Last mont, shortly after the dramatic events in Paris, the online hacker community Anonymous announced more actions against IS (Islamic State). One of these actions was Anonymous’ appeal to everybody to make Friday 11 December ‘IS Trolling Day’, by criticizing and ridiculing IS on social media. This appeal followed actions by Anonymous hacktivists, such as blocking and publicly exposing hundreds of IS-related Twitter-accounts.
These actions have generated new awareness of Anonymous’s ‘noble intentions’, but they also raise lots of questions, such as: how does this help (international) security services? And, more importantly: what can we expect from IS in the digital space? Quite a lot, if we follow British Minister George Osborne: he warns against lethal cyberattacks by IS on Britain’s most critical infrastructure.
This is not a completely irrational fear, as far as I’m concerned. IS’ powers in cyberspace are dependent on the available resources in terms of people (knowledge) and money. And IS, sadly, has plenty of resources available.
Moreover, it is not just IS that may be targeting our critical infrastructure, other cybercriminals may plan some attacks as well. This has emerged very clearly from our research, which shows that critical infrastructures have become increasingly popular among cybercriminals, and that we have not only IS to fear for that type of attacks.
More and more ‘things’ are being connected to the internet. From – at first sight – innocent objects such as traffic lights to important infrastructure such as power plants, water purification plants, etc.
That’s why I believe it is more important than ever that we focus not only on the possible perpetrators, but also – and perhaps even more – on the vulnerabilities in our critical infrastructure, and on the disastrous consequences that may follow a successful attack on one of these targets. The threat of such an attack is real, and eliminating the attacker is not going to take away the threat. For each cybercriminal that is apprehended, five will gladly take his place. So let’s start focusing on how we should defend our critical infrastructures effectively. All of them. Straightaway.