Cyber attacks could be a major threat in the next decade, according to experts canvassed in a new Pew Internet report. Pew asked: “Will a major cyber attack have caused widespread harm to the nation’s security and capacity to defend itself and its people?” According to the report, more than 60 percent of the experts answered in the affirmative.
The experts were also asked to elaborate on their answers; the report is a compilation of their responses. While the majority agreed that a major cyber attack was imminent, nearly 40 percent answered “No.” Several themes emerged on both sides of the issue.
One of the themes on the “Yes” side was that interconnected systems invite and facilitate cyber attacks. The tools are already available and will only get better in the coming years.
Some of the experts see vital infrastructure as particularly vulnerable.
“Cyber attacks will become a pillar of warfare and terrorism between now and 2025,” said Joe Kochan of US Ignite, a non-profit organization that creates applications for public benefit. “So much of a country’s infrastructure — commerce, finance, energy, education, health care — will be online, and gaining control of or disrupting a country’s online systems will become a critical goal in future.”
Stuwart Baker, partner for a Washington law firm, said, “Cyberwar makes sense,” adding that attacking the power grid and industrial control systems is “devilishly effective” and gets easier every year. “We used to worry about Russia and China taking down our infrastructure. Now we have to worry about Iran and Syria and North Korea. Next up: Hezbollah and Anonymous.”
Another theme was that security isn’t a primary concern when designing Internet applications, and only after a catastrophe, will people wake up.
Senior computer scientist for the U.S. National Science Foundation predicted damages in the millions to manufacturing and utility infrastructure, increasing slowly and being written off as a cost of doing business. “Due to political gridlock and bureaucratic inertia, the government will be unable to defend itself, even if it knows how,” he said. “The issue is not primarily one of technical capability (although we’re sorely lacking in that department). The primary issue is a lack of policy/political/economic incentives and willpower to address the problem.”
On the “No” side, the experts were optimistic that there is steady progress toward security fixes and that by 2025, “the good guys will be winning the cybersecurity arms race.”
Indeed, Robert Bell, executive director of the Intelligent Community Forum, expects the scale of attacks to grow smaller, not larger. “While the possibility of such widespread disruption certainly exists, it has become a priority among most industrialized nations to understand and respond to the threat.”
“No” responders also felt the hype over cyber attacks is an exaggeration of the real danger, created by organizations that benefit from fear mongering.
Principal researcher at Microsoft Research Jonathan Grudin pointed out that Eisenhower was concerned that we would suffer if leaders did not rein in the military-industrial complex. “It is clear our leaders are powerless to rein in the military-industrial-intelligence complex, whose interests are served by having us fearful of cyber attacks,” he said.
Software engineer Mike Caprio said the infrastructure is not nearly as fragile as some would have us believe. “Cyber attacks are a boondoggle invented by military-industrial contractors to bilk governments out of billions of dollars.”