Cyber attacks can bring countries to their knees!
With the rapid proliferation and availability of the Internet, comes many new threat that many people, many countries would not have anticipated and prepared for. China and Japan’s long standing dispute over the history textbook contents has resulted in individuals from both countries launching cyber attacks on each other. In the Middle East, a ‘cyber jihad’ has been waged by Palestinians against the Israelis. And today’s Straits Times carried a report about massive, targeted and well-coordinated attacks on websites of the government, banks, telecommunication companies, Internet Service Providers and newspapers in Estonia (the former tech-savy Soviet state commonly referred to as E-stonia).
These were apparently the response to Estonia’s recent decision to relocate a Soviet war memorial. Investigations have concluded that the attacks originated from Russia although the Russian authorities have been quick to deny any involvement. The attacks have disrupted government e-mail and led financial institutions to shut down online banking. Nato and the European Union have since rushed IT specialists to Estonia to observe and assist.
These incidences have understandably led to much concern. However, experts are quick to dismiss fears that cyber attacks will become a tool of Terrorist groups like Al-Qaeda. Dr Maura Conway an expert in Terrorism and the Internet from Dublin City University says, “In the 9/11 situation, the real impact was in the visual images and Internet attacks have no visual imagery”.
Dr Conway added that governments in general had been 'pretty slow on the uptake' to legislate against potential cyber attacks, with lawmakers only starting to act relatively recently. I find this a rather strange statement as it seems to suggest that the solution is in legislation. However, I think this is unlikely.
Singapore has had the Computer Misuse Act which has provisions specifically drafted to deal with Denial of Service (DOS) attacks. The UK has an Act with the same name (on which our Singapore Act must have been largely based on). I’m sure that many other countries such as the US have equivalent legislation to deal with these attacks.
Although there are no reported cases of DOS in Singapore (that I’m aware of) and admittedly I have not done any research on this but, I’m sure that such attacks are much more common in the US and UK. So I find it hard to believe that having a law or even having heavy penalties imposed on those convicted will be sufficient to protect computer systems from such attacks.
Furthermore, even if we consider all the latest computer forensics techniques and their ability to trace and locate the perpetrators, we are confronted with the horrifying reality that they still will not prevent such attacks from happening. The truth remains that laws imposing strict penalties and scientific methods to apprehend the masterminds only serve to punish those responsible ‘after the fact’, none of these actually stops it from happening in the first place.
I suspect that the main reason for this is that the Internet is inherently insecure. Having recently attended the Annual Wireless Conference in Singapore and listened to the speakers (majority of whom are professional ‘hackers’), they all are in agreement on this point. There are just so many ways in which an individual can attack a computer or a website. He doesn’t even have to be a computer expert to initiate such attacks as there are countless Open source software available which can do the job with a click of the mouse (and just about anyone can do that!).
So what’s the solution?
Well, I don’t think there is one. Not yet at least.
There are many precautions that one might be able to take, but none of them come with any guarantees. The dilemma is whether we should be more cautious about embracing the whole ‘e-government’ movement which seems to be sweeping the globe at the risk of being overtaken by the rest of the world, or we proceed ‘full-steam ahead’ and run the risk of losing everything.
Its definitely not an easy question to answer. Certainly much more research and thought is needed in this area. I’ll keep this spot updated.
With the rapid proliferation and availability of the Internet, comes many new threat that many people, many countries would not have anticipated and prepared for. China and Japan’s long standing dispute over the history textbook contents has resulted in individuals from both countries launching cyber attacks on each other. In the Middle East, a ‘cyber jihad’ has been waged by Palestinians against the Israelis. And today’s Straits Times carried a report about massive, targeted and well-coordinated attacks on websites of the government, banks, telecommunication companies, Internet Service Providers and newspapers in Estonia (the former tech-savy Soviet state commonly referred to as E-stonia).
These were apparently the response to Estonia’s recent decision to relocate a Soviet war memorial. Investigations have concluded that the attacks originated from Russia although the Russian authorities have been quick to deny any involvement. The attacks have disrupted government e-mail and led financial institutions to shut down online banking. Nato and the European Union have since rushed IT specialists to Estonia to observe and assist.
These incidences have understandably led to much concern. However, experts are quick to dismiss fears that cyber attacks will become a tool of Terrorist groups like Al-Qaeda. Dr Maura Conway an expert in Terrorism and the Internet from Dublin City University says, “In the 9/11 situation, the real impact was in the visual images and Internet attacks have no visual imagery”.
Dr Conway added that governments in general had been 'pretty slow on the uptake' to legislate against potential cyber attacks, with lawmakers only starting to act relatively recently. I find this a rather strange statement as it seems to suggest that the solution is in legislation. However, I think this is unlikely.
Singapore has had the Computer Misuse Act which has provisions specifically drafted to deal with Denial of Service (DOS) attacks. The UK has an Act with the same name (on which our Singapore Act must have been largely based on). I’m sure that many other countries such as the US have equivalent legislation to deal with these attacks.
Although there are no reported cases of DOS in Singapore (that I’m aware of) and admittedly I have not done any research on this but, I’m sure that such attacks are much more common in the US and UK. So I find it hard to believe that having a law or even having heavy penalties imposed on those convicted will be sufficient to protect computer systems from such attacks.
Furthermore, even if we consider all the latest computer forensics techniques and their ability to trace and locate the perpetrators, we are confronted with the horrifying reality that they still will not prevent such attacks from happening. The truth remains that laws imposing strict penalties and scientific methods to apprehend the masterminds only serve to punish those responsible ‘after the fact’, none of these actually stops it from happening in the first place.
I suspect that the main reason for this is that the Internet is inherently insecure. Having recently attended the Annual Wireless Conference in Singapore and listened to the speakers (majority of whom are professional ‘hackers’), they all are in agreement on this point. There are just so many ways in which an individual can attack a computer or a website. He doesn’t even have to be a computer expert to initiate such attacks as there are countless Open source software available which can do the job with a click of the mouse (and just about anyone can do that!).
So what’s the solution?
Well, I don’t think there is one. Not yet at least.
There are many precautions that one might be able to take, but none of them come with any guarantees. The dilemma is whether we should be more cautious about embracing the whole ‘e-government’ movement which seems to be sweeping the globe at the risk of being overtaken by the rest of the world, or we proceed ‘full-steam ahead’ and run the risk of losing everything.
Its definitely not an easy question to answer. Certainly much more research and thought is needed in this area. I’ll keep this spot updated.
posted by Clem | 12:59 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home