State-sponsored cyber attacks and cyber terrorism were, until the second half of last year, thought by most commentators to be purely the concern of national governments, while CIOs in the private sector needed only to focus their security concerns on threats from criminal gangs and independent hackers.

But that view is now changing rapidly. Recent events such as the attack on the Iranian nuclear program by the Stuxnet worm (the first malware to specifically target control systems used in power stations and other large-scale installations) have made it clear that critical infrastructure is now a prime target.

Meanwhile, attacks on financial services companies — and others — who severed links with the WikiLeaks website, by groups of self-organized protesters creating “voluntary botnets,” show the speed and ferocity this kind of action can take.

CIOs in a wide range of sectors, such as utilities, logistics, finance and healthcare, are now facing up to the prospect that their IT estates can quickly become targets. In a recent survey by technology security specialists Symantec, it emerged that 53% of enterprise IT managers worldwide suspected or were “pretty sure” that they had experienced an attack waged with a political goal in mind.

These attacks included attempts to steal electronic information, shut down networks and manipulate physical equipment by taking control of networks. Chillingly, three out of five attacks were considered to be effective.

The new face of warfare

With Gartner forecasting that, by 2015, “a G20 nation’s critical infrastructure will be disrupted and damaged by online sabotage” (although the analyst firm declines to predict which country is the most likely victim) governments are responding by stepping up their cyber security measures and augmenting cooperation with the private sector.

The UK government, in its National Security Strategy, published in October, declared “hostile attacks upon UK cyberspace by other states” to be one of the main threats the nation faces. In November, the European Union conducted a major exercise to test its readiness to defend against a full-scale cyber attack.

At the same time, the US Department of Defense made cyber security a top priority, establishing Cyber Command, a unit dedicated to digital warfare.

Meanwhile, in full realization of how critical infrastructure is now at risk, US government agencies are planning to cooperate with the financial services industry to “identify and fight cyber security vulnerabilities” and “develop more efficient and effective cyber security processes that can be used in the financial services sector as well as by other organizations.”

The cyber security stakes have never been higher.

For more on IT security, log into the Members’ Area to see our in-depth report.