Interviews

How Good is Cyber-Security Worldwide?

Audio: Play | Download

Marco Werman talks with Tim Maurer, a fellow at the Global Public Policy Institute, about hacking and cyber-security worldwide.

Read the Transcript
The text below is a phonetic transcript of a radio story broadcast by PRI’s THE WORLD. It has been created on deadline by a contractor for PRI. The transcript is included here to facilitate internet searches for audio content. Please report any transcribing errors to theworld@pri.org. This transcript may not be in its final form, and it may be updated. Please be aware that the authoritative record of material distributed by PRI’s THE WORLD is the program audio.

Marco Werman: On one level the attacks suffered today by Israeli websites are not that different from those targeting countless online businesses every day. But there are key differences too. Tim Maurer, a fellow at the Global Public Policy Institute, he’s also affiliated with the cyber-security project at Harvard’s Kennedy School of Government. Maurer says it’s important to differentiate between different types of attacks.

Tim Maurer: If we look at what’s happening in Israel I think that’s part of the larger political conflict, and that there you witness more of a type of what has been called hacktivism. The combinaiton and hacking with a political agenda and activism. Whereas if we look at other instances of hacking where it more about stealing customer data and putting those online, or maybe not putting them online and instead using them in the underground, that is more of a criminal type of hacking that’s used for economic purposes to make profit. And there are very many different types of hackers out there. There are the ones who, like back in the day are teenagers who are kind of first exploring and figuring out whether they can detect vulnerabilities and what they can do with it, but it’s become a lot more professionalized. In the 1990s we have seen how criminal have moved into the internet and I would argue that states are probably the latest groups of actor that has moved into cyberspace realizing that they can use it for their own interests and purposes. So if we don’t differentiate we are not able to differentiate something like Stuxnet from a DDoS attack that distributed denial of service attack that we’ve just seen in Israel.

Werman: Right, the Stuxnet virus, which appeared in 2010 in Iran and which many thought had been launched by either Israel and/or the United States. In the recent past, what are the most alarming examples of cyber crime that you’ve heard about, things that sort of show the parameters of how bad this whole idea could go?

Maurer: I think one of the biggest events that has also certainly attracted most attention in the media recently was the DDoS attack against Estonia, which is actually similar to what we saw today in Israel, which showed that there is a new quality in the type of hacking that is taking place; that is no longer simply focusing on taking down a website, or criminals using it, but that there are states behind it or non-state actors that are using it for political purpose at a large scale. In addition to that we’ve seen the Google hack recently that was rather surprising in the sense that it’s also large technological companies that have become the target and victim of attacks, despite their very good security systems.

Werman: Well, Tim, one thing that the cyber attacks in Israel remind us of is state on state attacks or perhaps non state actors attacking states, how far could that go? I mean what could countries potentially do to harm each other?

Maurer: When I read the news today I saw in one of the articles making a comment about there’s a cyber war looming in the Middle East. My personal view is that I think those claims are exaggerated, that we will not see a pure cyber war as such. It’s more a question of using cyber warfare as part of a broad political conflict. So we will definitely see an increase in cyber attacks, but the one that we saw today in Israel is still rather a simple type of attack in that they actually didn’t infiltrate the system to change the system itself and have a destructive effect. But then if we look at something like the Stuxnet virus, that’s a very different type of animal where we’re actually looking at a type of a hack that can have significant implications such as in Iran for the nuclear program there, where the attack is so sophisticated that it targets a very specific type of mechanism within their system, and changes it in a way that it has implications for the system as a whole.

Werman: Right, and with the Stuxnet there were crucial processes that the Natanz nuclear facility just stopped.

Maurer: Exactly, to give you another example, in Syria there was an attack in I believe 2009 against a nuclear facility there and part of the attack was also accompanied by a cyber attack that allegedly knocked out the Syrian Air Defense System, so that they weren’t able to detect the fighter jets up in the air until the bombs were already exploding. So, what we are seeing is an increase in the use of cyber warfare with traditional warfare as a supportive mechanism.

Werman: Tim Maurer, a fellow at the Global Public Policy Institute, speaking with us from Washington. Tim, thanks a lot.

Maurer: Thank you.

Copyright ©2009 PRI’s THE WORLD. All rights reserved. No quotes from the materials contained herein may be used in any media without attribution to PRI’s THE WORLD. This transcript may not be reproduced, in whole or in part, without prior written permission. For further information, please email The World’s Permissions Coordinator at theworld@pri.org.

• ‘DarkMarket: Cyberthieves, Cybercops and You’ – Exploring the World of Cybercrime
• The World: Making the Rules of Cyberwar
• Global Public Policy Institute