HDTV/3D TV News
Towards the end of last year, we heard speeches from GCHQ and a government minister which stressed the need for robust cyber-defences.
Spending on the UK’s cyber-security has remained a priority despite cuts, with GCHQ Director Iain Lobban claiming that there’s a very real threat to critical national infrastructure from cyber-terrorism.
Defence Minister Nick Harvey even compared a laptop to a cruise missile in terms of future weaponry.
But according to a report on the Register, the idea of a fully fledged “cyber-war” – a conflict waged online – is a misleading one.
The Organisation for Economic Cooperation and Development has conducted a study which concluded that the hype around cyber-war is an errant focus when it comes to our nation’s cyber-defences.
The OECD reckons that it’s most unlikely that there will ever be a pure cyber-war, and that this suggestion is currently pushed forward by suppliers who stand to gain from the concept.
The Register quotes the conclusion of the study: “It is unlikely that there will ever be a true cyber-war. The reasons are: many critical computer systems are protected against known exploits and malware so that designers of new cyber-weapons have to identify new weaknesses and exploits; the effects of cyber-attacks are difficult to predict – on the one hand they may be less powerful than hoped but may also have more extensive outcomes arising from the interconnectedness of systems, resulting in unwanted damage to perpetrators and their allies. More importantly, there is no strategic reason why any aggressor would limit themselves to only one class of weaponry.”
The problem with the over-reaction to the threat of cyber-war is that it’s apparently hampering the response to real threats like today’s denial of service attacks. This sort of action is likely to go hand-in-hand with conventional warfare in future conflicts.
Because there’s such a broad definition of what a “cyber-attack” is – a simple phishing mail for example – this has inflated statistics falsely and led to dangerously errant conclusions.
One of the authors of the OECD study, Dr Ian Brown, told the Register: “We think that a largely military approach to cyber-security is a mistake. Most targets in the critical national infrastructure of communications, energy, finance, food, government, health, transport, and water are in the private sector. Because it is often difficult to be certain who is attacking you from cyberspace, defence by deterrence does not work.”
The view of the OECD is that planning for swift recovery from disasters or major attacks is a better route to take than treating cyber-security as a conflict between attackers and defenders.
Just don’t say crap about other countries and then you don’t need to worry about getting caught out.