Inside Cyber Warfare - Jeffrey Carr [7]
The chart in Figure 1-1, prepared by independent security researcher Jart Armin, demonstrates the rapid rise in volume and sophistication of attacks in just the last 10 years.
Figure 1-1. Incidents of malicious cyber activity
A 2009 report by Gartner Research states that financial fraud was up by 47% in 2008 from 2007, with 687 data breaches reported. What does that translate to in dollars? No one seems to know, although Chris Hoofnagle, Senior Fellow with the Berkeley Center for Law and Technology, says in an article that he wrote for the Fall 2007 issue of the Harvard Journal of Law and Technology that it’s probably in the tens of billions:
Currently we don’t know the scope of the problem. ... We do know that it is a big problem and that the losses are estimated in the tens of billions. Without reporting, we cannot tell whether the market is addressing the problem. Reporting will elucidate the scope of the problem and its trends, and as explained below, create a real market for identity theft prevention.
In January 2009, Heartland Payment Systems revealed that it was the victim of the largest data breach in history, involving more than 130 million accounts. No one really knows for sure because hackers had five months of uninterrupted access to Heartland’s secure network before the breach was discovered.
Organized crime syndicates from Russia, Japan, Hong Kong, and the United States are consolidating their influence in the underground world of cyber crime because the risk-reward ratio is so good. Although law enforcement agencies are making sustained progress in cyber crime detection and enforcement—such as Operation DarkMarket, an FBI sting that resulted in the arrest of 56 individuals worldwide, more than $70 million in potential economic loss prevented, and recovery of 100,000 compromised credit cards—cyberspace is still a crime syndicate’s dream environment for making a lot of money with little to no risk.
Future Threats
The assessment of future threats is an important part of assessing the priority for increased cyber security measures, not to mention building out the capabilities of a military cyber command.
A recent report by the European Commission predicts:
There is a 10% to 20% probability that telecom networks will be hit by a major breakdown in the next 10 years, with a potential global economic cost of around €193 billion ($250 billion). This could be caused by natural disasters, hardware failures, rupture of submarine cables (there were 50 incidents recorded in the Atlantic Ocean in 2007 alone), as well as from human actions such as terrorism or cyber attacks, which are becoming more and more sophisticated.
The commission goes on to recommend an increased focus in key areas to counter future threats in cyberspace. These include:
Preparedness and prevention
Fostering cooperation of information and transfer of good policy practices between member states via a European Forum Establishing a European Public-Private Partnership for Resilience, which will help businesses share experience and information with public authorities
Detection and response
Supporting the development of a European information-sharing and alert system
Mitigation and recovery
Stimulating stronger cooperation between member states via national and multinational contingency plans and regular exercises for large-scale network security incident response and disaster recovery
International cooperation
Driving a Europe-wide debate to set EU priorities for the long-term resilience and stability of the Internet with a view to proposing principles and guidelines to be promoted internationally
Establish criteria for European critical infrastructure in the Information and Communication Technologies (ICT) sector
The criteria and approaches currently vary across member states