Posts Tagged ‘CIP Interconections’

Is the Cyber Threat To National Security Overblown?

June 7, 2009 Leave a comment

A recent article in with the title (Is the Hacking Threat To National Security Overblown?) argued if the governments are overblowing the issue only to get bigger budgets, more reach and power and control or its actually a real national threat.

The experts view was that its a real threat that can be justified but the actual threat levels are over-estimated.

I tend to have a different view..I believe that since its a threat that can have a direct/indirect impact on the daily life of humans then everyone (citizens and governments) should take note and act responsibly.

from the graph below (From a study by INL) you can see that our networked – IT Dependent society will certainly suffer from a domino effect if the Energy sector/suppliers suffer a service disruption.


I really don’t care if this disruption is caused by a storm or a DDOS. people who say that the threat levels of CIP IT-related risks are over-rated I can only say that the truth is that our knowledge of today’s Critical infrastructures information security is just like our knowledge of PC security ten years ago.

exactly 10-12 years ago we had pretty much the same debates about legislations, privacy issues,should the vendors be held accountable for vulnerable softwares, standards like BS7799…etc

another dimension of the problem is that most of the critical infrastructures “world wide” are reluctant to share lessons learned or incidents…due to corporate image fears and the competitive nature of the industries. So no one should claim to have the complete image, even within his own country. so let aside scenario’s like the world-wide impact of a cyber attack on Saudi’s Aramco for instance. (think of it as a cyber attack on NYS if you are using stocks for heating)

We are much more informed about every other type of national threat there is ( Natural disasters included ). yet we are much less informed about national level cyber risks/threats. probably because this is the newest of all threats.

so till we get our act together in terms of technology , legislations, standards and inter-connection impact and international cooperation I believe its only safer to treat cyber threats as the most critical till proven otherwise.