By Nick Heath, 7 March 2008 11:16
NEWS
Nato's cyber defence chief has warned that computer-based terrorism poses the same threat to national security as a missile attack.
Suleyman Anil, head of Nato Computer Incident Response Capability Co-ordination Centre, said a determined cyber attack on a country's online infrastructure would be "practically impossible to stop".
Security from A to Z
Click on the links below to find out more...
A is for Antivirus
B is for Botnets
C is for CMA
D is for DDoS
E is for Extradition
F is for Federated identity
G is for Google
H is for Hackers
I is for IM
J is for Jaschan (Sven)
K is for Kids
L is for Love Bug
M is for Microsoft
N is for Neologisms
O is for Orange
P is for Passwords
Q is for Questions
R is for Rootkits
S is for Spyware
T is for Two-factor authentication
U is for USB sticks/devices
V is for Virus variants
W is for Wi-fi
X is for OS X
Y is for You
Z is for Zero-day
Nations need to focus on improving their ability to quickly recover and get systems back online, an area in which nearly all countries were currently "weak", he told delegates at the e-crime congress in London.
Anil said the cyber attacks on Estonia last year which brought down key financial and state systems had demonstrated how cyber terrorism could take down national infrastructure with "very serious consequences".
He said: "It stands together with air missile defence and the global fight against terrorism."
Nato will set out an action plan for dealing with a similar infrastructure attack on one of its members at a state summit in Bucharest next month.
Anil believes the threat will continue to grow as terrorist groups become aware of its potential to cause maximum damage at minimal cost.
He said: "Cyber war can become a very effective global problem because it is low-risk, low-cost, highly effective and easily globally deployable. It is almost an ideal weapon that nobody can ignore."
Anil said attacks were becoming increasingly sophisticated, giving an example of a semi-autonomous Trojan which infiltrated Nato's open network.
He said the Trojan was scanning networks for statements on a certain underground project and then trying to implant itself on any network that mentioned it.
Nato's weapons of choice in fighting the cyber war are off-the-shelf virus scanners, intrusion prevention technology and forensic software, he said.
Countries also need to resolve issues of law enforcement across national boundaries and the technical challenges of tackling the spread of cyber crime, he added.
Comments
There are 6 comments. Join the discussion
1. MusicFan
I think Anil needs to have a look at his priorities
Cost of a terrorist attck on my PC ?
= £30 for a new hard drive.
Cost of a direct hit from a missile?
= A new set of limbs and generally all body parts
A world is safe in Nato's hands!
2. Matt H
So MusicFan thinks that a new hard drive is all that's needed? I'm not an IS Security Expert, but I can imagine what would happen if the IT Infrastructure of the UK got hacked and taken offline.
Let's see.... the power grid is run by computers. Banking is run by computers. Hospitals are run by computers. Rail and Road Infrastructure are run by computers. The Emergency Services require computers. The phones are run by computers.....
So a cyber terrorist attack could potentially shut a whole country down city by city, service by service, until we're in a digital black out. Not so easy to buy a new hard drive if you can't get to the ATM, where you can't access your bank account, and then of course you can't actually buy anything because you can't get to the shop who aren't able to access the EPOS system in the first place! There's more at stake than just a hard drive IMHO.
3. Haydn Rees
Y2K = "if it can go wrong, it might go wrong."
Cyber-terrorism = "if it can make it go wrong, we will".
Government Services and Banks can mess up and apologise.
Infrastructural attacks hit things you take for granted. Railway signals & points, high volume gas distribution networks (valves), and water distribution and flood control systems, Power Station Management System (including nuclear), Air Traffic Control System, Instrument Landing Systems, Navigation Systems on Oil Tankers (Superman III), Supermarket Supply Chain Management Systems, Traffic Management Systems, Mobile Phone Networks, Sewage and Waste Management Systems... All controlled over the Internet.
The only way to have a large enough population of Security Specialists to deal with this is to use the private sector, and we'd need at least three years "run up" to get the necessary expertise and qualification set up and in place.
What we need immediately is strong Criminal law, demanding every company assess it's vulnerabilities and have regular security due diligence, with Company Directors going to prison if they don't.
4. MusicFan
I think its clear I was comparing the effects of a missile V cyber attack directly on myself.
Matt, I think you’ve been watching Terminator 3 too much 
At my work, if our servers were to be compromised, the worst that could happen is that we would lose 1 days information until backups were restored. Result = A sum of money in repairs, maybe a data breach, but again no loss of life.
I think we forget easily that the internet has not been around for that long, how did we cope before? Were we in permanent darkness?
Us mere humans can perform a lot of important tasks and most critical systems and infrastructure would continue to function if we took a pair of scissors to the internet cable!
Can we continue to function after being hit by a missile?
A little perspective please.
5. Haydn Rees
I was in Cheltenham last summer during the floods - a once in a hundred year flood, followed three weeks later by a second once in a hundred year flood.
The water went out for about 10 days. The plans to evacuate 160,000 people from Gloucestershire if the power went out were at an extremely advanced stage, because if you don't have water and power utilities, you aren't living in a house, you're living in a cave.
It doesn't take a huge amount of imagination to figure out which systems to take down, and in what order to put us back into the Stone Age. It took a few hundred fuel tanker drivers to not show up to work for ten days to be within 48 hours of bringing the UK to it's knees.
The Internet is an enabling technology like no other, allowing us to solve problems which we had to deal with every day once, so that they stay solved. We now need to take a long hard look at how much value we get from the Internet, and calculate how much it is worth to us to keep it running as we want it to.
6. RAMON BAYARDO MUJICA ZEVALLOS
The contributions that the countries could make, is with informatic-lawyers that could agree in a law enforcement group.
And also the ITF could work in a way to create a special and unique gate to access security places. so that group should be a determinate numbers of members.