[ISN] Cyber-Scare - The exaggerated fears over digital warfare

From: InfoSec News <alerts_at_private>
Date: Thu, 25 Jun 2009 02:47:40 -0500 (CDT)

By Evgeny Morozov
Boston Review
July/August 2009

The age of cyber-warfare has arrived. That, at any rate, is the message 
we are now hearing from a broad range of journalists, policy analysts, 
and government officials. Introducing a comprehensive White House report 
on cyber-security released at the end of May, President Obama called 
cyber-security “one of the most serious economic and national security 
challenges we face as a nation.” His words echo a flurry of gloomy 
think-tank reports. The Defense Science Board, a federal advisory group, 
recently warned that “cyber-warfare is here to stay,” and that it will 
“encompass not only military attacks but also civilian commercial 
systems.” And “Securing Cyberspace for the 44th President,” prepared by 
the Center for Strategic and International Studies, suggests that 
cyber-security is as great a concern as “weapons of mass destruction or 
global jihad.”

Unfortunately, these reports are usually richer in vivid metaphor—with 
fears of “digital Pearl Harbors” and “cyber-Katrinas”—than in factual 

Consider a frequently quoted CIA claim about using the Internet to cause 
widespread power outages. It derives from a public presentation by a 
senior CIA cyber-security analyst in early 2008. Here is what he said:

    We have information, from multiple regions outside the United 
    States, of cyber-intrusions into utilities, followed by extortion 
    demands. We suspect, but cannot confirm, that some of these 
    attackers had the benefit of inside knowledge. We have information 
    that cyber-attacks have been used to disrupt power equipment in 
    several regions outside the United States. In at least one case, the 
    disruption caused a power outage affecting multiple cities. We do 
    not know who executed these attacks or why, but all involved 
    intrusions through the Internet.

So “there is information” that cyber-attacks “have been used.” When? 
Why? By whom? And have the attacks caused any power outages? The CIA may 
have some classified information, but very little that is unclassified 
suggests that such cyber-intrusions have occurred.

Or consider an April 2009 Wall Street Journal article entitled 
“Electricity Grid in U.S. Penetrated By Spies.” The article quotes no 
attributable sources for its starkest claims about cyber-spying, names 
no utility companies as victims of intrusions, and mentions just one 
real cyber-attack, which occurred in Australia in 2000 and was conducted 
by a disgruntled employee rather than an external hacker.


Visit the InfoSec News security bookstore!
Received on Thu Jun 25 2009 - 00:47:40 PDT

This archive was generated by hypermail 2.2.0 : Thu Jun 25 2009 - 01:11:31 PDT