Back in 1999 I predicted that the “Electronic Pearl Harbour” would probably not happen until around 2006. That prediction, which led some elements of the computer media to accuse me of being a “doomsayer”, was based on a considered analysis of emerging trends which indicated that by around about now the global security risk profile would have climbed to a dangerously high level. Many people advised me I was wrong and that instead we are likely to experience just more of the same, i.e. lots of small incidents that are more of an irritation than a serious threat. But that ignores the potential power of global networks, which can leverage positive feedback loops to deliver immensely powerful attacks, as well as the raft of systemic flaws that are building in our infrastructure, through continued bad practice and a herd-like mentality to standardize on a single choice of platform.
So here we are in 2007 facing a serious terrorist threat, a criminal underworld that routinely exploits IT vulnerabilities, and a sophisticated espionage threat from more than a hundred intelligence services. On top of that we have a physical infrastructure that is incapable of preventing staff from walking off with tens of millions of sensitive records, and an electronic infrastructure riddled with vulnerabilities that require prohibitive amounts of resource to repair. And the scale of the potential impacts from security incidents grows larger every day. Already this year we’ve had major incidents in industry and Government of unprecedented impact. We’ve also witnessed attack vectors of unprecedented sophistication. It strikes me that we’re all sailing like a ship of fools towards an electronic catastrophe. Time for a wake-up call.