28 January 2011

Cyber This, Cyber That

It seems we can't go a day without hearing something about cyber threats or cyber war in the mainstream press. But what's the reality?

Newspaper headline reading 'A perfect storm of cyber attacks?'

The World Economic Forum (WEF) published its annual report on global risks in advance of the WEF Annual Meeting 2011 this week in Davos. Cyber security (encompassing online data and information security and critical information infrastructure breakdown) was listed as one of five "risks to watch", which "may surprise or overwhelm us" due to varying levels of confidence in the likelihood of significant impact but which "experts considered may have severe, unexpected or under appreciated consequences". The report discusses cyber theft, cyber espionage, cyber war and cyber terrorism specifically but also warns about design flaws in internet-connected smart systems. Cyber security doesn't however make it into the report's Top 10 risks by likelihood and impact combined (Table 5, page 44).

Meanwhile the Organisation for Economic Co-operation and Development (OECD) published a report Reducing Systemic Cybersecurity Risk. This is an output of the OECD Future Global Shocks project which is looking at options for governments to enhance capacity to identify, anticipate, control, contain and/or mitigate large disasters. The report is at a greater level of detail than the high-level WEF document, . The report concludes that there are very few single cyber-related events have the capacity to cause a global shock, but that governments should make detailed preparations to withstand and recover from a wide range of unwanted accidental and deliberate cyber events. Most breaches of cyber security (e.g. malware infestations, distributed denial of service, espionage, actions of criminals, recreational hackers and hacktivists) are expected to be relatively localised and short-term in impact.

Comforted? Remember that "local and short term" on a world leader's global scale might be the whole of your business or market. Assess the risks, and make decisions based on your own context.

If you want further advice on dealing with cyber security incidents, last week the European Network and Information Security Agency (ENISA) published its Good Practice Guide for Incident Management. Although it is aimed at national/governmental Computer Emergency Response Teams (CERTs), it contains good practices, practical information and guidelines for the management of network and information security incidents which are of use to a wider audience. See also the NIST Special Publications (800 Series) for more documents like this.

Posted on: 28 January 2011 at 08:46 hrs

Comments Comments (0) | Permalink | Send Send | Post to Twitter

Comments

Comments are filtered automatically and should appear shortly after they been checked.

Post a comment
Confirm acceptance and understanding of the terms of use
New posts to this thread will be sent to your email address
Cyber This, Cyber That
http://www.clerkendweller.com/2011/1/28/Cyber-This-Cyber-That
ISO/IEC 18004:2006 QR code for http://clerkendweller.com

Page http://www.clerkendweller.com/2011/1/28/Cyber-This-Cyber-That
Requested by 50.17.107.233 on Friday, 25 April 2014 at 09:13 hrs (London date/time)

Please read our terms of use and obtain professional advice before undertaking any actions based on the opinions, suggestions and generic guidance presented here. Your organisation's situation will be unique and all practices and controls need to be assessed with consideration of your own business context.

Terms of use http://www.clerkendweller.com/page/terms
Privacy statement http://www.clerkendweller.com/page/privacy
© 2011-2014 clerkendweller.com