Internet 'kill switch' could cause chaos, OECD report warns

Cybersecurity mired in confused thinking

A proposed US Internet 'kill switch' to be used in the event of a cyberwar could actually cause more problems that it would prevent, a new report commissioned by the Organisation for Economic Cooperation and Development (OECD) has argued.

The report for the OECD by the London School of Economics and the University of Oxford looked at the potential of cyber-events to cause major disruption and found a tendency to exaggerated language, an over-reliance on military concepts of war and defence and plenty of confused thinking.

The chance that a cybersecurity event would on its own cause a major global problem were rated as small, and the Internet was also unlikely ever to witness a pure cyberwar of the type summoned up by dystopian pessimists.

More likely, a separate event such as a natural disaster would be made worse by a collapse in electronic infrastructure on which a country had come to depend. As to the threat of a cyberwar, this was more likely to reflect a conflict that was also taking place using conventional military means than one happening purely using electronic weapons.

There was also a tendency for governments to conceive of cybersecurity using conventional military assessments of importance.

"We think that a largely military approach to cybersecurity is a mistake," said report co-author, Dr Ian Brown, of the Oxford Internet Institute at the University of Oxford. "Most targets in the critical national infrastructure of communications, energy, finance, food, government, health, transport, and water are in the private sector."

The biggest national disruption would be to civilian and private sector assets beyond the protective ring of military cybersecurity. In some cases this might be made worse by governments outsourcing services to private sector organisations, the report suggests.

As to the infamous US 'kill switch' proposal, the authors are deeply sceptical.

"In the very simplest sense the Internet cannot really be switched off because it has no centre," the report notes. "in most emergencies you would want to give priority to doctors, but most doctors and their surgeries use the same downstream Internet facilities as the bulk of the population and there would be no easy way to identify them. Localised Internet switch-off is likely to have significant unwanted consequences."

Governments should look to protect citizens and not just government assets, the authors recommend. More effort also needs to be made to create international computer emergency response teams (CERTS) that can have a better view of unfolding events than today's mostly national agencies.

None of this was being made easier by confused terminology which rolls any cyber-security event - whether a criminal Trojan attack, a 'hacktivist' DDoS or a malware event such as the possibly targeted Stuxnet attack on Iran - into a single set of statistics.

Small-scale events could turn out to be highly significant but risked being drowned out by information overload.

Much of the report spells out generalised and sometimes obvious points for policy makers. Cybersecurity represent an issue that requires planning and attention and should not be ignored.

Perhaps, however, the biggest worry the authors point to is simply the way other disasters of the future could be made worse in the event that information systems cannot cope. Once, such events would have been dealt with on the ground using slower but possibly more robust lines of communication and response. The world's growing reliance on the Internet requires a fallback in the event that it fails.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Personal TechsecurityUS Internet

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John E Dunn

Techworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?