Something Wicked This Way Comes

Back in 1999 I predicted that the “Electronic Pearl Harbour” would probably not happen until around 2006. That prediction, which led some elements of the computer media to accuse me of being a “doomsayer”, was based on a considered analysis of emerging trends which indicated that by around about now the global security risk profile would have climbed to a dangerously high level. Many people advised me I was wrong and that instead we are likely to experience just more of the same, i.e. lots of small incidents that are more of an irritation than a serious threat. But that ignores the potential power of global networks, which can leverage positive feedback loops to deliver immensely powerful attacks, as well as the raft of systemic flaws that are building in our infrastructure, through continued bad practice and a herd-like mentality to standardize on a single choice of platform.

So here we are in 2007 facing a serious terrorist threat, a criminal underworld that routinely exploits IT vulnerabilities, and a sophisticated espionage threat from more than a hundred intelligence services. On top of that we have a physical infrastructure that is incapable of preventing staff from walking off with tens of millions of sensitive records, and an electronic infrastructure riddled with vulnerabilities that require prohibitive amounts of resource to repair. And the scale of the potential impacts from security incidents grows larger every day. Already this year we’ve had major incidents in industry and Government of unprecedented impact. We’ve also witnessed attack vectors of unprecedented sophistication. It strikes me that we’re all sailing like a ship of fools towards an electronic catastrophe. Time for a wake-up call.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I liked your analogy at the time and would be interested to know your views on the Number 10 petition. I find the current publicity for "attacks" from China interesting, given that information security specialists were warning of these two years ago. The publicity appears to mix activities that are akin to the "support" the French used to give their aerospace companies when competing with the Brish and Americans after claiming copies of their encryption keys (you will rmemeber the stories from the original RIPA debate) with "demonstrations of capability" - akin to the annual Nato exercise during Cold War days. Either way, do you not agree that we need a UK equivalent akin to the US "Pittsburgh Triangle": over $500 million p.a. in cash and kind from Federal Government, Law Enforcement, users and suppliers to provide a shared hub for both e-civil defence and e-crime "prevention" - because it may well not be possible to tell which "hat" to wear until after the attack has been seen off.
Yes, I fully support the petition. We need to look forwards at the new order of things and build solutions capable of responding to emerging threats. Today's agenda should not be hijacked by the organisational interests of the existing silos of the Security and Law Enforcement community. If we carry on this way we will continue to fall behind the rest of the World in IT capability and Information Security. We need new investment in modern cyber defences to defend our critical national infrastructure and to maintain our competitive position.