Cyber War Threats are “Over-Hyped”
So says a report from the OECD.
Via the BBC: Risks of cyber war ‘over-hyped’ says OECD study
Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.
“We don’t help ourselves using ‘cyberwar’ to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks,” said Professor Peter Sommer, visiting professor at LSE who co-wrote the report with Dr Ian Brown of the Oxford Internet Institute.
“Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” added Prof Sommer.
The report acknowledged the risk of a catastrophic cyber incident, such as a solar flare that could knock out satellites, base stations and net hardware, but said that the vast majority of incidents seen today were almost trivial in comparison as they did not last long and only hit a few people or organisations.
Attempts to decide how to deal with the wide variety of potential attacks and attackers were being hampered because words used to describe incidents meant different things to different groups.
For instance, it said, an “attack” could mean phishing e-mails trying to steal passwords, a virus outbreak or a concerted stealthy attempt to break into a computer system.
“Rolling all these activities into a single statistic leads to grossly misleading conclusions,” said the report. “There is even greater confusion in the ways in which losses are estimated.”
More at the link, including links to other stories on this topic.
