Monday, January 17, 2011

Reducing systemic cybersecurity risk

The OECD has today published a study by myself and Prof. Peter Sommer on Reducing Systemic Cybersecurity Risk:
The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.

Coverage in the Guardian, Metro, World Service, BBC News, Daily Telegraph, Computer Weekly, FT, Register, New Scientist, Wall Street Journal, Radio 4 Today and (my favourite so far), the New York Times:

Prophets of Internet-borne Götterdämmerung have gotten even more breathless since the publication of “Cyber War” last year. They describe China’s alleged hacking campaign against Google and the campaign by “hacktivists” against foes of the anti-secrecy Web site WikiLeaks, as the opening acts…

Nonsense, say two academics in a study commissioned by the Organization for Economic Cooperation and Development. The report, to be released Monday, argues that doomsayers have greatly exaggerated the power of belligerents to wreak havoc in cyberspace. It is extremely unlikely that their attacks could create problems like those caused by a global pandemic or the recent financial crisis, let alone an actual shooting war, the study concludes.