OECD states impact of cyber attacks will be localised and short-lived
Despite being one of the hot topics in information security during 2010 it is unlikely we will ever see a true cyber-war, according to a report from The Organisation for Economic Cooperation and Development (OECD).
However the study goes on to say that a ‘perfect storm’ created by the combination of a terrorist attack or natural disaster at the same time as a cyber-attack could lead to widespread damage.
The report, authored by Professor Peter Sommer of the LSE and Dr Ian Brown of the Oxford Internet Institute, claims computer systems are protected against known exploits and malware, meaning attackers hoping to launch cyber-war will have to identify new weaknesses and exploits. The report also states that there is no strategic reason why an attacker would limit themselves to only one class of weaponry. A true cyber-war is shares the characteristics of a conventional war, but is fought entirely in cyberspace, the authors state.
Any trouble caused by cyber attacks is likely to be localised and short-lived, according to the report. "Few single foreseeable cyber-related events have the capacity to propagate onwards and become a full-scale ‘global shock’," the report reads.
However this does not mean the threats from cyber attacks should be underestimated, the report says. A combination of events – such as two different cyber-events occurring at the same time, or a cyber-event taking place during some other form of natural disaster or terrorist attack – has the potential to create a "perfect storm", which could, "generate a great deal of harm and financial suffering," the study claims.
The report’s authors also criticised the language used to describe cyber attacks, and said a lot of the hyperbole could be doing more harm than good. "We don’t help ourselves using ‘cyber-warrrr’ to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks," said Sommer, according to the BBC.
"Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure," he added.
Governments, "need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate," the reports recommends.
"As we inevitably start seeing more targeted cyber attacks similar to Stuxnet, governments will need to focus their resources on separating the politically motivated cyber-attacks that compromise critical information from smaller, individual website defacements and other such acts," said Mark Darvill of security firm AEP Networks.
"By separating the wheat from the chaff and focusing on where the real threats lie, governments and enterprises will be able to ensure that their efforts are aligned with how to prevent the most disruption," Darvill concluded.