Paul Marks, senior technology correspondent
Britons have been spitting blood this past weekend after a botched banking software upgrade at the UK's government-owned Royal Bank of Scotland denied hundreds of thousands of people access to banking services. Customers of RBS and its NatWest and Ulster Bank subsidiaries have not been able to check their account balances or make major payments - such as deposits on houses - leaving some homeless.
While it is not yet clear why the software upgrade failed - or whether it was the fault of an offshored computer facility in India - what is certain is that the episode has given us just a tiny taste of a nightmare scenario long feared by cybersecurity experts who advise western governments: What happens if there is an extended, simultaneous attack on all of the banks?
I was recently talked through this scenario by a source familiar with international deliberations on cyberdefence. Imagine, the source said, that an attacker manages to disable the communications lines, or routers, linking a nation's banks, ATMs and the point-of-sale debit/credit card terminals in supermarkets and garages. Suddenly, as few of us carry much cash these days, people cannot buy day-to-day essentials like food and fuel. "The big concern is that hurricane Katrina-style riots could break out on a mass scale as people take to looting," the source said.
Particularly susceptible communications networks have already been identified by some governments and fixes put in place, the source said, patching, for example, vulnerabilities that came to light in the UK national telecommunications network during Tony Blair's time in office.
However, the arrival of the reprogrammable computer worms Stuxnet, Duqu and Flame now pose a fresh cyber risk. These can attack industrial or financial infrastructure in a step-by-step fashion, overcoming multiple layers of security as they go by wielding different software "payloads" at the right time. Devised initially by US and Israeli intelligence to slow Iran's nuclear programme, these threats got into the wild and now provide attackers with handy cyberattack "construction kits".
Continued forensic examination of these worms by antivirus firms should find ways to disable attacks based on them. But for how long can an American firm like Symantec, say, continue to reveal threat confounding measures when it is clear that a US intelligence organisation is partly behind the threat? Last week, at the Adaptive and Resilient Complex Systems conference at the Royal Society in London, I asked Patricia Titus, Chief Information Security Officer at Symantec that very question.
"It's our job - and we will continue to do it until we are told to cease and desist," she said.
houston nutt houston nutt peter marshall peter marshall zombie boy zombie boy harvard yale
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.