Cyber warfare not theoretical, can actually kill

Cyber warfare is already a reality and here to stay despite suggestions that such attacks will not lead to fatality, note security insiders, who warn that cyberattacks can actually lead to loss of lives as technology is increasingly integral to daily life.

Thomas Rid, a professor at King's College London, argued in a recent article that killer cyberattacks would never happen. He noted that a cyberwar must "have the potential to be lethal" but hacking and cyberattacks were more akin to spying, rather than killing.

Rid added that worries over "killer cyberattacks" were unwarranted because the actions would have to be "potentially lethal, instrumental and a political act of force." Politically-motivated cyberattacks are merely a more sophisticated version of activities that occur within cyber warfare such as sabotage, espionage and subversion, the professor added.

Refuting Rid's argument, Graham Titterington, principal analyst at Ovum, said cyber warfare may usually involve information theft but the premise that it cannot endanger lives does not hold true.

He noted that on the extreme end of the scale, Stuxnet attacks had tampered with the operations of nuclear centrifuges and in some instances, nuclear reactors, giving rise to the potential of triggering a devastating explosion.

Even at a comparatively more "mundane" level, attacks on utilities such as severing electricity supply or taking down an emerging telephone communication can lead to loss of life, Titterington said.

Luis Corrons, PandaLabs technical director at Panda Security, noted in an e-mail that while cyberwar activities seen nowadays are mainly related to espionage and sabotage, these are already part of war. He added that as an indication that cyber warfare is already a reality, many countries are already building cyber command offices within their army.

Cyber effects can result in physical harm
Elaborating, Edison Yu, industry manager at Frost & Sullivan, told ZDNet Asia that Rid had taken on a "traditional concept of war" in putting forth his argument that cyber warfare was an "irrelevant term".

With the growing marriage and interdependence between the cyber and physical realms, any "lethal" action is likely to be facilitated by actions in cyberspace, he explained in an e-mail.

A virus can never kill a person, literally, but it can be used to establish conditions that may potentially lead in the loss of human lives, Yu warned. Hence, there is no reason to believe why such scenarios are neither real nor will lead to a possible loss of life, particularly in light of how technology is so intimately ingrained into everyone's daily lives today, the analyst said.

Yu said: "Moving forward, the growing humanization of technology or rising human dependency on technology to drive daily functions may eventually enhance the influence it has on a life-and-death situation.

"It is up to us to rely on our survival or self-preservation instincts to keep these technological threats in check," he said.

However, John Ong, South Asia regional director of Check Point Software Technologies, agreed with Rid, noting that "war implied death" and he did not see death to be a direct result of cyberwar.

"Cyber warfare is really just a matter of confrontation between two parties--the attacker and the defender," Ong said in an e-mail. "The net result most of the time is the downtime of network and information resources, not bloodshed or heads being blown off."

He added that too much credence may have been given to "movie magic and fictional representations of [cyber] hacking", which is far from reality.

"Most of the time, script kiddies are the kind of 'hackers' out there, while serious hackers to date have not had the means to actually inflict massive bloodshed and death, since counterattack and defensive technologies are equal and opposite," he said.

Ong, though, noted that there is a possibility that future warfare may move from the "physical battlefield" to a virtual one, in which information and control assets are disabled.

Warfare here to stay, countries must prepare
Yu believes cyber warfare is already here and is here to stay. The use of cyber means to establish strategic advantages in a state of war or conflict will become more common as technology becomes more pervasive in daily life, explained the Frost & Sullivan analyst.

The "war" of the future may even be fought out between machines, transforming into a battle between which camp has the better technology or more advanced artificial intelligence, he noted.

"In the current state of things, where technology is essentially a competitive tool, it is perhaps inevitable that man will turn to technology to gain an advantage over their competitors, be it the military area or the business arena," he said.

The stealthy nature of cyber warfare makes it harder for people to be aware or even protect themselves against the consequences, Yu warned.

As such, he underscored the need to develop a cybersecurity mindset if people were to adequately protect themselves against the effects of cyber warfare, he said

He suggested the need for greater regulation in the cyber world. "Laws that apply to the physical world should also be appropriately mapped onto the cyber realm, since the cyber world is increasingly becoming a mirror image of the physical world," he said.

"More importantly, by making people more aware and conscious of the perils brought about by the cyber world, it will enable them to be naturally attuned to the consequences of cyber warfare, be it in terms of their attitudes or actions toward to cyber arena," Yu said.

According to Jonathan Andresen, Asia-Pacific director of product marketing at security vendor Blue Coat, countries and governments will need to upgrade their defenses to protect their confidential data.

With an increasing amount of data sent over the Internet, Andresen said it is important to incorporate a dedicated Web security defense, along with a network layer of defense.

A single defense layer such as a firewall or antivirus software is insufficient, he said, adding that organizations instead need real-time protection and intelligence that a cloud-based Web defense can deliver as it quickly expands and adapts to new threats.