April 2017 Digital Edition
March 2017 Digital Edition
Feb. 2017 Digital Edition
January 2017 Digital Edition
Nov/Dec 2016 Digital Edition
Oct 2016 Digital Edition
Well-aimed cyber attacks could cause global shock, study says
Well-coordinated cyber attacks around the world could cause a “full-scale global shock” on a huge scale similar to collapsing financial structures, pandemics, long-term pollution and other mega disasters, but the threat of such attacks is currently not very high, according to a study released by the Organisation for Economic Co-operation and Development (OECD).
The OECD’s study, released Jan. 17, said countries should make contingency plans for simultaneous cyber attacks and recovery from such attacks.
"What should concern policy-makers are combinations of events – two different cyber-events occurring at the same time, or a cyber-event taking place during some other form of disaster or attack," the report said. "In that eventuality, 'perfect storm' conditions could exist."
The report--part of Paris-based OECD’s wider study of Future Global Shocks--didn’t find much evidence for imminent coordinated cyber attacks, however. It said "few single foreseeable cyber-related events have the capacity to become a full-scale global shock".
Nevertheless, computers, computer networks and telecommunications services remain particularly at risk, it said. The Internet’s “underlying technical protocols” like Border Gateway Protocol which determines routing between Internet Service Providers is vulnerable to attack. The attacks on telecommunications networks, said the study, can come from outer space and nature herself in the form of “very large-scale solar flare which physically destroys key communications components such as satellites, cellular base stations and switches,” it said.
The study said everyday cyber security threats, like “malware, distributed denial of service, espionage, and the actions of criminals, recreational hackers and hacktivists,” the impact “will be both relatively localized and short-term in impact.”
A successful cyber attack needs exploit unknown entryways and vulnerabilities. It has to use “attack vectors which are not already known to the information security community and thus not reflected in available preventative and detective technologies, so-called zero-day exploits; careful research of the intended targets; methods of concealment both of the attack method and the perpetrators; the ability to produce new attack vectors over a period as current ones are reverse-engineered and thwarted.”
The report said the recent Stuxnet attack apparently used against Iranian nuclear facilities “points to the future but also the difficulties.” Attacks could also be likely for financial gain. “In the case of criminally motivated attacks: a method of collecting cash without being detected,” it said
Cyber war is unlikely, said the report, because critical computer infrastructures are protected against know exploits and malware, so cyber weapons designers have to work to find new ones. The results of a cyber war are also unpredictable, it said. “On the one hand they may be less powerful than hoped but may also have more extensive outcomes arising from the interconnectedness of systems, resulting in unwanted damage to perpetrators and their allies. More importantly, there is no strategic reason why any aggressor would limit themselves to only one class of weaponry,” it said.
Despite the uncertainty, cyber weapons are already in “widespread use,” it said, through unauthorized access to systems viruses, worms, trojans, denial-of-service, distributed denial of service using botnets, root-kits and the use of social engineering. The use of those techniques has lead to compromise of confidentiality / theft of secrets, identity theft, web-defacements, extortion, system hijacking and service blockading. “It is a safe prediction that the use of cyber weaponry will shortly become ubiquitous.”