[Infowarrior] - Apocalypse in Cyberspace? It’s Overdone

Mon Jan 17 16:15:59 CST 2011

http://www.nytimes.com/2011/01/17/technology/17cache.html

January 16, 2011
Apocalypse in Cyberspace? It’s Overdone

By ERIC PFANNER

PARIS — The Web site Cyberwarzone.com lists 270 books about Internet crime and warfare. In one of the highest-profile examples, “Cyber War: The Next Threat to National Security and What to Do About It,” Richard A. Clarke, the former U.S. counterterrorism chief, and Robert K. Knake of the Council on Foreign Relations, describe a digital “Day After” in which large parts of the U.S. transportation, energy and communications systems have been wiped out by Internet-borne attackers, leaving the authorities struggling to maintain control and consumers scrambling for food.

Prophets of Internet-borne Götterdämmerung have gotten even more breathless since the publication of “Cyber War” last year. They describe China’s alleged hacking campaign against Google and the campaign by “hacktivists” against foes of the anti-secrecy Web site WikiLeaks, as the opening acts.

Is a cyberwar already under way and, if so, could it really cause destruction on the scale portrayed by Mr. Knake and Mr. Clarke?

Nonsense, say two academics in a study commissioned by the Organization for Economic Cooperation and Development. The report, to be released Monday, argues that doomsayers have greatly exaggerated the power of belligerents to wreak havoc in cyberspace. It is extremely unlikely that their attacks could create problems like those caused by a global pandemic or the recent financial crisis, let alone an actual shooting war, the study concludes.

“You have this sort of competition between writers to say, ‘I have a scarier story than you do,’ ” said Peter Sommer, a visiting professor at the London School of Economics, who wrote the report with Ian Brown, a senior research fellow at the Oxford Internet Institute, part of Oxford University. “If you look at the way it is covered, the computer scare story of the week, you might get the sense that such a disaster is just around the corner.”

In fact, the report says, “It is unlikely that there will ever be a true cyberwar.”

Mr. Sommer and Mr. Brown are not the first to protest against adoption of a Clausewitzian framework to describe international affairs in the digital world.

Howard A. Schmidt, President Barack Obama’s chief cybersecurity adviser, told Wired magazine last year that “there is no cyberwar.”

“I think that is a terrible metaphor and I think that is a terrible concept,” he said. “There are no winners in that environment.”

In their research, Mr. Sommer and Mr. Brown modeled a variety of outcomes for a possible conflict, including digital strikes against critical operations like banks, utilities and air traffic control systems. In most cases, in the economically advanced countries represented by the O.E.C.D., they determined that such organizations could recover within days, if not hours, preventing the “cascading” of problems that would lead to widespread destruction.

Yes, they acknowledged, governments are training their spooks to use the Internet for espionage purposes. Why wouldn’t they? James Bond was not the only spy to deploy hidden cameras, audio bugs and other, more fantastical tools of the trade — wow, ejector seats and revolving license plates! — when they were developed.

The Internet, to be sure, is a particularly souped-up Aston Martin. But some of the tools recently employed by alleged cyberwarriors have a vintage feel to them. Mr. Sommer decries the use of “lurid, bellicose” language to describe the exploits of hackers who unleashed so-called distributed denial of service attacks against foes of WikiLeaks, after its release of thousands of secret U.S. diplomatic cables.

“There is nothing new in what the hacktivists are doing,” Mr. Sommer said. “It really should not be exaggerated. It’s really more like the kind of thing Greenpeace does.”

“We have to get used to the fact that popular protests, as well as skirmishes between nations, are going to have a cyber dimension,” he added. “Some people say cyberespionage is just a few clicks away from cyberwar. It’s not; it’s just another way of spying.” 

-------------------------------------------------------

Peter Sommer and Ian Brown, "Reducing Systemic Cybersecurity Risk," OECD, Paris, 14 January, 2011:

http://www.oecd.org/dataoecd/3/42/46894657.pdf