Cyber warfare continues to be spruiked by governments as a major threat. Pity they fail to explain where the threat really lies.

The relentless hyping of the threat of the internet by governments continues apace.

As anticipated, overnight Foreign Minister Kevin Rudd and Defence Minister Stephen Smith announced — in a media release unfortunately titled “Co-operation on Cyber” — that “the US and Australian governments agreed today that a cyber attack on either of them would trigger the mechanisms of the ANZUS Treaty. “Cyber attack” is — presumably purposefully — left undefined.

Rudd and Smith been meeting with Secretary of State Hilary Clinton and newish Defence Secretary Leon Panetta. Panetta is the US official who, as Crikey has shown in its previous coverage of the remorseless rise of the cyber security industry, has most aggressively hyped the threat of the internet, warning repeatedly of a “cyber Pearl Harbor”, despite no evidence that cyber attacks could wreak the sort of mass destruction of which cyberhawks such as Panetta warn. Indeed, the whole “cyber war” threat has been treated with scepticism by President Obama’s co-ordinator for cyber security, Howard Schmidt. But the Pentagon and the White House have released cyber strategies this year. Our own cyber white paper is shortly to be released. The Brits and the Canadians — who are also in the “Quintent” of anglophone countries that co-operate on cyber security matters with us — are also busy on cyber warfare.

The hype continued on a domestic front this week when the only identifiable ASIO officer, Director-General David Irvine, addressed the “Safeguarding Australia” conference this week, and returned to the issue of cyber security, declared that

“Technological change is occurring so fast and in some ways so chaotically that intelligence communities do indeed have trouble keeping up as we look at them, both in terms of the acquisition or use of the technology itself, and also in ensuring that the laws under which we operate can accommodate constantly and rapidly changing technology. In other words, the laws under which we operate have constantly to be modernised to ensure that they enable us to do with new technology what we were able to do with the old.”

In short, Irvine proposes the legislative equivalent of a perpetual motion machine, constantly expanding ASIO’s powers because of technological change.

Irvine’s previous prognostications about the internet have drawn mockery. In July, he made the now-famous complaint that people were being “radicalised — literally, in their lounge rooms” by “unfettered ideas and information” obtained through the “rampant use of the internet, the democratisation of communication”. Beyond the ridicule it merited, the statement says much about the attitude of the head of our domestic spy agency towards not just the internet but citizens more broadly, casting them as passive absorbers of whatever the internet connects them to. It’s rather like the logic behind the internet filter, that it’s possible to accidentally stumble upon child p-rnography — you could be sitting in your lounge room using the internet (as one does in one’s lounge room) and BANG! radicalised by an unfettered idea you’ve come upon by mistake.

Thanks for signing up We look forward to seeing you bright and early with your need-to-know talking points and tidbits for the day ahead. Get Crikey FREE to your inbox every weekday morning with the Crikey Worm. Please enter your email address Sign up

In Irvine’s world, the real “terror” is his own terror of his fellow citizens, who can’t be relied on to even sit in their own lounge rooms any more, due to the ”particularly insidious and worrying” threat of “cyber”.

What is never mentioned in the regular calls for vigilance and defence in the cyber war is that the evidence shows the greatest cyber security threat comes not from Chinese, hackers, or “non-state actors” or “street hackers” or even Irvine’s lounge-room radicals, but from within governments and cyber defence companies. It has been poor security within cyber defence contractors and law enforcement agencies that has enabled a constant series of cracks this year that revealed dramatic or not-so-dramatic insights into those industries, as well as gigabytes of personal information. It was the US military that, allegedly, failed to properly vet a fragile, deeply unhappy young LGBT man before giving him an “above top secret” clearance with access to vast amounts of classified information. Constant curtailment of individuals’ rights and the expansion of the powers of spy and law enforcement agencies would literally do nothing to enhance cyber security in the absence of people within governments, and the agencies they employ, adhering to the basics of information management.

A recurring feature of the war on terror, and the irony of its exorbitant cost, is that much of it has had the effect of actually doing what Irvine fears — radicalising people to take up arms against us. The more paranoid would declare that this is the entire point of the war on terror, to create a self-perpetuating environment in which governments must exercise intrusive and restrictive powers over their populations and channel funding to the beneficiaries of the war, the security and military sector, to address a threat that wouldn’t exist in its current form outside that environment.

Curiously, a similar situation threatens to occur with the war on the internet. The more governments raise a hue and cry about “cyber”, direct money to combating it, and use it to justify the remorseless expansion of the powers of agencies such as ASIO, the more online activists will respond in kind, goaded into protest by the actions of governments and companies, angry about further restrictions on liberties, undertaking DDOS attacks and cracking efforts, conscious that poor security within the government sector means even script kiddies can gain a trove of confidential material if they’re lucky.

This of course will in turn be used by governments to further justify themselves and the dollars they hand to the cyber security industry.

But of course, only the paranoid would think like that.