“$100 billion global cyber catastrophe”

Corporate honchos are very concerned about computer security and the possibility of massive Internet failure in the wake of the latest virus attack:

The mi2g Intelligence Unit has learnt that chief executives and board-level decision makers within S&P 500 and FTSE-100 component companies are seriously evaluating the possibility of taking out insurance against a $100 billion global cyber catastrophe risk event for their worldwide operations that could cause massive business interruption for days and lead to insurmountable property and liability, breach of contract and workers’ compensation claims alongside the potential for serious intellectual property theft and online financial fraud.

Specialist law firms and General Counsels’ offices have been busy over the last two weeks reviewing the terms of reference of existing insurance policies in regard to large scale cyber risk and catastrophe cover. Both captive insurance companies and general insurance companies have been approached for clarification on cataclysmic digital events and associated fallout leading to large scale loss of revenues or claims.

Reinsurance companies, in turn, have been approached by insurance underwriters and brokers in the last ten days, especially because every form of digital risk and terrorism has been studiously excluded from all types of general property and casualty insurance and associated reinsurance policies post 9/11 often with the use of “side letters.”

Up until August 2003, it was generally believed that cyber catastrophe was a non-starter and therefore not worth insuring against. Then the global MSBlast and SoBig malware epidemics struck alongside the largest power outage in history across North East America – affecting New York, Cleveland, Ohio, Detroit, Michigan, Toronto and Ottawa – followed by further outages in London (UK), parts of Sweden, Denmark, Switzerland and most of Italy. As a result, strategic corporate interest in large scale digital catastrophe, associated damage to critical economic infrastructure and multi-day power outages has been rising in the last six months.

….The leaked Microsoft Windows 2000 and NT4 source code contains the vital Winsock Application Programming Interface (API), Internet Explorer 5 (IE 5), Simple Network Management Protocol (SNMP), Public Key Infrastructure (PKI), networking and some Software Development Kit (SDK) code as well as the way in which Internet Explorer liaises with the rest of the operating system. These components are critical to maintaining safety, security and stability across a global digital network.

There is concern that multi-nationals could face bankruptcy if their digital points of vulnerability were targeted repeatedly at some stage by hackers or malware authors, who could gain unfair competitive advantage to attack Microsoft computers by studying the source code leak and then carry out a large scale intellectual property theft or financial fraud in parallel with a denial of service attack. [mi2g]

This all ties in with worldwide dependence on Microsoft, the “monoculture discussed here.

It sounds like we also need a separate backup Internet with complete redundancy. I wonder what that would cost.