Virtually Here: Reaction To The McAfee Report
So, McAfee have released their fifth Virtual Criminology Report for 2009, Virtually Here: The Age of Cyber Warfare [pdf]. It’s kicking up a huge stink across the wires, largely because of the ‘age of cyberwar is here!’ headlines just begging to be used by editors and screaming bloggers everywhere.
It’s not a big report but it’s not a bad one either. It manages to steer a level-headed line through the discursive melee that is anything to do with cybersecurity these days. It’s core mission is to ‘encourage and frame a global dialogue on protecting our digital resources from the scourge of cyber war’. That last clause is a little dramatic as the report makes it clear that the ‘scourge’ is purely a potential one at present, despite its possible precursors in Estonia, Georgia, etc. Its global remit is fulfilled by its contributors, drawn from the US, China, Japan, Australia, UK and South America.
It makes some sensible points about using criminal laws to pursue and prosecute offenders but acknowledges those limits. It addresses the problems with deterrence regimes and international treaties governing use of ‘cyber weapons’, and attempts to parse some of the difficulties in determining between cyber espionage and warfare. Whilst there is an implicit focus on business interests, these are linked to the economic case for cybersecurity. It makes a curious statement about proactive cybersecurity measures avoiding ‘the need for governments to ever contemplate a Big Brother appraoch to cyber security’. I’d rather they just came out straight with saying that was a priori a bad idea.
The central theme is to encourage cross-sector dialogue, particularly in public. It is critical of the current behind-closed-doors mentality, as am I. I don’t hold out much hope for it achieving that goal but it’s one I support.
Don’t read too much into the cover. Cooling towers in a wintry landscape: is that smoke meant to be there? The nuclear accident overtones are fairly clear, although you have to ask what else they could have put on the cover. The infrastructure meltdown theme is continued on page 2 as handsome control-systems-man covers his face with his hand, presumably in despair as the latest SCADA hack releases noxious effluent upon a previously green-and-pleasant land, or some such nasty side-effect of poor cybersecurity. Anyway, that’s just the visuals and I’m not going to criticise them, as there’s not a mushroom cloud anywhere in the report.
In fact, the whole thing’s quite restrained. This is a bit of a surprise, given it was funded by McAfee – huge security vendor – and written by Good Harbor – big consultancy player. I’m sure people better-informed than me will find points to challenge but it’s not a bad document in my view.
