By Edward Morris
A recent poll conducted by the Pew Research Center found that Americans are more afraid of cyber attacks than climate change, China’s rise, and the nuclear programs of Iran and North Korea.
Although similar studies have not been undertaken in Australia, prominent Australians have expressed considerable concern over cyber threats. In presenting her national security statement in February 2013, former Australian Prime Minister Julia Gillard stated, “Australia should prepare for a decades-long cyber war”.
Whilst politicians and media pundits episodically herald the threat posed by cyber attacks, a sobering fact remains – no death or injury has been proven attributable to a cyber attack. Why then is the threat perception of cyber attacks so severe? Is this simply a manifestation of effective Hollywood storytelling?
The effects of traditional weapons use – including swords, guns and bombs – are measureable, predictable and perhaps preventable. If one person pointed a loaded gun at another person and pulled the trigger, the result would be anticipatable – physical harm.
The impacts of cyber attacks are more difficult to comprehend. In contrast to traditional weapons, they lack causality between deployment and physical harm, at least thus far. Furthermore, instruments of cyber warfare are malleable – limited only by the technical skill and creativity of their designers. Powerful computer viruses, similar to their biological counterparts, are capable of adapting to their surroundings. These factors, coupled with the inconsistency of previous attacks, render cyber attacks extremely difficult to predict.
However, it is not solely the unknown that is to blame for cyber threat perception. Previous cyber attacks provide valuable insight into the genuine threat posed to various actors. Such attacks can be divided into two main categories; cyber espionage and cyber sabotage. It should be noted however that these and many of the definitions pertaining to cyberspace are disputed.
Cyber espionage – defined hereafter as the attainment of secrets without the authorisation of the target through electronic means – poses genuine threat to various actors. One prevalent example is its potential to create or exacerbate tension between countries. The political fallout between Australia and Indonesia continues, following the unauthorised release of intelligence by former U.S. National Security Agency contractor Edward Snowden, implicating the Australian government in spying on Indonesian President’s wife.
Acts of cyber sabotage attempt to either tamper with or shut down computer systems that govern automated activities, both of which can have significant ramifications. During the Cold War, the U.S. facilitated the explosion of a Trans-Siberian gas pipeline by deploying the “logic bomb” – a piece of code secretly inserted into a program that produces harmful system effects when certain conditions are met.
Although there has not yet been proven injuries or fatalities from past cyber attacks, it is not implausible to extrapolate the possibility of such an occurrence given nature of previous attacks.
Moreover, potential for extensive financial and perhaps economic damage on individuals, corporations and countries is evident from previous cyber attacks. The estimated cost of damages attributable to the cyber attacks on Epsilon in 2011 is up to $4 billion. Hackers collected and exploited the personal information of Epsilon’s clients for criminal activities.
The sporadic nature of past cyber attacks and Hollywood hits such as Travolta’s Swordfish may fuel our imagination, but examination of previous cyber attacks suggests the threat is genuine.
Edward holds a Masters in International Security from the University of Sydney, where he currently works as a Research Associate. He can be contacted at firstname.lastname@example.org.