Researchers at the Organisation for Economic Co-operation and Development (OECD) claim that notion of cyber attack has been over-hyped.
According to a report entitled Reducing Systemic Cybersecurity Risk, the effects of a single cyber attack are generally short-lived, localised and not much to worry about. But a bunch of combined 'events' could be a bit more worrisome, or even catastrophic, the researchers argue, feeding the same hype (opens in new tab)they're trying to quell.
The report, which was written by Peter Sommer, a visiting professor at the London School of Economics (LSE), and Ian Brown of Oxford Internet Institute, "concluded that very few single cyber-related events have the capacity to cause a global shock," the report's summary reads (opens in new tab)(pdf). "Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate.
"There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters."
The researchers also point at that the majority of hi-tech attacks have been wrongly categorised as cyber-attacks, usually to make a good headline.
“We don't help ourselves using 'cyberwar' to describe espionage or hacktivist blockading or defacing of websites, as recently seen in reaction to WikiLeaks. Nor is it helpful to group trivially avoidable incidents like routine viruses and frauds with determined attempts to disrupt critical national infrastructure,” Sommer said in a statement.
According to the report, catastrophic single cyber-related events could include: "successful attack on one of the underlying technical protocols upon which the Internet depends, such as the Border Gateway Protocol which determines routing between Internet Service Providers and a very large-scale solar flare which physically destroys key communications components such as satellites, cellular base stations and switches."
For the remainder of likely breaches of cybsersecurity such as malware, distributed denial of service, espionage, and the actions of criminals, recreational hacker and hacktivists, most events will be both relatively localised and short-term in impact, the report notes.