Cyberwar is about to get way too real.
A survey of over 1,600 cybersecurity experts conducted by the Pew Internet & American Life Project found that a significant majority predict a major cyberattack causing “widespread harm to a nation’s security and capacity to defend itself and its people” will occur before 2025.
Some 61 percent of survey respondents said such an attack is imminent within the next decade
The report’s authors noted that the respondents largely pointed to how the Internet is increasingly becoming an indispensable part of virtually all systems, from national defense to energy and finance. The main source of concern were “essential utilities.”
While online connectivity makes these systems more powerful and efficient, it also opens up those systems to hackers. Many respondents added that these vulnerabilities are amplified by how many designers approach the construction of these systems—favoring factors like speed and usability over security.
“Damages in the billions [of dollars] will occur to manufacturing and/or utilities. But because it ramps up slowly, it will be accepted as just another cost (probably passed on to taxpayers through government rebuilding subsidies and/or environmental damage), and there will be little motivation for the private sector to defend itself,” Secure and Trustworthy Cyberspace Senior Computer Scientist Jeremy Epstein told Pew. “Due to political gridlock and bureaucratic inertia, the government will be unable to defend itself, even if it knows how. The issue is not primarily one of technical capability (although we’re sorely lacking in that department). The primary issue is a lack of policy/political/economic incentives and willpower to address the problem.”
These predictions should maybe be taken with a grain of salt. In 2004, Pew conducted a similar survey and two-thirds of respondents said that “at least one devastating attack will occur in the next ten years on the networked information information infrastructure or the country’s power grid,” something that hasn’t actually happened, at least not in any apocalyptic way.
In the United States, a handful of Chinese military officials were indicted earlier this year for conspiring to direct cyberattacks attacks against targets, including nuclear and solar power plants, aimed at stealing information that could benefit Chinese companies.
However, the most high-profile case of a cyberattack directed at a piece of national infrastructure likely originated within the American government. In 2009, the Stuxnet computer virus started making it way around the Internet. It was eventually used to damage uranium-enrichment hardware at Natanz Nuclear Facility in Iran. Stuxnet is widely assumed to have originated as a joint project between the U.S. and Israel meant to stop Iran from developing an atomic bomb.
Despite the recent Pew survey respondents’ warnings about future attacks, the report’s authors noted that the general tenor was one of hopefulness rather than despondency:
There is steady progress in security fixes. Despite the Internet’s vulnerabilities, a distributed network structure will help thwart the worst attacks. Security standards will be upgraded. The good guys will still be winning the cyber security arms race by 2025.
At the same time, “essential utilities” aren’t the only targets in danger of being targeted by cyberattacks. As a string of extremely visable security breaches at retail companies like Target, Home Depot, P.F. Chang’s and Neiman Marcus, private sector businessess are much more vulnerable to attack than nucelar power plants.
These attacks against businesses are becoming more and more common. A report released earlier this week by California Attorney General Kamala Harris revealed that, in 2013 alone, the personal information of 18.5 million Californians was compromised by data breaches—a 600 percent increase from just one year prior.
H/T USA Today | Image by Max Fleishman