by Don Willmott
Excuse me, but did World War III break out while I was momentarily distracted by a YouTube video of a kitten jumping out of a cardboard box? Ever since Google traced several months of hacking attempts on its systems back to two Chinese universities, industry watchers have sounded off with choruses of "Told you so," and "This is nothing new," and "Just wait, this is only the beginning."
To recap: the "Aurora" malware that Google discovered took advantage of a zero-day vulnerability in Microsoft Internet Explorer to install spyware that route information indirectly to China. What was most troubling was that the attack seemed to focus on both human rights activists and American companies looking to do business in China. "No way," said the leaders of Shanghai Jiaotong University, whose students recently beat Stanford in an international computer "battle of the brains," and Lanxiang Vocational School, an institution that was built with Chinese military support.
As troubling as this kind of international hacking is, equally chilling is the notion that it happens all the time. Experts note that Britain, France, Israel, and the U.S. have all been accused of espionage-style hacking. One Chinese professor at Jiaotong, who wisely chose to remain anonymous, told the New York Times, "I'm not surprised. Actually students hacking into foreign Web sites is quite normal."
Fantastic. Are American companies - is your company - safe from international corporate espionage? "The message for American businesses, especially ones doing business in foreign countries, is clear," wrote Gideon J. Lenkey, co-founder of Ra Security Systems in an article for Internet Evolution. "Don't underestimate the threat of economic espionage. If you don't take your information security seriously, the person across the table you're negotiating with may already know all the cards you're holding."
In fact, our government itself may be metaphorically outgunned. Last Tuesday, Michael McConnell, the director of national intelligence in the Bush administration, told a Senate committee hearing that, "The cyber risk has become so important that, in my view, it rivals nuclear weapons in terms of seriousness." And furthermore, "If the nation went to war today in a cyberwar, we would lose," he said. "We're the most vulnerable, we're the most connected, and we have the most to lose."
McConnell also predicted that it will take a catastrophic cyberattack to inspire the federal government to take strong action. As things stand now, a cybersecurity bill has been bouncing around Congress for more almost a year. Maybe it doesn't matter anyway, given the borderless nature of the Internet. "Nations are in denial," Indian cyberlaw expert Pavan Duggal said in a Reuters report. "It may take a big shock of an event to wake people out of their complacency, something equal to a 9/11 in cyberspace."
This is why security isn't just the IT buzzword of the year. It's going to be the IT buzzword of the decade. There's no hotter sector in IT today, and incidents like the Google hack are only going to make it even hotter as organizations large and small - not to mention government agencies - look to buttress their defenses.
Sadly, I have to agree with the pundits who say we're just at the very beginning of the cyberspace security battles to come. Is this the fate of the Earth? An endless cyberwar pitting armies of caffeinated computer science students against each other while countries sell each other electronics equipment pre-loaded with hidden malware? Will the next world war be fought not with guns but with infected USB flash drives? While we wait to see what happens, let's all shore up our firewalls and hope for the best.