Cyberwarfare 'a reality in 12 months'

The increasing reliance on IP networks in critical infrastructure organisations such as banks and power stations could mean trouble, Gartner claims

The increasing use of IP technology in power stations, railroads, banks and other financial institutions will make cyberwarfare a reality by 2005, according to analysts.

Although an actual act of cyber-warfare or cyber-terrorism has never been recorded, the potential exists and is being facilitated by an increasingly connected world, according to a report released on Wednesday by market-research firm Gartner.

Technologies such as VoIP and the trend towards voice and data convergence have cost and flexibility benefits for businesses, but they also expose vital telecommunications networks to traditional forms of Internet attack, such as worms and viruses, according to the report, "Cyberwarfare: VoIP and convergence increases vulnerability".

"An increasingly connected world increases the possibility that cyber-warfare will be waged," the report says. "The increasing use of VoIP and convergence networks for critical-infrastructure control and maintenance makes the attacks increasingly viable."

Gartner claims that, unlike traditional circuit-switched networks, VoIP networks have an inherent weakness when it comes to latency -- any delay to the packets carrying the voice traffic disrupts communication. A massive denial-of-service attack could "degrade call performance by slowing voice packet arrival at a given destination" and effectively cut off voice communication, the report says.

Other weaknesses flagged in the Gartner report include the Supervisory Control and Data Acquisition (SCADA) interfaces used to connect a significant portion of global critical-infrastructure elements such as dams, railroads, electrical grids, and power stations. These are now more vulnerable due to the rise of IP technology.

Historically, SCADA interfaces have been connected by circuit-switched networks and were really open to attack only from hackers manipulating the phone system -- so-called phreaking or war-dialling. Increasingly, these devices are being converted from dial-up to persistent IP network connections, increasing the likelihood of attacks utilising techniques such as port scanning, Gartner claims.

To combat the inherent risks associated with widespread use of IP networks, Gartner advises companies to be develop voice and data networks "under the assumption of prolonged sporadic outages", explore alternative ways of communicating, and monitor government alerts regarding the risk of cyberwarfare.

The Gartner report follows a warning earlier this week from the UK's national infrastructure watchdog, the National Infrastructure Security Security Coordination Centre, regarding several security flaws found in products that use VoIP and text messaging, including those from Microsoft and Cisco Systems.

The flaws affect software and hardware that support the real-time multimedia communications and processing standard, known as the International Telecommunications Union (ITU) H.323 standard.