World due for a major cyber attack before 2025, say experts
THE world is likely to suffer a major cyber attack causing "widespread harm to a nation's security and capacity to defend itself" before 2025, according to a survey of more than 1,600 experts carried out by the Pew Research Center.
Sixty-one per cent of respondents - which included policymakers, researchers, analysts and engineers - said that they thought a major attack was likely while 39 per cent said "no".
Those that thought an attack was likely said that internet-connected systems had become too invited, with critical infrastructure such as energy or finance tied into what is a very vulnerable system.
"Current threats include economic transactions, power grid, and air traffic control," said Mark Nall, a program manager for Nasa. "This will expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure."
Some experts also thought it was fair to say that "major" cyber attacks had already happened, citing examples such as the Stuxnet worm which is widely thought to have been engineered as a joint US and Israeli program and that set back Iran's nuclear program by years.
"We are already witnessing the theft of trade secrets, with impact well worth tens of billions of dollars," said Christian Huitema, a senior engineer at Microsoft.
"We are also seeing active development of cyber weapons by many world powers. Historically, such new weapons are always used at least once or twice before nations realize it is too dangerous and start relying on diplomacy."
Other experts noted that individuals with privileged access to certain systems could end up being as much a threat as nation states, citing figures like Edward Snowden and Chelsea Manning as well as those responsible for financial disasters such as Steven A. Cohen and Bernie Madoff.
Respondents that thought an attack was unlikely said that the hype outweighed the actual danger, and that that distributed structure of the internet and infrastructure (much of which is not connected to the internet in any conventional sense) would stop hackers causing too much damage.
"Nations and others who hold necessarily secure information are getting better and better about protecting their essential assets," said Paul Jones, a professor at the University of North Carolina.
"Yes, a bunch of credit card numbers and some personal information will leak. Yes, you may not be able to place an order for a few hours. But it's less and less likely that say all pacemakers in a major city will stop at once or that cyber attacks will cause travel fatalities."
Looking to the future, respondents also predicted that the dynamics of cyber warfare could mimic that of the Cold War, with nations developing ever more dangerous attack capabilities that keep competing powers form becoming too aggressive.
"Mutually-assured destruction worked then, works now, and will work in cyberspace," said Garland McCoy, president and founder of the Technology Education Institute.
Significant examples of cyber warfare in the past decade included not only the Stuxnet worm but the suspected hacking of official Georgian websites during the country's invasion by Russia in 2008 and the indictment of five Chinese military officials in May for hacking US energy industries.