The true threat of cyber warfare
We have all seen films involving cyber warfare; an army of super nerds engaging in technological wizardry that destroys entire countries' technological infrastructure. But how realistic are the implications and possible targets for such an act?
Recently it has been widely publicised that the UK, US, China, Russia and many other countries are beginning to arm themselves with full cyber warfare departments, ready to use the power of the internet against any aggressor. There have already been several alleged attacks in the media against the US, Britain and Georgia but how realistic is a future full scale cyber war?
Almost certain is the answer. Any future war will begin with or consist of a full scale cyber attack. The goals would not be to cause death but to knock out supporting infrastructure and communications ready for the physical assault.
So what would a cyber attack consist of?
Phase One: First of all the aggressor will target communications and media. They will ensure that citizens of that country will not have a reliable method of being informed of what is occurring. This means that media companies will find their websites knocked off the internet, as well as their actual infrastructure compromised to ensure that journalists reporting the stories will not have a reliable method of sending in information. Mobile and phone networks would also be targeted, further effecting lines of communications.
Phase Two: Financial services and utility services would be hit, the stock exchanges and several key regional banking and stock exchanges are likely to be hacked and altered. Utilities normally have independent systems not connected to the internet to control those services, though this is steadily changing. Commonly a more physical attack is required to knock out power, gas and water.
Phase Three: This would involve a full attack on all government and remaining services. For example, an attack on the HMRC website during a year end period would be devastating. Attacks would also include defense and general communications, emails and any other service that allows the government to operate efficiently and effectively.
The frightening part of this is that it is increasingly likely that SME businesses would be widely compromised and potentially used to attack their own country. Larger businesses commonly have information security professionals to protect them, though smaller businesses do not. This allows the cyber warfare aggressor to use the country's own technological resources against itself. Alongside the general confusion and fear, the business being exploited would probably not be able to use its own technology and would not be able to operate efficiently.
Protecting yourself and your business from the effects of a cyber war are next to impossible because of the ferociousness of the attack against internet attached infrastructure. However, the following checklist is advised:
1. Ensure you engage an information security professional on a regular basis to test, recommend and assist in securing your business especially if you are an SME
2. Ensure you have 'defense in depth' protective technology for email, firewalls, antivirus software and regular patching of systems and services
3. Business continuity and disaster recovery are key. Plan, test and maintain
4. Don't panic, and don't be afraid to turn off the internet to preserve your business.
James Rees, Managing Director, Razor Thorn Security
