The word “cyberwar” comes up quite a lot.
We’ve written about it – the use of the word, that is, not the topic to which it claims to refer – on many occasions.
We don’t much like the word, not least because it gives the impression that the average cyberthreat, such as ransomware that extorts $300, or botnets that can send millions of spams a week from every infected zombie under their control, are somehow unimportant.
The word cyberwar also gives the impression that even large-scale cyberintrusions are, in comparison, unimportant.
But intrusions unrelated to warfare, or nation-states, or cybertroops, include many attacks with far-reaching side-effects, for example: Target’s infamous cash register breach, where 40,000,000 credit card numbers were stolen over several weeks; and the repeated thefts of personal information in South Korea that are already said to have affected 40 million of the country’s 50 million people.
Another problem with the word cyberwar is that once you’ve accustomed your readers to it, you need to find more and more cyberincidents (for want of a better word) that you can describe as “war” rather than merely as intrusions, or malware infections, or hacks, or breaches.
A recent example is the Ukrainian power utility that suffered an outage around 25 December 2015 (which is not Christmas Day in Ukraine, so these were not “Christmas attacks,” whatever you may have read) due to some sort of cyberattack.
We’re still not sure quite who was involved, or why; we’re not sure whether the hackers actually used malware to trigger an outage, or whether the malware found afterwards was merely a symptom of security problems that allowed the outage to happen.
Nevertheless, we’re hearing the C-word applied to that power outage – even though it was geographically quite limited and fairly brief – as though a power outage were inevitably more serious than tens of millions of leaked passwords or stolen identities.
So, if you are cynical of the word cyberwar, as we are, and you enjoy the occasional piece of amusing satire, you’ll love the cute-rodent-of-the-week meme: Cyber Squirrel 1.
This website is a tongue-in-cheek comparison of infrastructure outages known to have been caused by animals, notably squirrels, and those that the site claims can officially be considered nation-state attacks on critical infrastructure.
According to @CyberSquirrel1, the score currently sits at Squirrels 623, USA 1.
(You can probably guess what the 1 refers to. It’s not known whether this attack actually succeeded, or ended up being a handy excuse for Iran’s failed centrifuges, but that doesn’t matter now…the 1, of course, is the Stuxnet virus.)
On a clickable CyberSquirrel map, you can find all sorts of rogue-animal outages, from A to Z.
There’s the Australian eagle that cut off electricity to 2000 households in Western Australia by dropping a sheep’s head onto a power pole, all the way to the Zimbabwean baboons that chewed through transmission cables and knocked local radio station YA FM off the air for two hours, costing it $1200 in ads that couldn’t go to air.
You couldn’t make this stuff up!
The bottom line: we don’t need the C-word to take cybersecurity seriously.
If you’re looking for a few simple things that you can do to get the upper hand on cybercrooks in 2016, why not take a look through the Advent Tips we published to round off 2015?
After all, cybersecurity should be part of your digital life, not just for Christmas.