Tuesday, 4 March 2008

The Cyber Warfare Risk to Business

Businesses are relying on the Internet more than ever, whether it’s sales through an e-Commerce website, or low cost “site to site” communications by way of Internet VPNs, Email communications or general web information gathering/distribution, there are many businesses which just can’t “do” without the Internet for a sustained period of time. In my view businesses are very complacent with their reliance on the Internet, and don't have plan B, should worst happen.

Sure the Internet was originally developed to withstand a World War III nuclear attack, but businesses which heavily rely on the Internet to conduct business, should be wary of a new wave of Cyber Warfare threats as we progress into the 21st Century. The fact is there are individuals, criminal gangs and even governments and terrorist organisations which have the ability to take down websites, and effect geographic parts of the Internet, even a slow down of Internet traffic in a specific region can have a financial impact on a business, consider a VPN to an offshore call centre for example.

Recently Pakistan ISPs by the way of the Pakistani government killed the YouTube website to the entire world for two hours on political grounds, which is extremely alarming, considering Google owned YouTube is one of the world’s most visited websites, and has extensive resilient networking infrastructure supporting it, designed to take the heaviest volumes of Internet traffic. This incident was caused by simply messing with the Internet Routers (which direct Internet traffic), namely their dynamic routing tables, which can be achieved due to the security weakness of the BGP routing protocol.

Interestingly in recent weeks we seen several ocean comms cables “going down” in the Middle East region, which is putting a strain on Internet Traffic in that part of world. Some say it's too much of co-incidence and considering the political issues of that region of the world, it wouldn’t be surprising if a government or some sort of foul play was behind it.

Last year we saw the almost state sponsored Cyber Attack on Estonia by Russia which had a dramatic negative effect on Estonia e-Commerce websites amongst things. We also saw the US accusing China of state sponsored hacking on several ocassions, one of these alleged attacks forced the US government to take offline several Internet based systems. Then there are the criminal gangs which have built up huge bot-networks in recent times, these botnets can be used to take down business e-Commerce websites with a Distributed Denial of Service (DDoS) attack.

I’m not going to try to quantify these risks to business, but I can definitely see a trend here, whether such attacks are Politically motivated, Fraud Financial motivated, or an Electronic Jihad, I don’t think it will be too long before there are more examples of these sorts of attacks making the headlines and effecting Internet reliant businesses. In the meantime I think it is a valid and interesting question to pose to any business, what would the impact and financial cost be, should their Internet access be cut for even a few hours.


Anonymous said...

I love your work on cyber warfare and I found some other work I find equally as good by Kevin Coleman. Why don't you two collaborate and realy put the nation on the right course?

Anonymous said...

I dont think the Pakistan Government was trying to kill Youtube but to stop access to youtube in Pakistan - an over-reaction to minor annoyance i think reather then anything practical. What happend was not supposed to happen and shows how fragile the net is generally, I think arstechnica.com did a good piece on it.
Most of the middle east problem you mensioned has probably more to do with bad infrastucture then anything else.

Anonymous said...

The risk of cyber warfare is real and the likelihood of a major incident is increasing. I was at a presentation by Kevin Coleman, he is one of the top cyber warfare subject matter experts in the US and he showed the data about current threats and forecasted the most likely scenarios of attacks. We are way behind and can't rely on the government to do everything.