New Weapons of Information Warfare

Computerworld - The October issue of Communications of the ACM featured papers about future robots capable of performing self-organizing tasks. The authors showed how acceleration in the processing power of computers means that machines could soon reach the capabilities of living creatures, at an affordable cost.
The table below, from the Association for Computing Machinery article, shows the "computing" capacity of organisms and illustrates when commercial computers had or are expected to have equivalent processing power.
Instead of thinking about the rising potential for robotic machines, it occurred to me that software with the intelligence of a mouse or a monkey would have the frightening capacity to launch a new form of network-based warfare.
So far, our approach to securing information networks has been static. The attackers write clever code that's then dispatched to potentially vulnerable apparatus on the Internet. The hostile code is designed to exploit the known weaknesses of millions of computers as well as those of other programmable devices connected to the global Web. The extent of the damage depends on the speed with which the corruption propagates and on the speed with which defenders can deploy countermeasures.
The Security Intelligence Products and Systems organization estimates the worldwide cost of damage from digital attacks from Jan. 1 to mid-November of this year to be between $170 billion and $203 billion—up from $110 billion to $130 billion for all of 2002. And that estimate doesn't include costs for installing increasingly burdensome defensive measures.
To place this figure into perspective, one must consider that the estimated total cost of information security failures is about 10% of the total global cost of business computing. In a year when the increases in budgets for business computing remain in the 1%-to-2% range, the net effect of the losses from attacks is a cut in available spending to support money-making business applications. From that point of view, the costs of software attacks can be seen as inflicting economic damage comparable to that of a major terrorist incident.
The question then arises of whether the current approaches to instituting defensive measures—as promised by software vendors, consultants and your own security personnel—will be sufficient to overcome steadily escalating security threats. This is a classic problem in waging defensive warfare, where the forces of attackers must be neutralized by the capabilities of the defenders. In force vs. counterforce war games, attackers can be defeated if the learning cycle of the defenders is faster and their resources are adequate to disable the aggressors.
Unfortunately, the outlook for information security from