The cyber-attacks recently launched by six individuals from the group Anonymous, an international hacktivist collective, against 13 Quebec government and police websites are but a fleeting glimpse of a much broader problem associated with the cyber world, most of which remains largely unseen. Succinctly stated, the cyber-attacks were a response to the Quebec Liberal party's constitutionally questionable Bill 78 that was recently passed as a response to the student crisis sparked three months ago over the government's planned 75% tuition increase. That six individual were arrested by law enforcement agencies and charged with mischief, conspiracy, and unlawful use of a computer should hardly be reassuring.
As Richard A. Clarke, former Coordinator for Security, Infrastructure Protection, and Counterterrorism under the Clinton Administration, rightly states, the really skilled cyber hackers, most notably the best government teams from countries such as the U.S., Russia, France, and China are seldom stumped when trying to penetrate a network. The fact that amateur hackers, three of whom were minors, were able to infiltrate "trap doors" in websites such as the Quebec public safety ministry, the Quebec Liberal Party, and the Quebec Police Ethics Commission points to the inherent vulnerabilities of a decentralized, borderless, and open global communication network. The creators of the Internet, who were originally concerned with designing a communication system that could withstand a cold war post-nuclear strike scenario, did not have network security as a primary concern.
Exploitation of the Internet's vulnerabilities to advance political and economic objectives is not without precedent. To name a few sophisticated examples, North Korea, which used to maintain a cyber-war unit at the Shanghai Hotel in the Chinese town of Dandong, caused on July 4th, 2009 U.S. websites of the Treasury, Secret Service, Federal Trade Commission, Department of Transportation, NASDAQ, and Washington Post to be brought down by similar distributed-denial-of-service attacks (DDoS). In the summer of 2003, malware got into and slowed controls in a power grid, causing the largest blackout in North American history leaving Ontario, Quebec, Pennsylvania, New York, and six other American States without electricity. Governments were also reminded to take cyber-attacks seriously in the private sector after 9/11 when many banks and Wall Street firms were knocked offline by targeted attacks. In June 1999, a software failure in a security system caused a pipeline owned by Olympic Pipeline Company to rupture in Bellingham, Washington, causing ¼ million gallons gasoline leak to ignite into a fireball and causing significant property damage, namely to a nearby municipal water treatment plant. In 1983, American-Canadian cooperation allowed the CIA to manipulate Russian control software on the trans-Siberian pipeline to cause a pressure buildup, which resulted in the largest non-nuclear explosion in history.
In short, as most recently illustrated by the amateur and politically motivated cyber-attacks in Montreal, Quebec, and numerous other more sophisticated cyber-attacks that have occurred throughout the Internet's existence, a hand can easily reach out from cyberspace and cause substantial political, social, economic, and physical damage in the real world. The global knowledge economy is increasingly dependent upon computer-controlled networks connected to the Internet, and has gained unprecedented value. With the Web 3.0 already on the horizon that is, a world in which virtually all things or objects can be manipulated through the Internet, potential loss scenarios that may arise from future cyber-attacks are countless. Considering the 2.1 billion users currently connected to the Internet, all would be well advised to invest in enhancing cyber security, assess current insurance coverage, and conduct a cost-benefit analysis of their cyber risk exposure.
www.cozen.comThe content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
