Is cyber terrorism the new swine flu?

29th October 2010 By: Brandon Hamber

I would strongly recommend, especially if you are of a nervous disposition, that you avoid reading the Strategic Defence and Security Review released by the UK government recently. The document makes uneasy reading.

The UK spends over £33-billion a year on defence. This is the equivalent of the total gross domestic product (GDP) of Mozambique, Namibia and Botswana put together. It is ten times the GDP of Zimbabwe and is three times the GDP of Afghanistan.

To justify this massive expenditure, even with a proposed 8% expenditure cut, the defence review is at pains to point out the numerous security threats to the UK. The threats read like the scripts for the next generation of disaster movies.

The issues posing the biggest security risks include terrorism, instability and conflict overseas, cyber security, civil emergencies, energy security, organised crime, border security, and counterproliferation and arms control.

Interestingly, the area that seems to have drawn much media attention is the newly identified threat of cyber security, which the defence review sees coming from hostile States, terrorists and criminals alike. The document notes: “Enemies will continue to attack our physical and electronic lines of communication. And the growth of communication technology will increase our enemies’ ability to influence not only all those on the battlefield, but also our own society directly. We must, therefore, win the battle for information, as well as the battle on the ground.”

It is strange to read a document that so blatantly calls for a war over information. But the most perplexing comment of all is that the defence review, a document allegedly focusing on security, highlights that the new threats from cyber terrorism are also an opportunity. The threat of cyber warfare, the document notes, means that the “UK government and British businesses . . . will derive benefits from the protection that effective cyber security measures bring to the UK economy”.

Such a statement guarantees substantial com- mercial interest in new profit-making security ideas. But this has also left me wondering if cyber terrorism is going to be the new battleground for scaremongers.

Just as we were told to fear bird and swine flu, mad cow disease and the potential impact of sheep with blue tongues, will we now be periodi- cally subjected to public hysteria about cyber threats? I predict a steady flow of millennium buglike fiascos where threats are identified, millions invested and spent, and then threats disappear without a trace.

This is not, of course, to belittle the prospects for real cyber terrorism. Recently, for example, a computer worm known as Stuxnet, which damages computer systems, was identified on machines linked to Iran’s nuclear programme. This looks like one of the first successful and systematic attacks on a State installation presumably by a country or group of individuals trying to scupper Iran’s nuclear ambitions.

The problem with all this, however, is that most of us know very little about cyber terrorism, hacking and computer security. The mere mention of cyber terrorism feeds into fantasies of computers slowly taking over the world as geeky James Bondlike cyber heroes battle their malevolent intent.

But computers do not make viruses or introduce them into systems by themselves – humans do. Most security breaches still happen through human error and through good old-fashioned security leaks like leaving documents unsecured.

The UK defence review acknowledges that “simple, common-sense security measures available to ordinary citizens and businesses would make a major difference if used widely”.

But I wonder, now that cyber terrorism has been put on the national security agenda, if common sense will prevail. Sadly, I suspect the business sector’s desire to make a quick buck and general ignorance about the limits of what computers can and cannot do will leave the taxpayer bamboozled and ripped off yet again as the UK government invests in all sorts of flashy, yet ultimately useless, new security technologies.