Two major recent attacks on the Internet give us just a hint of what to expect if/when our economic and financial infrastructures are hit by different attacks at once.
Cyberbunker – not a Chinese – but a Dutch webhosting company generated the largest global distributed denial of service (DDoS) attack on the spam filtering company, Spamhouse.
What is said to be a dispute between Cyberbunker and Spamhouse caused the global disruption of Internet services, which according to the Moscow based Kaspersky Lab, is going to get worse. “Such DDoS attacks may affect regular users as well, with network slowdown or total unavailability of certain Web resources…There may be further disruptions on a larger scale as the attack escalates.”
In different kind of attack was committed by three men just 820 yards offshore Alexandria, Egypt. They were caught cutting the 12,500 miles long South East Asia-Middle East-West Europe 4 (SEA-ME-WE 4) cable that goes from France to Singapore. Internet services were disturbed in Italy, Algeria, Tunisia, Egypt, United Arab Emirates, Saudi Arabia, Sudan, Uganda, Kenya, Tanzania, Malaysia, Thailand, Bangladesh, India, Sri Lanka and Pakistan.
Judging by the ease by which both attacks have been carried out, it is clear that physical and cyber security are wanting, and that preparedness for a combined attack is lacking. It seems that such an emerging threat is too complex or not yet fully understood, thus leaving us unprepared.
A major obstacle that hinders the development of proper security measures, especially on the cyber front, is the timidity of affected companies to admit they have been attacked. There is also a tendency to minimize the threat; short temporary disruptions are attributed to glitches in the system until a massive attack is undeniable. Such obstructions render ineffective the supposed close monitoring of misuse, or unlawful conduct in financial and economic sectors.
The weapons of this new war are not as easily identifiable as Korean ballistic missiles, or Iranian nuclear powers.
They can be used instantaneously or incrementally over time and be hardly noticed. Even when sporadic attacks are noticed, analytical methods may fail to recognize the potential of a large-scale attack, or the perpetrators. However, difficulties in establishing identification and lack of cooperation prevents decision makers from developing better detection and prevention systems, or advanced methods to respond to them.
This new economic warfare presents a nascent threat in complex areas that challenge analysis and identification. While at first our streets will not be littered with bodies as with a nuclear attack, a stealth attack on our economic, financial and communication channels, could in short time destroy the U.S. economy and devastate its people. Perhaps it’s time to rethink our mostly Digital dependent economy.
Further Reading:
Sensitive information must be kept secret
Services join forces to fight cyber crime
Growing Business Dependence on the Internet, Business Roundtable, 2007 (could have been written today).