'We're all in the blast radius of a cyber arms race,' warns Bruce Schneier

Security expert warns of increasing cyber warfare, especially as it's difficult to tell if you're being attacked by a government or 'two guys in a basement'

Governments, corporations and other actors are in the "early years of a cyber arms race", which means that every individual "is in the blast radius" as nation states and other bodies carry out cyber espionage on each other - and the nature of it means we don't even know who to attribute the attacks to.

That's according to renowned security technologist Bruce Schneier, who made the startling remarks during a keynote presentation titled "How Do You Know You've Been Breached?" at the Infosecurity Europe 2015 conference at London's Olympia.

"Unfortunately, I think we're here in the early years of a cyber arms race. There's a lot of nation state rhetoric, we're seeing more nation state attacks against non-nation states," he told the Infosec audience and listed just a handful of the prominent examples of the wide-scale cyber attacks perpetrated by and targeted against nation states.

"Not just the North Korea against Sony; this year China attacked GitHub, which was kind of weird. Iran attacked oil company Saudi Aramco, US and Israel attacked Iran.

"There's a lot of this back and forth where countries are not attacking each other, but are attacking companies within the countries and I think we're going to see more of that," said Schneier.

"We are all in the blast radius; not for anything we did, just because of who we are," he said.

Schneier also warned about what he called the "democratisation of tactics" and how it creates a problem for those under cyber attack, because it's impossible to tell whether they're being targeted by a nation state for political means or just a couple of "guys in a basement" doing it because they can.

"We're actually living in a world where you can be attacked and not know if it is a nuclear-powered government with a $20bn military budget or a couple of guys in a basement somewhere. That's actually a legitimate thing to be unsure about. That's freak," said Schneier, who described how "the same tactics and targeting and weaponry are used by everybody".

"In the real world, you can tell the attacker by the weaponry," he said. "If we walked outside this building and we saw a tank on the street, we would know that the British military is involved because only the military can afford tanks. The weaponry is a shorthand to identify the actor. That doesn't work in cyber space and we're seeing this more and more."

Schneier described some examples of this "democratisation of warfare".

"Late last year, the hacker group Anonymous announced they were going to take out ISIS; good for them, but what? Does that make any sense to anybody? In 2010, another arm of Anonymous threatened NATO. Again, does that make any sense? Hackers associated with ISIS last year broke into Centcom, part of the US military's Twitter account," he said.

"We're seeing a lot of these ‘couple of guys' going after nation states. This politically motivated attacking is real and very important," he continued, adding "politics is defined very broadly here; nationalistic, ethical, religious, we're seeing it against governments, against corporations, against individuals, intuitions, for all sorts of reasons".

"Here's the issue; attribution is a problem. Attributing attacks is very, very hard," Schneier said.