US prepares for Iraq cyber war

The US government is to roll out its national cyberdefence strategy tomorrow (18 September) amid fears that a war against Iraq...

The US government is to roll out its national cyberdefence strategy tomorrow (18 September) amid fears that a war against Iraq could lead to a wave of crippling attacks on critical networks and IT infrastructures.

Peter Sommer, an independent security expert at the London School of Economics said: "Cyber attacks are very likely to increase. It does not require many hackers to have an impact."

Peter Tippett, chief technologist at TruSecure, agreed. "Every time there has been a conflict there has been an increase in so-called cyber wars. I'm sure there will be more activity against us." Security experts in Europe, he said, were nervous about the potential for mass cyber protests.

Security analysts mi2g claimed that the digital confrontation began earlier this month with an anti-war hacking group launching a substantial digital attack on three online computer systems hosted by the AOL Time Warner network. The systems were offline for at least three days. "This is just the first sign of digital attack and protest," mi2g chairman and chief executive DK Matai said.

However, Ross Anderson, leader of the IT security group at Cambridge University, sounded a note of caution. "Cyber security is enormously overhyped," he said. "There are institutional pressures from vendors, government agencies, insurance companies and some academics to talk up the threat."

Gunter Ollman of monitoring and security company Internet Security Services, said: "There is a lot of hype around cyber warfare. It accounts for only a small percentage rise in the overall number of daily hacking attacks." However, he warned that, "different organisations become targets", at times of international tension.

During the Balkans conflict, Croatia/Serb cyber attackers shut down NATO networks, said Ollman, adding there is conflict between Israeli and Arab hackers.

Whatever the threat, Summer said the best preparation was for security managers and Web administrators to do what they should be doing anyway - checking their systems and applying security patches promptly. Unfortunately, he added, many organisations still ignore obvious security practices.

Read more on IT for government and public sector