A few years back, when the term ‘InfoWar’ was coined everything we read was about the horrors of an Information Warfare meltdown. We heard how the sky, this time, truly was falling. Today, information warfare, no longer capitalized, is a fact of life and not particularly dramatic anymore.
The latest threat hanging over our head is Cyber Terror. Ever since William Gibson coined the term ‘cyberspace’ in his 1984 novel Neuromancer, we’ve seen a steadily increasing body of ‘cyber’ jargon. But the simple fact is that the sky is no more falling than it was when first we met InfoWar years back.
First, there is little agreement on what, exactly, cyberterror really is. Could you kill large numbers of people with computers? Possibly, but not likely. Doomsday scenarios to the contrary, mass destruction of human life with all the accompanying instant drama that terrorists strive for would be pretty hard to get, given the state of the internet. When massive worm infections, even the fast-moving SQLSlammer, hit the internet there was concern, even panic, in some sectors, but we solved the problem and most organizations will tell you that the worm(s) did not wipe out their business, people by the thousands did not die and, eventually, life returned to normal.
Second, mavens have been predicting a “digital Pearl Harbor” for years. While technologically that certainly is possible, it has yet to materialize. So why the big noise?
We should understand where the risks really lie. I see a couple of credible problem areas. First, the use of cyberattacks as an amplifier in a hard terror attack is a real concern. If every computer system in Manhattan was killed at the same time as planes were flying into the twin towers, the ensuing chaos would have been multiplied considerably. This means that we need to design resilience and redundancy into critical systems.
Second, we should go back to the boring concept of information warfare. Info war is something we live with every day in both the corporate and non-corporate worlds. It means defending our assets and, if you’re so inclined, compromising our competition’s. While I don’t advocate the later, since I don’t make the rules, I suggest you practice the former.
Peter Stephenson, PhD, CISSP, CISM, FICAF, is associate director of research and information assurance at the Center for Regional and National Security, Eastern Michigan University.