OECD warns of cyber attack ‘perfect storm’

A cyber attack could devastate critical national infrastructures, a new report has warned, but only when used in combination with other disasters or military attacks.

The ‘Future Global Shocks’ study, published by the Organisation for Economic Co-operation and Development (OECD) on Monday, says that few cyber attacks will have the potential to cause a ‘global shock’. Events that do have such potential include global pandemics and the 2007 to 2010 financial crisis.

"Few single foreseeable cyber-related events have the capacity to propagate onwards and become a full-scale ‘global shock’," wrote authors Peter Sommer, of the London School of Economics, and Ian Brown, of Oxford University. "What should concern policy makers are combinations of events – two different cyber events occurring at the same time, or a cyber event taking place during some other form of disaster or attack," the report reads. "In that eventuality, perfect storm conditions could exist."

The document, however, does state that cyber attacks will become commonplace in military tactics. It is unlikely that wars will be fought entirely in cyber space though, it claims. "Cyber weaponry will play a key role alongside more conventional and psychological attacks by nation states in future warfare". The OECD report highlights Georgia’s war with South Ossettia in 2008, which saw widespread disruption of Internet traffic, as an example of this.

"In nearly all future wars as well as the skirmishes that precede them policymakers must expect the use of cyber weaponry as a disruptor or force multiplier, deployed in conjunction with more conventional kinetic weaponry," the report concludes. "Cyber weaponry of many degrees of force will also be increasingly deployed and with increasing effect by ideological activists of all persuasions and interests."

Regardless of whether or not a cyber attack can develop into a ‘global shock’, the OECD report advises national governments to begin investing in cyber defences. This can already be seen in the UK, where the government recently announced it would be investing £650 million into cyber security measures over the next four years.

Much of the debate in 2010 surrounding how cyber attacks can disrupt national infrastructure focused on Stuxnet. The virus was deemed significant due to its complexity and the specificity of its target – it was only found to have attacked centrifuges at an Iranian nuclear plant.

An article published in the New York Times claims that Stuxnet was previously tested at Israel’s Dimona nuclear complex. The article strongly implies that both the US and Israel were behind the development of the virus.

The virus reportedly works by causing Siemens-manufactured centrifuges to spin wildly out of control, causing them to self-destruct. Simultaneously, it feeds back erroneous reports to the equipment’s operators, which falsely claims the centrifuges are operating as normal.

Iranian President Mahmoud Ahmadinejad claimed that the virus caused no damage to the country’s nuclear programme. Sources in Israel however say Stuxnet has delayed the country’s Uranium enrichment projects by five years.

Peter Done

Peter Done is managing director of Peninsula Business Services, the personnel and employment law consultancy he set up having already built a successful betting shop business.

Related Topics