Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

OECD report provides a comprehensive analysis of the risks and impact of cyberattacks

The OECD has published a new report into the risks and impact of cyberattacks. Written by Peter Sommer and Ian Brown, the report is a contribution to the OECD project ‘Future Global Shocks’.

Key points include:

- The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate.

- There are significant and growing risks of ‘localised misery and loss’ as a result of compromise of computer and telecommunications services.

- Catastrophic single cyber-related events could include: successful attack on one of the underlying technical protocols upon which the Internet depends, such as the Border Gateway Protocol which determines routing between Internet Service Providers and a very large-scale solar flare which physically destroys key communications components such as satellites, cellular base stations and switches.

• It is unlikely that there will ever be a true cyberwar.

• Proper threat assessment of any specific potential cyberthreat requires analysis against: Triggering Events, Likelihood of Occurrence, Ease of Implementation, Immediate Impact, Likely Duration, Recovery Factors. The study includes tables with worked examples of various scenarios.

• Rates of change in computer and telecommunications technologies are so rapid that threat analyses must be constantly updated. The study includes a series of projections about the future.

• Managerial measures include: risk analysis supported by top management; secure system procurement and design as retrofitting security features is always more expensive and less efficient; facilities for managing access control; end-user education; frequent system audits; data and system back-up; disaster recovery plans; an investigative facility; where
appropriate – standards compliance.

• Technical Measures include: secure system procurement and design; applying the latest patches to operating systems and applications; the deployment of anti-malware, firewall and intrusion detection products and services; the use of load-balancing services as a means of thwarting distributed denial of service attacks

• Penetration Testing is a useful way of identifying system faults

• Three current trends in the delivery of ICT services give particular concern: World Wide Web portals are being increasingly used to provide critical Government-to-citizen and Government-to-business facilities. Although these potentially offer cost savings and increased efficiency, over-dependence can result in repetition of the problems faced by Estonia in 2007. A number of OECD governments have outsourced critical computing services to the private sector; this route offers economies and efficiencies but the contractual service level agreements may not be able to cope with the unusual quantities of traffic that occur in an emergency. Cloud computing also potentially offers savings and resilience; but it also creates security problems in the form of loss of confidentiality if authentication is not robust and loss of service if internet connectivity is unavailable or the supplier is in financial difficulties.

Read the report (PDF)

•Date: 18th Jan 2011 • Region: World •Type: Article •Topic: ISM news

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here