This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Report claims that the use of cyber weaponry will shortly become 'ubiquitous', as threats increase but with no cyber war on the horizon

Share this article:

Claims made that there will never be a true cyber war but better user education is needed of exploits.

According to a report by the Organisation for Economic Co-operation and Development (OECD), named ‘Reducing Systemic Cybersecurity Risk', very few single cyber-related events have the capacity to cause a global shock, but governments need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate.

Authors Professor Peter Sommer of the LSE and Dr Ian Brown of Oxford University's internet institute said that there are ‘significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services'.

The 120-page report determines that incidents of cyber security, such as malware, distributed denial-of-service, espionage and the actions of cyber criminals, will be both relatively localised and short-term in impact. Successful prolonged cyber attacks need to combine attack vectors that are not already known to the information security community and thus not reflected in available preventative and detective technologies.

They also need to combine: zero-day exploits; careful research of the intended targets; methods of concealment both of the attack method and the perpetrators; and the ability to produce new attack vectors over a period, as current ones are reverse-engineered and thwarted.

It also said that ‘analysis of cyber security issues has been weakened by the lack of agreement on terminology', as rolling all activities into a single statistic leads to ‘grossly misleading conclusions'. It concluded that ‘there will never be a true cyber war' because many critical computer systems are protected against known exploits and malware so that designers of new cyber weapons have to identify new weaknesses and exploits. However, the deployment of cyber weapons is already widespread in use and in an extensive range of circumstances.

In its conclusion, the report said: “There will never be enough policing resource to investigate all computer-related criminal attacks. The public will have to continue to learn to protect itself and that suggests a strong argument for some public funding for relevant user education.

“Many cyber attacks depend on the use of compromised personal computers. Improved public understanding of security therefore benefits governments as well as individuals and makes the task of the attacker more difficult. As with other forms of hazard where large sections of the public are likely to be affected, education is needed to help citizens appreciate that while the risks and the damage from them cannot be eliminated, they can very often be managed.”

Terry Pudwell, director and joint founder of Assuria, said that he agreed largely with the main conclusion in that the cyber attack threats are much less to do with military systems and more to do with possible attacks on critical national infrastructure and major economic systems.

He said: “Of course, the military and government urgently needs to protect itself, but I think most attackers know that there are much softer targets available in the private sector which is driven more by profit motives than protecting itself from unknown attackers.

“One of the biggest differences between real warfare and cyber warfare, in my opinion, is that with cyber warfare the victim organisation is rarely even aware of the fact that it has been attacked, at least for some time. Assuria solutions are designed to help with hardening systems but also to track and monitor critical user and system activity from all over the network and wherever possible to automatically analyse and alert on potentially suspicious activity.”

Alan Bentley, SVP international at Lumension, said: “The threat of a malicious cyber attack is not a new concept. However, the materialisation of state-sponsored cyber attacks will raise the threat level in many government and private organisations. The challenge is how they tighten their defences, in line with the raised threat level, whilst remaining nimble and productive.

“The thinking needs to switch from allowing everything in until it is proved to be bad to preventing anything from coming in unless it is proved to be good. Malware and unwanted or unlicensed software needs to be prevented from executing on the computer network – ensuring that we can keep the bad guys out.”

Robert Chapman, CEO of Firebrand Training, said: “It is becoming more apparent that an ethical hacker's job is beyond protecting their company's interests. They are protecting the safety and financial interests of the whole nation.

“The government has clearly indicated that it intends to tackle the very-real threat of cyber attacks head-on. A key enabler for this is to introduce more ethical hackers, but surely we would prefer an ethical hacker to find a vulnerability in our IT systems before a terrorist does.”

“In today's world of natural and terrorist disasters, we cannot afford for IT systems to fail. Imagine an incident, where the emergency services can't be contacted, or safety processes can't be initiated. It's unthinkable.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.