Systemic cybersecurity risk

Systemic cybersecurity risk Dr Ian Brown Oxford Internet Institute University of Oxford

Non-systemic risks
Cyber graffiti: defacement of Web sites for propaganda and bragging
Cyber fraud: $1bn losses? Poor data. Anyway largely containable within financial system
“Terrorists get better returns from much simpler methods such as car bombs. Cyber terror is too low key: not enough dead bodies result, and attacks are too complex to plan and execute.” (Dr Juliette Bird, NATO)

Cyber war
“ The ‘Korean’ cyber incidents … were annoying and for some agencies, embarrassing, but there was no violence or destruction... Cybercrime does not rise to the level of an act of war, even when there is state complicity, nor does espionage – [which] are the activities that currently dominate cyber conflict... Estonia and Georgia … came under limited cyber attack as part of larger conflicts with Russia, but in neither case were there casualties, loss of territory, destruction, or serious disruption of critical services. ” (Lewis, 2009: 2—3).
“ At best, these operations can confuse and frustrate operators of military systems, and then only temporarily. Thus, cyberwar can only be a support function for other elements of warfare” (Libicki, 2009: xiv—xv)

Cyber espionage
TITAN RAIN: Incursions into DoD, German chancellory, Whitehall, NASA, Lockheed Martin…
Google attack aimed at “high-tech information to jump-start China's economy and the political information to ensure the survival of the regime” –James Lewis
“ [I] listened and lip-synced to Lady Gaga’s ‘Telephone’ while exfiltrating possibly the largest data spillage in American history” -SPC Bradley Manning

Reducing systemic risk
Isolate critical systems from public Internet and each other
Enhance risk management, robustness and continuity planning in Critical National Infrastructure systems
Use Content Distribution Networks and other load balancing systems to increase performance and resilience of public-facing systems
Better align private and social goals in securing systems, esp. on software security

Systemic cybersecurity risk

by Ian Brown on Jun 12, 2010

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 29

Statistics

Systemic cybersecurity risk — Presentation Transcript

http://dooooooom.blogspot.com	23
http://dashboard.bloglines.com	6