True cyber war unlikely to ever happen: OECD

Though use of cyber weaponry will shortly become ubiquitous

The Organisation for Economic Co-operation and Development (OECD) has concluded that while cyber security is a real risk for governments around the world, the likelihood of a true cyber war to occur is low.

Detailing the risks of cyber security in a recent study, the OECD concluded cyber wars were complex to carry out with prolonged cyber attacks needing to combine, while new attack vectors would need to be created as current ones were reverse-engineered and thwarted.

A lack of control when deploying a cyber attack could also lead governments to think twice before launching a cyber war.

“The effects of cyber attacks are difficult to predict – on the one hand they may be less powerful than hoped but may also have more extensive outcomes arising from the interconnectedness of systems, resulting in unwanted damage to perpetrators and their allies,” the study reads.

While many critical government computer systems were reasonably well protected against known exploits and malware, the deployment of cyber weapons — such as hacking, viruses, worms, trojans, denial-of-service, distributed denial of service using botnets, root-kits and the use of social engineering — was already widespread and their use has been extensive.

“It is a safe prediction that the use of cyber weaponry will shortly become ubiquitous,” the study reads.

Compounding the risks around cyber attacks, the study argues that efforts to analyse national cyber security issues have been weakened by the lack of agreement on terminology and the use of exaggerated language.

“An ‘attack’ or an ‘incident’ can include anything from an easily-identified ‘phishing’ attempt to obtain password details, a readily detected virus or a failed log-in to a highly sophisticated multi-stranded stealth onslaught,” the study reads.

“There is even greater confusion in the ways in which losses are estimated. Cyber espionage is not a ‘few keystrokes away from cyberwar’, it is one technical method of spying.

“A true cyberwar is an event with the characteristics of conventional war but fought exclusively in cyberspace.”

However, the OECD study puts forward a number of recommendations for governments in addressing cyber attacks, such as a focus on improving the resilience of networks, preventative measures and detailed contingency plans to enable rapid recovery when an attack succeeds.

According to the study, governments should also encourage the widespread ratification and use of the Convention on Cybercrime and other potential international treaties, support end-user education, and use their procurement power, standards-setting and licensing to influence computer industry suppliers to provide properly tested hardware and software.

The development of specialist police and forensic computing resources should be extended, and support for the international Computer Emergency Response Team (CERT) community increased.

“Attempts at the use of an Internet Off Switch as discussed in the US Senate and elsewhere, even if localised, are likely to have unforeseeable and unwanted consequences,” the study reads.

Follow Tim Lohman on Twitter: @tlohman

Follow Computerworld Australia on Twitter: @ComputerworldAU

Tags OECDcyber warsecuritycyber security

More about CERT AustraliaComputer Emergency Response TeamOECD

1 Comment

Louis Leahy


It is stated in the article that many critical government computer systems were reasonably well protected against known exploits however this is not the case. Currently all systems both private and public use traditional user name and password topologies that are the subject of the attacks highlighted in the article. The report is quoted as stating they will become ubiquitous when in fact they already are. The report appears to imply, and we strongly agree, that it is going to get worse. This is logical as the know how to commit these crimes is becoming more widespread and society’s dependence on computerised systems is increasing which presents more opportunities for the nefarious. According to the Verizon 2010 Breach Report the attacks which are most damaging are those that result in successful access to the network ie malware, hacking, trojans, traitorware, phishing, vishing, smishing and spearphishing. Currently the only solution on the market that will be effective in protecting a network against these attacks initiated from client devices is Armorlog's VPCSML Authentication. While dangerous DoS, worms and viruses were not reported as having sustained as much damage perhaps because they are in effect vandalism and not designed to gain access to the network and execute fraud. They may leave a trail to the perpetrator and a consequent risk of detection without any potential reward may perhaps be a deterrent also and they have been more prominent for longer and as a consequence there are very good vendor products to assist with protecting against them. However the stuxnet worm attack on Iran (see Computerworld 18-1-11 article no. 373619) is a clear indication that nothing can be taken for granted and those that sit back and do not take active steps to test new solutions are doing so at their own peril. We have written to every major software and hardware vendor, every major bank and their associations, the US, UK and Australian Governments and every major media outlet on the globe about the innovation we have developed for these particular attacks and to date with the exception of a handful of independent media sites, IDG Connect (a Computerworld sister publication), Digital River who have agreed to distribute our product, some support from a few clued up executives in Industry & Investment NSW and Austrade, some moral support from a very intelligent Professor Hamid Arabnia from University of Georgia and some Oracle executives we have received no support in our endeavour. In time history will judge who is asleep on the job and who has the conviction and ideas to address these problems. While we are being ignored in our endeavour to garner that support people continue to be, tricked, cheated, defamed and defrauded and confidence in internet based commerce and communications is being severely eroded to such an extent that as highlighted in your story in frustration some people are arguing that the answer is to switch off the internet.

Comments are now closed

Payment Adviser finds value in desktop-as-a-service