x Abu Dhabi, UAESunday 23 July 2017

A bogus threat still reflects on cyber-security

Bogus or legitimate, alleged attacks on Gulf stock exchange websites remind us that governments must identify vital systems and do what they can to make them more secure.

The facts are still not fully clear about reported cyber-attacks on Israeli and Gulf websites. At worst, however, what happened seems to have been little more than sophomoric online vandalism. But the story reminds us that the computer networks that undergird daily life are alarmingly vulnerable.

On Monday, the Tel Aviv Stock Exchange and other Israeli business sites suffered "denial of service" attacks. A Saudi hacker claimed credit, if that's the right word, without revealing his name. On Tuesday, news reports said, someone called "IDF-Team" retaliated against the Abu Dhabi Securities Exchange website and that of Tadawul, Saudi Arabia's stock exchange. Both Gulf exchanges have since denied that there were any attacks.

Against websites intended for the public, denial of service attacks - overloading a website until it crashes - are unfortunately within the arsenal of almost any clever, bored, malicious teen.

Real experts in this field do not boast. The Stuxnet "worm" which disabled many of Iran's uranium-enrichment centrifuges in 2010 reportedly took as much as 10 person-years of effort to develop, but nobody has claimed responsibility. That so much skilled labour went into such a challenging project should be a warning to us all.

How much of modern life depends on computer networks which we hope are secure: air traffic control, credit, banking, nuclear and other power stations, factories, hospitals, government records, emergency-response services, shipping, traffic lights - the list is endless, vulnerabilities are everywhere and a coordinated attack could be catastrophic.

It would be comforting to think that in the mysterious world of cyber-warfare, defensive skills are as well-developed as the arts of attack. But there is little reason to believe that.

US government networks, for example, are said to come under frequent and sophisticated probing attacks from abroad. China is often mentioned, as Israel is for Stuxnet, but the origin of cyber-attacks is rarely obvious.

Last summer, after systems were infiltrated at the US defence contractor Lockheed Martin, the Pentagon declared that cyber-attacks can constitute acts of war, which may bring military retaliation. But against whom?

There is a danger of overreaction as well. This recent threat, even if it was anything more than bluster by "IDF-Team", was minor but it does reminds us of the power that can be wielded by irresponsible parties. Governments must identify vital systems and do what they can to make them more secure - and do so urgently.