The Cyberwar Hits Home Part 2: It’s Everybody’s Game
In last week’s ZapFlash, we emphasized the need for contingency planning for dealing with outages that Cyberwarfare can cause to organizations, regardless of whether or not they are the target of the attack or simply collateral damage. Attacks on Visa, MasterCard, and Amazon.com over the WikiLeaks brouhaha hammered this point home.
But collateral damage or direct target, there is still a broad misperception that such attacks are always centrally planned and coordinated. We are just not accustomed to the possibility that there might be a large scale attack with no central instigator.
But if we combine the Cyberwar Crisis Point with the Social Media trend – both elements of the ZapThink 2020 vision in our new poster – then chilling, yet fascinating conclusions emerge. Here is a recipe for Cyberwarfare in today’s Social Media world.
The Social Media story begins with Crowdsourcing. But even Crowdsourcing depends upon a single instigator, who outsources tasks to a social network. Crowdsourced distributed denial of service (DDOS) attacks are bad enough, but they are still a traditional form of attack in the sense that there is a central perpetrator.
Next up is viral communication processes, whose best known example is viral marketing. Where viral marketing uses social networks to spread word-of-mouth information about a product or service, the same approach can spread non-marketing information as well. The essence of a viral process is its self-replicating nature, that is, when somebody receives a particular message, the message motivates that person to pass along the message to several other people.
Combine Crowdsourcing and viral communication with the hacker underground – which is actually not particularly far underground. The aforementioned WikiLeaks-motivated attacks leveraged a hacker tool called the Low Orbit Ion Cannon, or LOIC. Google this term to find an entrance to the underground, but beware the goofy terminology and occasional booby traps as you explore. What you’ll find is an entire subculture with tools that turn DDOS attacks into child’s play.
Now add Twitter. Think of Cyberwarfare as the planting of bombs and Twitter as the fuses. Coordinating attacks and avoiding countermeasures are as simple as following and tweeting.
Next, mix in Ubiquitous Computing (also part of ZapThink 2020). We’re not talking about computers in the traditional sense any more. Any device with an IP address can be either part of the attack or part of the target. Mobile phones, yes, but refrigerators, electric meters, automobiles, security cameras…virtually anything can be on the Internet these days.
Finally, place this whole mess into the context of the wisdom – or sheer foolishness – of crowds. If you’ve changed your Facebook profile image to support a cause you know what I mean. Why did you do that? What purpose did it serve? Answers: because other people were doing it, and, well, not really clear on the purpose, are we? So, what if it’s just as easy to participate in a DDOS attack against some organization or other who has offended you or your buddies in some way. Knocking a corporation or a government off the Internet can be as easy as making Bugs Bunny your Facebook picture.
The ZapThink Take
Contingency planning through redundancy is only the starting point to protecting yourself from decentralized, viral Cyberattacks. The long-term answer requires dynamic approaches to policy enforcement that leverage the same fundamental principles that drive such attacks in the first place. ZapThink calls this solution Next Generation Governance.
Next Generation Governance does more than protect organizations from attacks. It is actually an approach that keeps organizations agile over time, even as the complexity of their systems explodes. It won’t be easy, but organizations who implement such approaches will achieve lowered risk and increased strategic advantage. On the other hand, companies who are unable to implement such approaches compound their risks dramatically.
Want to learn more? ZapThink can help your organization with Next Generation Governance. Drop us a line at firstname.lastname@example.org and we’d be happy to chat with you about how we can help you protect yourself from the risks ahead.