Cyber war: Don’t believe the hype
Are people overstating the seriousness and prevalence of cyber war? To numerous security pros, it seems so.
Another problem comes with definition. Often the term cyber war' has been used in relation to non-politically motivated attacks, blurring boundaries between independent hack incidents and nation-on-nation action.
To further complicate matters, use of war-like tactics in broader cyber conflicts is no longer a rarity.
Nevertheless, many believe you need two countries in conflict with one another to apply the term, and there is an argument that the phrase has not been truly applicable to any scenario as yet.
"To have cyber war, you need actual war cyber war is a subset of war," Schneier told delegates at the conference.
"It depends who is attacking you, why they're attacking you. It might be destruction, but destruction might be crime, it might be espionage gone bad."
And here there appears to be a consensus amongst security professionals, who agree the phrase has been misused.
Mikko Hypponen, chief research officer at F-Secure, concurred with what Schneier said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Almost all of the attacks we've seen so far are not cyber war. They are closer to cyber gang war. The attackers are not nation-states; they are independent groups," Hypponen told IT PRO.
"Real wars are fought between countries."
David Emm, from Kaspersky Lab, shares those views. If two countries are not at war, then their cyber activities cannot be classed as war, he said.
"I'd broadly agree, in the sense that the term has been widely used but hasn't been defined," he added.
Creating such a definition would be particularly tricky. When calls to draw up rules of engagement for cyber war were recently made, they were met with scepticism. There is simply too much complexity to really define boundaries, a number of security professionals have argued.
This surely only indicates attempts at a definition of the phrase would leave many stumped.
Reasons to be worried
Regardless of how much cyber war may have been overstated, complacency is an issue. It may even be wise to exaggerate, so security initiatives get the funding they deserve.
Given the industry often bemoans the lack of Government funding it gets, arguing that cyber warfare has been overstated could lead to the sector shooting itself in the foot.
There is also the fairly obvious point that there is clearly potential for war to spill over into the cyber sphere.
"It is true that if we were to see a war between two developed nations, it would today involve cyber war as well," Hyponnen said.
"So it's quite obvious armies around the world are researching this and getting ready."
Stuxnet, besides being a terrifyingly sophisticated piece of malware, offered us a sign that there are real politically motivated threats out there.
"Stuxnet's significance is twofold. First, it was clearly not designed for financial gain - and it therefore bucks the trend of the past five or six years," Emm told IT PRO.
"Second, its sophistication suggests skills and resources beyond those responsible for developing malicious programs until now. Its appearance underlines the potential use of malware for purposes other than making money in a world that is becoming more and more dependent on computers."
Cyber war is real, of that there is no doubt. Stuxnet effectively proved that.
But there is clearly some aggrandisement of the issues going on here. Be aware, but don't believe the hype. At least not all of it.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.