In view of the cyber-warfare dimension to the Russia-Georgia conflict, and the Chinese cyber-espionage ongoing against the west since c.2003 ("Titan Rain", and so on), how concerned should we in the UK be about state-sponsored hacking?
With the publication of the National Risk Assessment it is timely to consider what we need to be worried about and realise that natural incidents of Hollywood proportions do not have to take place to make life a misery. Pervasive computing exposes all of us to damage, disruption, and theft by state-sponsored "hacktivism".
Hackers who can disrupt power, petrol or food supplies through so many different vectors can cause a greater degree of demoralisation than Lord Haw Haw's comments ever could. From the comfort of their own homes, hackers may not even have to find a vulnerability in the oil refinery. An early war story of hacking - back in the days when it was mostly mischievous - had soft drinks deliveries rerouted.
What if all the petrol tankers ended up in Inverness? Perhaps by itself that is correctable, but if motorway signal control was interfered with, correcting misdirection (one risk) becomes more serious with the realisation of another. The problem with interconnection and interoperability is that if you can imagine it, it can probably be done.
Cyber attacks are a weapon and weapons need always to be under moral scrutiny. Any hacking, especially state-sponsored hacking, is wrong, unless perhaps, it is the right state hacking stuff that will help the good guys! Is the crime for the "good guys" getting caught?
There is no end to it of course. Think about how the rest of the world benefited from the Britain's innovation during the Industrial Revolution. The Arkwrights and the Cromptons funded and sweated, and invented. They learnt the hard way and had to live with their investments. Meanwhile, preceding Otto von Bismarck's observation that "only a fool learns from his own mistakes", rival countries could come in and learn from GB and move straight to Industrial Revolution 2.0. Now whereas the plans for Quarry Bank Mill may fill a drawer or two in 1874, electronic information is rather more compact and the thief does not even need to be near the "electronic" filing cabinet.
Be prepared for what is being done today for benefit tomorrow. The cyber-Manchurian Candidates include files today that we report, with relief, as encrypted at the time of a loss or breach waiting for advent of, say, quantum computing to overcome the encryption algorithms. State funding is so often a blank cheque for political gains. We may pooh-pooh the likely patience in others but remember the Iranians gluing together shredded American Embassy documents after the 1979 revolution?
And as once obscurity and disconnection protected us, we have to consider if those who would disrupt Supervisory Control And Data Acquisition (Scada) systems no longer have to understand how to access and manipulate proprietary systems because the specialised process control products are being built on - or replaced by - generic operating systems. How much damage can be done? Just a few digits changed in a measurement or timing could ruin materials or shut down production lines.
Attacking infrastructure through the IT that controls it is likely to be cost effective and does not risk your own people (until tit-for-tat cyber war becomes de rigueur).
What can we do about it?
Responsibility lies in all of us. Size does not matter. Defence of the realm now affects the SME, the corporate, voluntary sector and charities, as well as local and central government. Prevention, detection, and reporting - and acting on reports - are part of the home guard of cybervigilence. For example, do not be recruited to botnets that could flood our own or another nation's systems with denial of service attacks. Whether our information systems are at home or at work, individually and collectively, we are all bricks in the human firewall. As we benefit from migration and rich, societal contributions from each other's national identities, tests for those human vulnerabilities in the network have arrived none too soon.