The Threat to Government,
Business and Financial Markets
mi2g Internal Memorandum
Historically war has been classified as physical attacks with bombs &
bullets between nation states. It was beyond the means of an individual to
Today, in the Information Age, the launch pad for war is no longer a runway
but a computer. The attacker is no longer a pilot or soldier but a civilian
Hacker. An individual with relatively simple computer capability can do things
via the internet that can impact economic infrastructures, social utilities
and national security. This is the problem we face in moving from the industrial
world to the Information Age, which is the essence of Cyber War.
The Internet was developed during the cold war climate of the 1960s to protect
communications in the event of a nuclear strike. The main strength of the
internet is that if parts of the network are destroyed information automatically
re-routes. In essence there is no Central Control that can be targeted. It
is this very anonymity and the anarchy of the Internet that leaves organisations
open to attack.
The problem is that Western societies have in the past few decades become
reliant on the efficient functioning of electronic control systems for more
and more segments of daily life, especially the economic processes. There
is an assumption that they will function flawlessly or that there is a readily
available standby in every case. There is also a misunderstanding about communications
systems. Communications systems are now just computers that route information
on the back of commands.
If these electronic systems go wrong the technology that supports our economies
fails. As the global network of computers, the Internet, becomes the communication
backbone, all societies reliant upon it are vulnerable to cyber attack.
As Stephen Badsey of Sandhurst Royal Military Academy states:
'...attack a society through its computers to cause the breakdown of the
mechanism & the infrastructure which cause it to run, you will bring about
mass deaths......directly or indirectly...'
It is possible to attack and interrupt any electronic network which would
naturally include power stations, emergency services, stock market and air
traffic control systems, with devastating consequences. The consequences are
so serious that the American Government tried to suppress a report titled
'Cyberwar is Coming' by researchers at RAND, an American think tank, in 1992.
The dangers of Cyber attack lie in the Information Age allowing individuals,
who choose to conceal their identity, to access something valuable electronically
without being detected. A business could be shut down or severely damaged
through this covert access. In May 1998 the L0pht Collective, a group of computer
hackers in Boston USA, testified to a US Senate Committee studying network
'The seven of us could very trivially take down the entire Internet for the
United States......Great Britain......basically stopping communications between
all the major network access providers. That would cause overloads on to the
other transit routes for communication, regular phone lines. It would cause
problems for people trying to move large sums of money that are doing it over
networks......Take about thirty minutes......if that'
Where is this threat coming from?
The generic term used is Hacker - but this merely means someone who has been
able to penetrate any kind of defence. The motives of Hackers vary. Some destroy
data, or there can be criminal intent; others could be terrorists or university
students taking on the challenge. No matter who the Hackers are or their motives
the equipment that is required is readily available and within the purchasing
power of all.
The knowledge required can be found on notice boards posted on the Internet.
Readymade formulae are available to be copied with instructions on how to
dispatch attacks. This allows 'warfare' to be taken out of the national fold
and readily available to groups and individuals at anytime, anywhere in the
The above problem will be compounded by the new Data Protection Act 1998
in the UK which extends the envelope of criminal prosecution against the Directors
of a company that fail to satisfactorily protect their corporate assets, which
has now been defined to include corporate information. Furthermore this type
of legislation is not promoted in the USA creating an anomaly which may also
affect Anglo-American companies who regularly exchange information.