OECD: Concept Of Cyberwar Is Overhyped

from the nice-to-finally-see-this dept

We've spent plenty of time over the past year or so discussing how the concept of a "cyberwar" has been blown totally out of proportion, often by those seeking to get rich off of the fear. We've been ridiculed for this, often getting messages from people saying that we don't know what's really going on. However, now the OECD, a rather respectable organization, has stepped up and said the same thing: the concept of a "cyberwar" is totally overhyped, and while there may be random computer-based hacks and attacks here and there, to label it as a "war" is way beyond reasonable.
Attempts to quantify the potential damage that hi-tech attacks could cause and develop appropriate responses are not helped by the hyperbolic language used to describe these incidents, said the OECD report.

"We don't help ourselves using 'cyberwar' to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks," said Professor Peter Sommer, visiting professor at LSE who co-wrote the report with Dr Ian Brown of the Oxford Internet Institute.

"Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure," added Prof Sommer.
Part of the problem is that people (again, often with questionable agendas) like to lump all sorts of very different activities under the single heading of "cyberwar" to make it sound like a bigger issue than it really is (and, presumably, to get more money). It's nice to see more level-headed analysis coming out of groups like the OECD. Now, if only governments will actually listen...


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Jan 17th, 2011 @ 2:56pm

    Organisation for Economic Cooperation and Development.

    Yup, call in the economists to explain a computer issue.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    drew (profile), Jan 17th, 2011 @ 3:21pm

    dammit!

    Was just going to send this one in. Nice to see a bit of recognition that there's a vast amount of hype and fear-mongering going on.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jan 17th, 2011 @ 3:31pm

      Re: dammit!

      I think we truly should publicize this issue more in the press so everyone can really see how fear-mongering and hype could be the end of our society, and our country as we know it.
      Perhaps Rep. King could get right on this ...

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      The Mighty Buzzard (profile), Jan 17th, 2011 @ 3:39pm

      Re: dammit!

      And yet, nobody I've actually met in person pays attention to the issue. No matter how much they hype it.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Not an electronic Rodent, Jan 18th, 2011 @ 1:42am

        Re: Re: dammit!

        And yet, nobody I've actually met in person pays attention to the issue. No matter how much they hype it.
        Unfortunately it's worse if people don't pay attention to it. Then it becomes insidious, like the rest of security theatre, all you have to do is keep blasting it out in the media "there's a war going on you know nothing about and we are keeping you safe even though you never see it".

        Because people actually don't understand it and don't care that much it goes in at a lower-conciousness level and becomes generally accepted wisdom, which is much harder to fight against with reasoned argument because everyone "knows".

         

        reply to this | link to this | view in chronology ]

        •  
          icon
          Chris in Utah (profile), Jan 18th, 2011 @ 5:29am

          Re: Re: Re: dammit!

          And then people wonder why I have infowars as my URL. Hoping Average Joe is reading.

           

          reply to this | link to this | view in chronology ]

        •  
          icon
          Almost Anonymous (profile), Jan 18th, 2011 @ 10:29am

          Re: Re: Re: dammit!

          Excellent, EXCELLENT post. Can't click 'Insightful' enough. I was going to say something similar, but you put it much more eloquently that I would have.

          Bottom line for me: fearful people are much easier to herd and control. This is why 'they' implemented the color-coded turrist alert system, and why 'they' will keep beating the cyberwar drum.

          'they' = media, government, paranoid delusionals, pick your poison

           

          reply to this | link to this | view in chronology ]

  •  
    icon
    fogbugzd (profile), Jan 17th, 2011 @ 3:47pm

    Ask the Iranians

    I am guessing that OECD didn't ask the Iranians about the reality of cyber warfare. http://www.itworld.com/security/133836/us-israel-appear-confirm-role-stuxnet-nyt

    My biggest concern is that governments around the world will use the excuse of cyberwar to do lots of other things such as imposing more intrusions into personal freedoms and enhancing IP protections.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jonathan (profile), Jan 17th, 2011 @ 4:05pm

    The Imaginary and the Real

    Granted that there is a lot of hype around cyberwar,
    let's also keep in mind the real-world demo of a weapon in this war. Stuxnet, if we believe the analysis, caused major grief in Iran and had a significant impact on the development of their nuclear capabilities.
    This appears to have been well architected, tightly targeted, military-grade smart weapon that has been very difficult to remediate and caused serious hardware damage.
    I wouldn't want my infrastructure to be the target of Stuxnet 2.0.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Marcus Carab (profile), Jan 17th, 2011 @ 5:25pm

      Re: The Imaginary and the Real

      Agreed - there are real things that could reasonably be put under the heading of "cyberwar" (even if it is a somewhat sensational heading - the concept isn't entirely unsound). Of course, it seems that simply referring to these things as new forms of digital attack used in conflicts is more accurate than creating a whole new class of conflict - but you're right that there are elements of cyberwarfare out there, and one day we may see a war that is primarily driven by digital attacks.

