The FBI warned yesterday that cyber attacks posed a bigger threat to the US than physical threats.
It's a little far fetched to claim that whole infrastructures are at stake - for the US, at least. But all large organisations (government, capital or community sector), have a heavy reliance on computerised processes, and those processes - and key organisational assets - are facing the entire world via their online presence. It is almost axiomatic that much of these assets aren't fully secured against determined and knowledgeable cyber attacks - let alone compromise from within.
It's also likely that jurisdictions that are less technologically sophisticated could face greater threats to computer-based assets, particularly from concerted attack from countries with a stronger base of technical skills. The article above mentioned cyber attacks on Estonia and Georgia that emanated from Russia - just one illustration of the possibilities for unofficial warfare to gain advantage in standoff situations. Such attacks can be worse than physical war because:
- it is often difficult to ascertain the size of an attack: as mentioned in the article, it is much easier to see and gauge the extent of a physical conflagration;
- it is often difficult to ascertain the source of an attack. The general location can be hard, but the originating organisation is much more difficult;
- adequate security requires a level of sophistication to plug all the gaps that most organisations simply don't have;
- at best, the attacker may be located physically, which knowledge may not help.
I can see nothing to suggest this situation will substantially change over time. Security may get more sophisticated for many organisations, but more gaps will always emerge, attackers will in turn improve skills and tools, and the stakes will get higher as organisational assets become more intrinsically tied to the digital economy. Soldiers, pirates and privateers will all circle around each other's forts, barely seen.