The phrase "Cyber Attack" can mean different things to different people. For some, simply gaining unauthorized access to a computer is a cyber attack. For others, a cyber attack is a complex, thorough, and systematic effort to crash important computers or steal important information.

I created the Gibson Index because too many people were being singled out and vilified simply for gaining a small amount of unauthorized access, with no malicious intent. Often, this unauthorized access was due to extreme negligence on the part of the administrators of the compromised system. Many of these instances were sensationalized far beyond the actual level of impact - they became a distraction from the true threat of cyber warfare, and in one case led directly to the suicide of a talented and respected individual.

The threat of cyber warfare is very real, and the effects of a Level Six or Level Seven attack will be unprecedented.

Today, an analysis of an organized cyber warfare unit was published in the New York Times based on research from Mandiant. This unit, if the allegations are true, has committed hundreds or thousands of coordinated attacks with the express purpose of gathering intelligence that they can leverage to their own advantage. They can start with a Level Two attack and use the information gathered from it to gradually increase the breadth of their penetration and control all the way into a Gibson Level Five attack.

The intelligence they have allegedly gathered is primarily focused on real-world infrastructure, such as power grids and air traffic control systems.

This means that they may already have the capability to launch a Gibson Level Six attack. This would result in real-world, targetted, intentional damage to infrastructure and/or economies. The side effects of such an attack could also include fatalities.

You can see that this is a lot different from some kid analyzing his college's network with a freely-available software kit - and so, you can see why the Gibson Index is important for ensuring accurate understanding of the threat.

By providing a system for differentiating minor incidents from true attacks and the looming potential for acts of cyber warfare, it is my hope that the Gibson Index will help focus the public dialogue and media coverage on the real threats, and not the minor distractions.