With January 2004 just days away, predictions are being made for the new year — particularly for the dynamic world of information communication technology (ICT), these analyses and predictions are becoming more interesting. The big stories in 2003 have focussed on digital attacks and cyber crimes, mobile computing and the glaring digital divide.Virus and worm attacks backed up by regular distributed denial of service attacks (DDOS) as also Internet frauds happened across the year and regions. According to the British security analyst firm mi2g, there have been more than 200,000 overt digital attacks during the year. Financial losses from all attacks increased significantly and more and more organised groups geared up to participate in online disruptive activities.The first major challenge was the Slammer attacks in January which spread the fastest in the history of worms and caused losses worth $1 billion. The worst attack was in the month of August where Sobig and Blaster worms inflicted the maximum damage. Sobig in its sixth version was big enough to cause damages worth $36.4 billion in no time. And in the third quarter of December, as many as 13 NASA websites were targets of successful hacking attacks. The year also saw increased activity of organised crime syndicates honing their skills in cyber attacks. Besides, spoofing was also prominent.Towards the end of the year, the first World Summit on Information Society (WSIS) was held in Geneva, with 176 countries participating and around 50 heads of state present. Among other things, the WSIS deliberated on the issue of security in cyberspace and a plan of action was formulated. The first handbook on information security was published by Infodev of the World Bank coinciding with the WSIS event.The importance of securing cyberspace from criminals and anti-socials is being realised; there are efforts to forge a global consensus on addressing online security issues. As of now there has been no global effort in terms of a legal and response structure. Considering the transnational nature of cyber attacks, this is important. Unfortunately there are some dissenting voices on the issue — privacy concerns and the vast differences in legal frameworks across nations are seen as obstacles. Many feel that the Internet should be free from regulation.Apart from policy issues concerning cyber security, 2003 also saw the emergence of a strong industry approach to security issues. Network security has come to the boardroom from the decks of the technical manager. Similarly, most governments’ approach towards security of critical infrastructures has acquired a strong focus and security policies and response structures are being given priority. Interestingly, this year saw increased cooperation between the government and the private sector.So what are the predictions for 2004? There are four issues relating to cyber security which will see rapid movement. The first trend we are likely to see is the blending of threats and resulting attacks. This would be more qualified and prevalent. Thus spamming techniques, virus-writing and hacking will be supplemented with DDOS attacks in various combinations. The second trend will be attacks on mobile networks. The rapidly increasing wireless networks and the accompanying applications will be vulnerable to attacks from criminal syndicates. Much work will be done to secure networks. The third trend will be increased spamming attacks. The nuisance and threat value of spamming will increase rapidly in 2004. Fourth, critical infrastructures will also be prominent targets for attackers.Given these forecasts, more and more security companies will emerge with high claims. Likewise cyber insurance will be a booming business. It, however, remains to be seen how the online world progresses with all its success stories and travails. The emerging information society should be a better place rather than a new pasture for criminals and terrorists. It is to be hoped that mi2g’s predicted 350,000 digital attacks for 2004 do not actually materialise.
