A Near Miss

I’m sitting here trying to write a report. It has a rather dry title: ‘Confidence in the Computing Environment and its Implications for Public Sector Strategy and Security Policy’. It doesn’t quite have the pace of Andy McNabb or even Tom Clancy and to tell the truth, I seem to have found rather more villains than heroes hidden in the text, which is only to be expected, as month by month, confidence appears to decline as the incidence of attack, on all systems, continues to increase.

Today, The Wall Street Journal is running a story on how Al Qaeda subverted the Internet but it comes as no great surprise to anyone who has been tracking the security advisories over recent weeks and months. You see, the evidence suggests that hacking and all the many different forms of information crime, cybercrime if you like, has become increasingly politicised over the last twelve month and increasingly so since the escalation of violence on the West Bank in April. The Internet is now emerging as a cheap and powerful delivery system, capable of great disruptive power over long distances and with minimal risk to any individual or group, wishing to illustrate the strength of its argument with direct confrontation against companies or governments.

So, you say, the keyboard is replacing the Kalashnikov, well…?

Retreating into the world of fiction, this is possibly true where the communications infrastructure is concerned. Parachute a few skilled Al Qaeda sympathisers into selected jobs in the Internet, finance or telecoms sector and I’m sure the result could be quite interesting and along the lines of a Tom Clancy novel that had the New York stock exchange crippled by the introduction of rogue worm code at a pre-determined moment.

Will the terrorists become Internet-savvy and come after our critical infrastructure? It’s always possible but I rather suspect that the Web doesn’t offer the noisy, high-impact visual attention that groups, such as Al Qaeda crave. Instead I think that much of this new political dimension and its effect, will remain broadly regional, as with the Islamic, ‘Iron Guards’ hammering Israeli websites and the Taiwanese and the mainland Chinese hacker groups, slogging-it-out in cyberspace.

As its going to take at least another two more years before the example of Microsoft’s ‘Trustworthy Computing’ strategy really starts to have a pull-through effect on information security at all levels, it’s my guess, from looking at figures and running a quick, ‘back of a matchbox’ risk analysis, that at the current rate of incident growth, we should reasonably expect an Internet equivalent of the Titanic to occur somewhere within the next twelve to eighteen months. Whether this could be the consequence of some kind of political motive or whether it’s simply a malicious experiment is broadly irrelevant but like some steadily approaching asteroid threat, there’s very little chance of preventing the inevitable impact or at the very least, a near miss.

And like September 11th, we will probably regard the question of Internet security in before and after terms as a consequence.

How confident are you in the computing environment?

Comments

Popular posts from this blog

The Nature of Nurture?

Civilisational Data Mining