Tuesday, October 19, 2010

Cyber What?

Cyber What?

We had a short discussion recently about "cyber" labels and their meanings. The wave that has been engulfing society for the last decade, driven by Psychology "with everything" NNNOOOOWWWW!!!!  and the use of 'label-ism' phenomenon to influence us that we need/must have/do something, is now causing much confusion. 

Cybering was discussed, done and dusted, in the late 1990s early 2000, thus cybering has not just occurred as a new phenomenon. Label-ism, in the case of cybering, isn't helping its cause either when announcing cyber threats to the UK or the World (for that matter) where mistakes in the use of definitions are publicly announced. It wont help the security services to do their job - protect the Realm - if society doesn't understand what the heck is discussed.  There must be a drive from top Government (David Cameron top table people) to make a substantive effort to clarify label-ism when discussing publicly threats we are led to believe are imminent.

Discussing cyber defintions with Simon "Si" Biles, the security specialist at Thinking-Security dot com, he offered these descriptions assigned to their labels identifying possible security threats that might be engineered from within cyber space:

"There seems to have been a general mixing of the terms : cyber-warfare, cyber-terrorism & cyber-crime : the news, as is oft the way with things they don't/can't/won't understand, interchanges them without consideration.

"cyber-crime is no better or worse than it has ever been, phishing, cracking etc. are much the same as allways - there are highs and lows, but nothing particularly extreme. Of course these figures are allways exagerated by the number of crimes that are committed that have a computer used in their research/planning/excecution - but this isn't cyber-crime anymore than stealing a knife is "knife crime".

"cyber-terrorism, to take the traditional use of the word "terrorism" ( or arguably "freedom fighting" depending on where you are standing ) is the "guerrilla warfare" of the computer world - denial of service, defacements etc. For example the "Anonymous" attacks on the Copyright crowd. Where this "terrorism" impacts on the general public is few and far between - a denial of service against a particularly greedy bank might impact on a few, but in real terms, this doesn't, and is unlikely to, create problems on the scale or magnitude of a traditional terrorist attack. And again, this has been going on, much of a muchness for sometime - highs and lows - usually associated with world events - but predominantly from individuals or insignificant groups.

"cyber-warfare is a bit different, and, really hasn't been seen except in Georgia - and even then, although that was suspected to be from Russia, that was never really proved - it could as well have been from a reasonable size hacker group just stretching in a country where there was little chance of prosecution or repercussion. I guess what Greg is suggesting above is probably the worst case scenario where the internet is compromised in some way that means that businesses can't communicate funds transfers - e.g. PoS - in reality though, as "the internet" is built on a wide variety of technologies ( from many and varied manufacturers ) and is designed to be resilient in the case of nuclear war ( or not ... http://en.wikipedia.org/wiki/Arpanet#The_ARPANET_under_nuclear_attack ) the chances of "taking out the internet" for a given country are fairly limited in a cyber-warfare scenario. Infact you'd stand a better chance of taking out the internet in the UK with some more traditional arson against certain backbone sites ...

"It is this, final, threat that is both having it's bandwaggon jumped on and is being blown out of proportion. Like most things - it's exciting, so it gets a lot of press - you are more likely to be burgled, have your car stolen, be involved in a hit & run or have your pocket picked than you are to be a victim of cyber-crime. Even Identity Theft ( which is portrayed as cyber-crime) is considerably easier to achieve through a dust-bin sift than a computer. Cyber-terrorism ? I'd be delighted to sell "cyber-terrorism" insurance to anyone who wants it !

The term 'Cyber' has been discussed above in context with types of threats that could be generated using it. The discussions above do not rule out or suggest that cyber is or could be put to good use too.