OECD: Concept Of Cyberwar Is Overhyped

from the nice-to-finally-see-this dept

We’ve spent plenty of time over the past year or so discussing how the concept of a “cyberwar” has been blown totally out of proportion, often by those seeking to get rich off of the fear. We’ve been ridiculed for this, often getting messages from people saying that we don’t know what’s really going on. However, now the OECD, a rather respectable organization, has stepped up and said the same thing: the concept of a “cyberwar” is totally overhyped, and while there may be random computer-based hacks and attacks here and there, to label it as a “war” is way beyond reasonable.

Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.

“We don’t help ourselves using ‘cyberwar’ to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks,” said Professor Peter Sommer, visiting professor at LSE who co-wrote the report with Dr Ian Brown of the Oxford Internet Institute.

“Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” added Prof Sommer.

Part of the problem is that people (again, often with questionable agendas) like to lump all sorts of very different activities under the single heading of “cyberwar” to make it sound like a bigger issue than it really is (and, presumably, to get more money). It’s nice to see more level-headed analysis coming out of groups like the OECD. Now, if only governments will actually listen…

Filed Under: ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “OECD: Concept Of Cyberwar Is Overhyped”

Subscribe: RSS Leave a comment
Not an electronic Rodent says:

Re: Re: dammit!

And yet, nobody I’ve actually met in person pays attention to the issue. No matter how much they hype it.

Unfortunately it’s worse if people don’t pay attention to it. Then it becomes insidious, like the rest of security theatre, all you have to do is keep blasting it out in the media “there’s a war going on you know nothing about and we are keeping you safe even though you never see it”.

Because people actually don’t understand it and don’t care that much it goes in at a lower-conciousness level and becomes generally accepted wisdom, which is much harder to fight against with reasoned argument because everyone “knows”.

Almost Anonymous (profile) says:

Re: Re: Re: dammit!

Excellent, EXCELLENT post. Can’t click ‘Insightful’ enough. I was going to say something similar, but you put it much more eloquently that I would have.

Bottom line for me: fearful people are much easier to herd and control. This is why ‘they’ implemented the color-coded turrist alert system, and why ‘they’ will keep beating the cyberwar drum.

‘they’ = media, government, paranoid delusionals, pick your poison

fogbugzd (profile) says:

Ask the Iranians

I am guessing that OECD didn’t ask the Iranians about the reality of cyber warfare. http://www.itworld.com/security/133836/us-israel-appear-confirm-role-stuxnet-nyt

My biggest concern is that governments around the world will use the excuse of cyberwar to do lots of other things such as imposing more intrusions into personal freedoms and enhancing IP protections.

Jonathan (profile) says:

The Imaginary and the Real

Granted that there is a lot of hype around cyberwar,
let’s also keep in mind the real-world demo of a weapon in this war. Stuxnet, if we believe the analysis, caused major grief in Iran and had a significant impact on the development of their nuclear capabilities.
This appears to have been well architected, tightly targeted, military-grade smart weapon that has been very difficult to remediate and caused serious hardware damage.
I wouldn’t want my infrastructure to be the target of Stuxnet 2.0.

Marcus Carab (profile) says:

Re: The Imaginary and the Real

Agreed – there are real things that could reasonably be put under the heading of “cyberwar” (even if it is a somewhat sensational heading – the concept isn’t entirely unsound). Of course, it seems that simply referring to these things as new forms of digital attack used in conflicts is more accurate than creating a whole new class of conflict – but you’re right that there are elements of cyberwarfare out there, and one day we may see a war that is primarily driven by digital attacks.

However the real issue is, as you say, the hype – mainly the hype that lumps all sorts of things together as cyberwar. Suddenly spam, fraud, Wikileaks and 4chan are all part of the “cyberwar” – and that’s where things start to get silly.

Anonymous Coward says:

Re: Re: The Imaginary and the Real

And may I add that, if there’s any “war” development in this case, it would not happen on the network side.

I’d consider them as “brain-dead” if they don’t enforce physically isolated network in their nuclear development facilities. You don’t need a targeted espionage… just some random routine virus/worm can wreak havoc easily.

sumquy says:

Re: Re: The Imaginary and the Real

but that is exactly the point. it wasn’t espionage. or at least not primarily, stuxnet’s purpose was to infiltrate iranian nuclear facility and to destroy as many centrifuges as possible before being detected. i agree that a lot of things like hacking, espionage, ddos, etc… aren’t “cyberwarfare” at all.

Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” added Prof Sommer.

exactly. stuxnet was a “determined attempt to disrupt critical national infrastructure”

you really need to read more deeply into it, because half of what i,ve read you comment on it is wrong.

abc gum says:

Could it be that Mother Nature is the biggest potential cyber terrorist? (solar flare) Do not expect any attention to be paid towards this very real threat … no, in fact this will be largely ignored because there is no monetary reward. When it does happen, it will be called a natural disaster and tax money will be used to fix it – so why should any business feel responsible for addressing the issue in a proactive manner when it has a negative affect upon their bottom line. I recall news items from the past where satellite outage was attributable to solar activity, as was at least one power grid disruption. I imagine that the cost was absorbed by either the tax payer, rate payer, or insurance payer. It is almost humorous to watch, but they are gambling with my money and without my consent.

Anonymous Coward says:

I think the main problem is the word “war” in the term “cyberwar.” People use the word “war” to describe any conflict between two individuals/organizations. You can, for example, have a huge, multi-year conflict between two or more nations that involves shooting, bombing, and invading countries, but not declare actual “war,” yet people still call it one (and perhaps rightfully so, although not strictly correct in legal terms). You can have corporate wars, where two corporations struggle for the same market. You can have format wars, where two technologies backed by large groups compete for the same niche. Then you get the world wars and (thankfully non-existent) nuclear wars.

So yes, Mike, defining a cyberwar as one nation-state using cyber assets to cripple or destroyer another nation-state, the threat of cyberwar is vastly over exaggerated, especially considering that cyber attacks generally augment physical attacks. But who’s to say that a “cyberwar” is not what we’re seeing right now?

We (the country/world/media) have to decide on a definition of “cyberwar” before you can even think to start discussing if one is likely.

Hagai (user link) says:

Stuxnet very real, but statistics are indeed inapplicable

I disagree about Stuxnet: dismissing Stuxnet for not being the norm is not a good idea. On the other hand, I agree about the inapplicability of statistics. Demonstrating cyber-war shall be qualitative rather than quantitative. Cyber-war shall be dealt with, but it cannot be demonstrated by statistics, but by analysis of all that has not yet happened.

See interesting post about the research: Cyber-war Risk Exaggerated?.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...