      However the real issue is, as you say, the hype - mainly the hype that lumps all sorts of things together as cyberwar. Suddenly spam, fraud, Wikileaks and 4chan are all part of the "cyberwar" - and that's where things start to get silly.

       

      reply to this | link to this | view in chronology ]

    •  
      icon
      Mike Masnick (profile), Jan 17th, 2011 @ 5:57pm

      Re: The Imaginary and the Real

      Stuxnet, if we believe the analysis, caused major grief in Iran and had a significant impact on the development of their nuclear capabilities.

      I would argue that's much more on the espionage front, than any "war" development.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Jan 17th, 2011 @ 6:09pm

        Re: Re: The Imaginary and the Real

        And may I add that, if there's any "war" development in this case, it would not happen on the network side.

        I'd consider them as "brain-dead" if they don't enforce physically isolated network in their nuclear development facilities. You don't need a targeted espionage... just some random routine virus/worm can wreak havoc easily.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        sumquy, Jan 17th, 2011 @ 8:29pm

        Re: Re: The Imaginary and the Real

        but that is exactly the point. it wasn't espionage. or at least not primarily, stuxnet's purpose was to infiltrate iranian nuclear facility and to destroy as many centrifuges as possible before being detected. i agree that a lot of things like hacking, espionage, ddos, etc... aren't "cyberwarfare" at all.

        Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure," added Prof Sommer.

        exactly. stuxnet was a "determined attempt to disrupt critical national infrastructure"

        you really need to read more deeply into it, because half of what i,ve read you comment on it is wrong.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    abc gum, Jan 17th, 2011 @ 5:12pm

    Could it be that Mother Nature is the biggest potential cyber terrorist? (solar flare) Do not expect any attention to be paid towards this very real threat ... no, in fact this will be largely ignored because there is no monetary reward. When it does happen, it will be called a natural disaster and tax money will be used to fix it - so why should any business feel responsible for addressing the issue in a proactive manner when it has a negative affect upon their bottom line. I recall news items from the past where satellite outage was attributable to solar activity, as was at least one power grid disruption. I imagine that the cost was absorbed by either the tax payer, rate payer, or insurance payer. It is almost humorous to watch, but they are gambling with my money and without my consent.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 17th, 2011 @ 6:31pm

    I think the main problem is the word "war" in the term "cyberwar." People use the word "war" to describe any conflict between two individuals/organizations. You can, for example, have a huge, multi-year conflict between two or more nations that involves shooting, bombing, and invading countries, but not declare actual "war," yet people still call it one (and perhaps rightfully so, although not strictly correct in legal terms). You can have corporate wars, where two corporations struggle for the same market. You can have format wars, where two technologies backed by large groups compete for the same niche. Then you get the world wars and (thankfully non-existent) nuclear wars.

    So yes, Mike, defining a cyberwar as one nation-state using cyber assets to cripple or destroyer another nation-state, the threat of cyberwar is vastly over exaggerated, especially considering that cyber attacks generally augment physical attacks. But who's to say that a "cyberwar" is not what we're seeing right now?

    We (the country/world/media) have to decide on a definition of "cyberwar" before you can even think to start discussing if one is likely.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    aperson (profile), Jan 18th, 2011 @ 12:01am

    Gotta say, stuxnet looked like one hell of a step forward in terms of offensive capability. We might not be taking cyberwar seriously, but a lot of money paying a lot of talent...black projects have been behind a lot of interesting developments.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Chris in Utah (profile), Jan 18th, 2011 @ 5:33am

    Vison for the future?

    I'm wondering if the next presidential race is going to be on a platform of a war on the internet. They'll of course use a PC word (aka Net neutrality). And in true Orwellian fashion we'll believe both Net neutrality and protection from net threats are one truth... or I mean bill.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jan 18th, 2011 @ 6:08am

    The American government has always felt that the only way to unite the people is to have a war to incite patriotic fervor.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Hagai, Jan 28th, 2011 @ 4:10am

    Stuxnet very real, but statistics are indeed inapplicable

    I disagree about Stuxnet: dismissing Stuxnet for not being the norm is not a good idea. On the other hand, I agree about the inapplicability of statistics. Demonstrating cyber-war shall be qualitative rather than quantitative. Cyber-war shall be dealt with, but it cannot be demonstrated by statistics, but by analysis of all that has not yet happened. See interesting post about the research: Cyber-war Risk Exaggerated?.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This