Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organisation for Economic Cooperation and Development (OECD) says in a report.
The study, part of a wider OECD project examining possible “Future Global Shocks” such as a failure of the world’s financial system or a large-scale pandemic, said there were very few single “cyber events” that could cause a global shock. Examples were a successful attack on one of the technical protocols on which the Internet depends, or a large solar flare that wiped out key communications components such as satellites.
But it said a combination of events such as coordinated cyber attacks, or a cyber incident occurring during another form of disaster, should be a serious concern for policy makers. “In that eventuality, ‘perfect storm’ conditions could exist,” said the report, written by Professor Peter Sommer of the London School of Economics and Dr Ian Brown of Britain’s Oxford University. Governments are increasingly emphasising the importance of cyber security.
The United States is preparing for cyber conflict and has launched its own military cyber command. Britain last October rated cyber attacks as one of the top external threats, promising to spend an extra 650 million pounds on the issue. Meanwhile, emerging nations such as China and Russia are believed to see it as an arena in which they can challenge the United States’ conventional military dominance.
The Stuxnet computer worm – which targets industrial systems and was widely believed to be a state attack on Iran’s nuclear program – is seen as a sign of the increasing militarisation of cyberspace. The New York Times reported on Saturday that the worm was a joint US-Israeli effort and had been tested at Israel’s Dimona nuclear plant.
The OECD study concluded that cyber attacks would be ubiquitous in future wars, and that cyber weaponry would be “increasingly deployed and with increasing effect by ideological activists of all persuasions and interests. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services,” the report said. But it concluded that a true “cyberwar,” fought almost entirely through computer systems, was unlikely as many critical systems were well protected and the effects of attacks were difficult to predict, and so could backfire on the assailants.
Brown said adopting a largely military approach to cyber security was a mistake, as most targets in the critical national infrastructure, such as communications, energy, finance and transport, were in the private sector.