One of the course books I had way back when I was doing my MSc in Information Security at Royal Holloway was entitled “Information Warfare and Security“, and written by Dorothy Denning. It was an interesting book and got me thinking about the use of the Internet for military purposes and how the pervasiveness of the Internet could impact society if it were to be attacked.

The book was written in 1998 and a lot has changed since then; I was still using a 28kbps dialup modem and the communications course on my Computer Science degree focused a lot on ATM packet transmission. But the fundamental issues were already there.

The film WarGames was the first that addressed the issue of the possibility of hacking military systems but the most vulnerable networks now are civilian, those run by organisations that provide utilities and services to the general population, power and water for example. Given that private companies generally don’t spend as much on information security as governments, there is a risk that they haven’t spent enough. And people are being targeted with sophisticated Trojans whose purpose is unclear.

So, as a country whose critical infrastructure is under attack, how do you:

  1. Determine where the attack is coming from
  2. Determine whether it is state-sponsored or the work of “hacktivists”
  3. Decide what to do in retaliation, if anything

At what point does a cyber-war escalate into a physical one?

I realise that there are plenty of studies around the globe looking at these issues. I am not sure that there has been any final agreement about the implications of declaring Internet war nor under what circumstances. I do know, however, that many countries are developing their cyber warfare capabilities.