Monday, January 17, 2011

Reducing systemic cybersecurity risk

The OECD has today published a study by myself and Prof. Peter Sommer on Reducing Systemic Cybersecurity Risk:
The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.

Coverage in the Guardian, Metro, World Service, BBC News, Daily Telegraph, Computer Weekly, FT, Register, New Scientist, Wall Street Journal, Radio 4 Today and (my favourite so far), the New York Times:

Prophets of Internet-borne Götterdämmerung have gotten even more breathless since the publication of “Cyber War” last year. They describe China’s alleged hacking campaign against Google and the campaign by “hacktivists” against foes of the anti-secrecy Web site WikiLeaks, as the opening acts…

Nonsense, say two academics in a study commissioned by the Organization for Economic Cooperation and Development. The report, to be released Monday, argues that doomsayers have greatly exaggerated the power of belligerents to wreak havoc in cyberspace. It is extremely unlikely that their attacks could create problems like those caused by a global pandemic or the recent financial crisis, let alone an actual shooting war, the study concludes.

6 comments:

David Betz said...

Terrific report. Very sensible. But the tone of the Metro article is really out of kilter with what you actually said which was to emphasize the difficulty of such a thing being engineered.

Ian Brown said...

Thanks David. You're quite right - it's a shame the Metro journalist didn't talk to us before writing this article.

David Betz said...

Indeed. Nice example of the tremendous hype about this subject though. Two level-headed experts attempt to put the thing in perspective; to say, in a nutshell, 'chill out', and the media reports it as 'freak out!' That said the NYT coverage is great and who relies on the Metro for news anyway?

Tom said...

It's worth noting that the "perfect storm"/"global catastrophe" angle that Metro and the Daily Telegraph took was derived from the story that the Press Association put out about it - which has the opening line 'Co-ordinated attacks on critical computer systems could create a perfect storm with "catastrophic" global effects, a study found today.'

Mister McGoo said...

But, lets keep this in perspective. There is a lot of "fear mongering" going on in these articles. The language is over the top.
Sure, the internet is a vital to world commerce. But we survived without it for thousands of years. If it goes, we'll adapt.

Vish said...

all of the cybergeddon thing is total rubbish. It's been going on for years. Especially back in the day with the big virus outbreaks and how many hundreds of millions of dollars of damage they caused, when in fact they didnt do that much. It's basically lazy journalism and nothing more. The Metro article this morning was laughable