By 2025, we should expect to have experienced a “significant” cyberattack, according to a canvas of technology experts and researchers conducted by the Pew Research Internet Project and reported upon today.
To this group of experts, Pew posed the following question:
By 2025, will a major cyber attack have caused widespread harm to a nation’s security and capacity to defend itself and its people? (By “widespread harm,” we mean significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.)
Over 1,600 responses came in; respondents were not required to reveal their names.
Sixty-one percent of these respondents answered “yes” to the question. From this group, Pew distilled several themes:
Key themes: Yes, there will be major cyberattacks causing widespread harm.
- Internet-connected systems are inviting targets. The Internet is a critical infrastructure for national defense activities, energy resources, banking/finance, transportation, and essential daily-life pursuits for billions of people. The tools already exist to mount cyberattacks now and they will improve in coming years—but countermeasures will improve, too.
- Security is generally not the first concern in the design of Internet applications. It seems as if the world will only wake up to these vulnerabilities after catastrophe occurs.
- Major cyberattacks have already happened, for instance the Stuxnet worm and attacks in nations where mass opposition to a regime has taken to the streets. Similar or worse attacks are a given.
- Cyberattacks are a looming challenge for businesses and individuals. Certain sectors, such as finance and power systems, are the most vulnerable. There are noteworthy divides between the prepared and the unprepared.
From the 39 percent of respondents who answered “no,” Pew distilled this set of themes:
Key themes: No, there will not be major cyberattacks.
- There is steady progress in security fixes. Despite the Internet’s vulnerabilities, a distributed network structure will help thwart the worst attacks. Security standards will be upgraded. The good guys will still be winning the cybersecurity arms race by 2025.
- Deterrence works, the threat of retaliation will keep bad actors in check, and some bad actors are satisfied with making only small dents in the system so they can keep mining a preferred vulnerability and not have it closed off.
- Hype over cyberattacks is an exaggeration of real dangers fostered by the individuals and organizations that will gain the most from creating an atmosphere of fear.
Some, like a VP of research and consumer media for a research and analysis firm, think it is too soon to come down on one side definitively, saying, “There are serious problems, but it’s not clear that those who are directing the hype are focused on the correct problems or solutions. So, the problem is both serious and over-hyped.”
The connection between cyberattacks and cyberwarfare and state-sponsored espionage is one of the most disturbing scenarios cited by many of the experts. NASA Program Manager Mark Nall reminds us that we are already experiencing threats to “economic transactions, power grid and air traffic control,” but thinks that advances in artificial intelligence and self-healing systems will be key in combatting these dangers.
Stewart Baker, partner in a Washington, DC law firm, predicts that the list of realistic cyberwarfare attackers will continue to lengthen: “We used to worry about Russia and China taking down our infrastructure. Now we have to worry about Iran and Syria and North Korea. Next up: Hezbollah and Anonymous.”
And an expert from Brazil predicts that a “small, developing country” will likely suffer a critical infrastructure attack, followed by a larger country. Only then will some sort of coordination and negotiation occur. Who will be at that negotiation table, he does not venture to say.
The Pew Research Internet Projects pulls together over 25 pages of responses, trends and data on related Internet questions and topics that it has collected over the last 10 years. It’s more reading than you’ll want to do in one sitting, but nonetheless an impressive collection of alarms and calls to action, even from among those who said the “significant” event was farther off. We shall see if we are as lucky as they hope.
Kachina Shaw is managing editor for IT Business Edge and has been writing and editing about IT and the business for 15 years. She writes about IT careers, management, technology trends and managing risk. Follow Kachina on Twitter @Kachina and on Google+