 on 17 Jan 2011 
hello stuxnet?
as a "high end" computer security consultant i'm saddened at how many obvious things have been considered.. the most obvious of which is stuxnet which used the security findings of private industry (INL.. just a bunch of hackers working for a credible institution) and weaponized those vulns into a worm which was then used as an offensive weapon by a nation against another nation in leiu of using force.. which doesnt seem to be consistent with this answers.
pcpro should find another "expert"
By pharpsyde on 18 Jan 2011
@ storm311
Who are the "economics professors" that you are referring to?
By chapelgarth on 18 Jan 2011
@ pharpsyde
So, as a "high end computer security consultant" your opening gambit is a single example that happened in another country?
He didn't say it didn't happen, and I know you have a vested interest in making everyone scared of this (I know what "high end computer security consultant means too) but all he said was organisations at risk of cyberwar should work to secure themselves but the general risk was "overhyped".
You've said nothing to contradict that. I hope you don't charge for this level of security advice.
By steviesteveo12 on 19 Jan 2011
Hollywoood fuelled fantasy
This is just fear mongering – based on Sci-fi scenarios. The only viable Cyber weapon would be a Network of Super Computers able to crack any defences at a push of a button. But why would governments deliberately steer the world into that direction? Why invent another Weapon of Mass Destruction? There’s too much Hollywood fed fantasizing with this issue; and inadvertently they are fuelling the criminal minds and opening up possibilities and avenues - ideas for Terrorism. Also this image of the lone Super-hacker, who has magical-god-like powers when it comes to the Net, capable of knowing all the details of any individual on the planet at the press of a button – is largely a Hollywood fantasy. Most kids leaving school today are not that literate, takes some form of medication, has social dysfunction and all manner of emotional and neurological issues. They are not mentally agile to perform those stunning feats of Cyber Hackery that we often enjoy on DVDs. So that leaves organized Crime; which have the motivation and resource to do some serious damage. But governments control the equipment, surely they can make sure the “inmates” don’t get up to no-good? Monitor the hardware and software and what’s possible to do online – that’s the main way to prevent Cyber hooliganism.
By Steve_long on 20 Jan 2011
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
advertisement
