Cyber attacks on communications networks will likely increase in the next 10 years, and a majority of experts polled (61%) by Pew Research Center say those will include a major attack somewhere in the world by 2025 that causes tens of billions of dollars in damage and "widespread harm to a nation’s security and capacity to defend itself and its people?" The other 39% of respodents believe there would be no such attack, with mitigation efforts keeping pace with the bad guys.
That is according to the Pew Research Center's latest "Digital Life in 2025" report, released Wednesday (Oct. 29). It is the latest offering in its ongoing project saluting the 25th anniversary of the creation of the World Wide Web.
The "canvas" -- it is not a randomized survey -- is based on 1,642 respondents, billed as "experts and Internet builders," all of whom were asked for predictions about the future of cybersecurity threats.
“Cyber attacks are already pervasive, and it is trivial even for children to acquire the means to inflict serious damage," said software engineer Robert McGrath who helped develop the World Wide Web. "The United States has already attacked other countries, and other deliberate attacks are suspected. Losses are already in the tens of billions...It is only a matter of time before there is a serious incident, i.e., one that journalists recognize as an event.”
One software tech CEO active in Internet standards development (respondents did not have to provide their names) warned that the major attack could be a high-altitude electromagnetic pulse attack that could do a number on cloud storage systems that would require a long and complex recovery period. On the other side of the major attack issue was telecom engineer Peter McCann. "The potential for destructive terrorist acts carried out through computer networks has been dramatically over-hyped," he said. "To the extent that computers are put in control of life-critical processes, there will be air gaps and safeguards in place that prevent malicious outside instructions from interfering in their operations.”
Darel Preble, founder of the Space Solar Power Institute, suggested concerns about the security of the power grid might be misplaced. "The major damage to our national power grids is not from cyber attacks but from natural causes—squirrels, ants, ice, falling trees, wind, and simple human error," he said.
Hal Varian, chief economist at Google, also sees more danger in mother nature than malicious actors. “There will certainly continue to be cyber attacks around the world. However, I don't think that such attacks will involve losses of tens of billions of dollars," he said. "For that to happen we would have to see systems down for several days. Katrina was the costliest US hurricane and it did about $100 billion of damages. Most hurricanes have been in the $20 billion range. I don't see cyber attacks coming anywhere close to hurricanes in terms of the associated property losses.”
Pew summarized the key themes put forth by both camps.
For those who said there will be a major cyber attack, or attacks, causing widespread harm, the reasoning was:
1) "Internet-connected systems are inviting targets. The Internet is a critical infrastructure for national defense activities, energy resources, banking/finance, transportation, and essential daily-life pursuits for billions of people. The tools already exist to mount cyber attacks now and they will improve in coming years—but countermeasures will improve, too.
2) "Security is generally not the first concern in the design of Internet applications. It seems as if the world will only wake up to these vulnerabilities after catastrophe occurs.
3) "Major cyber attacks have already happened, for instance the Stuxnet worm and attacks in nations where mass opposition to a regime has taken to the streets. Similar or worse attacks are a given."
4) "Cyber attacks are a looming challenge for businesses and individuals. Certain sectors, such as finance and power systems, are the most vulnerable. There are noteworthy divides between the prepared and the unprepared."
For those saying they did not think there would be a major attack, their reasoning was as follows:
1) "There is steady progress in security fixes. Despite the Internet’s vulnerabilities, a distributed network structure will help thwart the worst attacks. Security standards will be upgraded. The good guys will still be winning the cyber security arms race by 2025.
2) "Deterrence works, the threat of retaliation will keep bad actors in check, and some bad actors are satisfied with making only small dents in the system so they can keep mining a preferred vulnerability and not have it closed off.
3) "Hype over cyber attacks is an exaggeration of real dangers fostered by the individuals and organizations that will gain the most from creating an atmosphere of fear."