Cyberwar is harder than it looks; the Internet's vulnerability to attacks has been exaggerated.

• Author: Bailey, Ronald
• Position: Column

IN WARTIME, combatants often attempt to disrupt their enemies' supply systems, generally by blowing them up. Modem life is made possible by a set of tightly interconnected systems supplying us with electricity, water, natural gas, automobile fuels, sewage treatment, food, finance, telecommunications, and emergency response. All of these systems are increasingly directed and monitored through the Internet. Would it be possible for our enemies to disrupt these vital systems by "blowing up" the Net?

The Obama administration is worried that they will In May 2009, the administration issued its Cyberspace Policy Review, which described threats to the Internet as "one of the most serious economic and national security challenges of the 21st Century" A year later, the U.S. Cyber Command was launched with the aim of protecting American information technology systems and establishing U.S. military dominance in cyberspace. A January report by the U.K.-based market research firm Visiongain identifies cyberwar preparedness as the "single greatest growth market in the defense and security sector," forecasting that global spending will reach $12.5 billion this year.

A January report from the Organization for Economic Cooperation and Development--Reducing Systemic Cybersecurity Risk, by the British researchers Ian Brown and Peter Sommer--evaluates the most widely discussed threats to cyberspace security, from viruses to denial-of-service attacks. Such weapons already have become common in government and industrial espionage, identity theft, Web defacements, extortion, system hijacking, and service blockading.

Two recent episodes should give us some sense of these weapons' effectiveness. In 2007, hackers launched cyberattacks against Estonian websites, apparently as a protest against relocating a Soviet-era statute. And a 2008 border dispute with Russia provoked a series of denial of service attacks against Georgia's Internet infrastructure. Good news: As James Lewis of the Center for Strategic and International Studies (CSIS) noted in a 2009 report, "in neither case were there casualties, loss of territory, destruction, or serious disruption of critical services." Brown and Sommer conclude that it's "unlikely that there will ever be a true cyberwar."

By cyberwar the writers mean a war fought solely over and with information technologies. It takes a lot of effort, they point out, to figure out new vulnerabilities in already protected critical systems...