If it is proved to be true that yesterday's cyber attacks on Google, Twitter, Facebook and other sites were aimed at closing down the activities of one individual, it would be another striking example of how commercial organisations can become the indirect target of geopolitical threats, writes Steve Cummings.
It also shows how businesses and the people who depend on the services they provide can suffer collateral damage from an attack aimed at a specific target.
There are already security measures in place that limit the possibility of distributed denial of service (DoS) attacks; intelligence and information sharing in real time (or near real time) between corporations, internet monitoring services, government and national infrastructure bodies are among these. Attacks can be detected in the early stages, and their journey on through the internet can be prevented.
But the fact that this attack took place shows how serious the threat is and how much more needs to be done.
Companies have a responsibility to ensure that their systems are not compromised or solicited in DoS attacks. Apart from the wider impact, their own IT capability will be diminished and they will have lost control of their systems, clearly demonstrating a glaring hole in their data security strategy. This is something that we all need to be concerned about.
These attacks present a major challenge to blog hosting organisations and social networking sites such as Twitter and Facebook that need to be able to deliver a service that respects civil liberties and freedom of speech without becoming the target of a cyber attack. These organisations have to know who they are providing a service to, as well as what contributors are writing about, to anticipate attacks and take protective measures. Only once organisations understand the nature of the threat will they be able to respond effectively in managing the risks from such attacks.
Steve Cummings, is a special adviser to Deloitte's Enterprise Risk Services division. He was formerly director of the UK Centre for the Protection of the National Infrastructure
This was first published in August 2009