Internet experts: Next decade could bring widespread harm from cyberattack
Be afraid of potentially devastating cyberattacks, and be better prepared to guard against them. But also be wary of the risks - especially to privacy - that accompany a growing focus on cyber-security that may exaggerate some threats.
Those are among the major themes and dissents that emerge from a report last Wednesday by the Pew Research Center and Elon University's Imagining the Internet Center. Its authors surveyed more than 1,600 computer and Internet experts on the future of cyberattacks, and found that most said there was good reason to worry about what previous attacks portend.
More than 60 per cent answered "yes" to the question: "By 2025, will a major cyberattack have caused widespread harm to a nation's security and capacity to defend itself and its people?"
"The majority opinion here is that these attacks will increase and that lots of institutions, including major government institutions, will be at risk," said Lee Rainie, director of the Pew Research Internet Project and co-author of the report.
Rainie said many experts pointed to the Stuxnet worm as an example of the devastation that a cyberattack could wreak on essential systems such as power grids, air-traffic controls, or financial institutions.
Stuxnet, widely believed created by either US or Israeli intelligence to undermine Iran's nuclear programme, infected the software of at least 14 industrial sites in Iran, Pew said.
Pew said Stuxnet helped destroy as many as a fifth of the centrifuges Iran was using to enrich radioactive fuel that could be made into weapons. Unlike computer viruses, which a user must unwittingly install, worms can spread on their own through a computer network once they are introduced.
Many study participants called Stuxnet a harbinger of future cyberattacks.
Jason Pontin, editor and publisher of MIT Technology Review, told Pew that "there has already been a 'Pearl Harbor' event: the Stuxnet computer worm that was used to attack Iran's nuclear capabilities. Do we really believe that the infrastructure of a major industrial power will not be so attacked in the next 12 years? The Internet is an insecure network; all industrialised nations depend on it. They're wide open".
Some said a Cold War-like dynamic - particularly the threat of "mutually assured destruction" - should inhibit international cyberwarfare. One predicted "many, many small and medium-size cyberattacks between now and 2025, but nothing on a major scale."
Others saw more danger to financial systems than to other kinds of infrastructure, which states or terrorists could more easily target with conventional weapons.
"Right now, cyberattacks are too costly," one unnamed respondent said. "The bigger risk will be when cyber crooks drain Wall Street of all its cash."
And some warned that the threats themselves "are being exaggerated by people who might profit most from creating an atmosphere of fear", said co-author Janna Anderson, of Elon University. Some also warned that privacy would continue to suffer from an overreaction to security threats.
"Perhaps I am optimistic, but this concern seems exaggerated by the political and commercial interests that benefit from us directing massive resources to those who offer themselves as our protectors," wrote Jonathan Grudin, a principal researcher at Microsoft Research, who said media reports overstate the threats.
Recalling President Dwight Eisenhower's 1961 warning about the influence of a "military-industrial complex", Grudin said leaders seem "powerless to rein in the military-industrial-intelligence complex, whose interests are served by having us fearful of cyberattacks".
Many of the sceptics also voiced hope that the biggest threats were containable.
"While in principle all systems are crackable, it is also possible to embed security far more deeply in the future Internet than it is in the present Internet environment," said Lee McKnight, a professor at Syracuse University's School of Information Studies.
McKnight said that while it was easy to see today's multimillion-dollar online financial frauds foreshadowing even larger attacks on property or life, "the white-hat good guys will not stop either".
Both the worriers and the sceptics agree on one point: Today's expensive cyber arms race has only just begun.