Thursday, January 12, 2012

2011: The year of domestic cyber threat

Any state with a civilian cyber infrastructure faces a clear and present threat to its critical infrastructure.

Washington, DC - Since September 11, terrorism has dominated the domestic security agenda, especially in the United States and Europe. While some in the US government attempted to link industrial control systems cyber security and radical Islamic fundamentalist terrorism soon after the 9/11 attacks, the probability of a major attack of this type by al-Qaeda was greatly discounted. Cyber attacks against critical infrastructure thereafter took a backseat to more pressing national security priorities and garnered relatively little attention outside the national security establishment and industry. Generally speaking, the rest of the world followed the US' lead.

Last decade, few public policy stakeholders appear to have realised the existential threat posed by such capabilities to domestic critical infrastructure or, when they did, the urgency with which governments needed to act. As a consequence, many governments implemented limited or modest increases in government regulation and oversight over critical infrastructure cyber security. They instead placed great faith in the private sector to manage the risk on their behalf out of the public view.

It therefore should not be a surprise that it took so long for cyber warfare to challenge terrorism as a top domestic security concern. The world apparently needed to bear witness to a high-profile, targeted use of an industrial control system cyber attack to shift global perceptions on the domestic risk posed by such capabilities. In the end, Stuxnet, a computer worm, delivered where policymakers could not; it demonstrated that weaponised cyber exploits could physically destroy (not just disable) critical infrastructure in the wild. Read More