Cybergeddon? Don't bet on it, say experts

Malware

by | 30 November 2012

Internet collapse is more likely to be caused by 'glorious cock-up' than nation states


Cybergeddon - the total shutdown of internet access across the planet - is much more likely to be caused by human error than an act of cyber aggression by a nation state, experts have said.

At a panel debate held at London's Imperial War Museum, security experts debated the possibility to the total collapse of the internet and whether a nation state would attempt such a move.

Rather anti-climatically they all agreed it was unlikely. That's primarily because states use the internet to their advantage, so shutting down access across the planet is rather self-defeating.

Professor Fred Piper, Head of Information Security Group at Royal Holloway University of London, used the example of the cyber attacks against Estonia as proof that Cybergeddon is possible, at least on a smaller scale. However he added it is unlikely anything larger would happen.

"If Cybergeddon is the destruction of the whole internet infrastructure I don't see anybody - and I mean anybody - having any advantage in doing that, because they will damage themselves as much as they will damage their enemy. However the attacks on Estonia could be called a local Cybergeddon," he said.

Hugh Thompson, chief security strategist at Blue Coat Systems, agreed and said launching a Cybergeddon-style attack is unlikely, even as a show of power by one nation state.

"It's a very difficult calculus to show a display of power because whenever you do you've burnt a channel that could be useful for you in the future," he said. "That's very serious when it comes to cyber; the new nuclear arms online are things like zero-day vulnerabilities and web servers that are everywhere. Once you use one of those it becomes no longer a factor. It's like the September 11th terrorist attacks - it would be very difficult for someone to pull off the same thing now."

What is much more likely is human error will result in the infrastructure of the internet collapsing, according to Paul Simmonds, co-founder of the Jericho Forum and former CISO of AstraZeneca and ICI.

He used BlackBerry's service outage in 2011 as an example of how a cascade action can cause an extended disruption.

"I see it being taken out by a glorious cock-up rather than anything state-sponsored. Look at what happened to BlackBerry - it was taken down by a faulty router. Or there is a software upgrade that goes wrong," he said.

"It has a cascade action. Systems are so complex these days that often people don't understand how they work," Simmonds added. "I think you are more likely to see the DNS root servers taken down by a cascade action by a botched router upgrade."

"With any kind of cascade action it's the law of unintended consequences. The internet probably has all your water and electricity systems and controls your nuclear reactors. If you overload and takedown that infrastructure you take down the world. You will never be able to confine it to, say, just China," Simmonds concluded.

The panel agreed that Cybergeddon and the cyber wars in general should not be looked at in isolation but instead as part of the theatre of war where it could be used to disrupt communication services, for example.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

746 people like this.
0 people follow this.

Malware Intelligence

Suppliers Directory

  • SDL Tridion - Web Content Management Solutions

    SDL Tridion is a global leader in Web Content Management (WCM) solutions.

  • Neverfail Overview

    The Neverfail Group is dedicated to creating a world where business applications are continuously available. High Availability, Disaster Recovery...

  • Qualys - IT security risk and compliance solutions

    Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...

  • Capscan

    Capscan is a leading supplier of international address management solutions and data integrity services. Capscan has more than 1800 customers...


See more
Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.