As part of its series of reports on the 25th anniversary of the Internet, the Pew Research Center recently asked thousands of experts if they believe that by 2025, a major cyber-attack would occur that causes widespread harm to the security of the United States and its capacity to defend its citizens.
In addition to providing a “yes” or “no” answer, respondents were invited to elaborate and explain their opinions.
Most Experts Believe a Major Cyber-Attack Will Happen
The report states that 61% of the 1600+ respondents answered that a major cyber-attack will occur by 2025, causing widespread harm (which Pew defined as significant loss of life or property losses in the tens of billions of dollars). Only 39% said there would be no such major attack by 2025.
Key Points Made by Cyber Experts
Comments by those experts who believe that a major cyber-attack is inevitable reveal a few common themes:
- Design without security: Security is generally not the first concern when new software applications are designed and developed. Vulnerabilities are often discovered after a security breach has occurred.
- The Internet invites attacks: Internet connections are everywhere. The web has become an invaluable infrastructure to banking and finance, transportation, energy, national defense and day-to-day life in America. As such, it is an inviting target for hackers and cyber criminals, who possess high-tech tools that may become more sophisticated.
- Cyber-attacks are a given: There has already been several significant cyber-attacks such as the Stuxnet worm and Chinese cyber-attacks on U.S. nuclear power plants and solar products industries. Additional attacks are a given, according to many of the experts.
The respondents who believe that a major attack won’t happen by 2025 also shared some common reasoning:
- Security is improving: Some of the experts reported they expect the efforts made by cyber security professionals will prevail. Security fixes are steadily improving, and even though the Internet is vulnerable, upgraded security standards and a distributed network structure could prevent the most serious attacks.
- The hype is exaggerated: Some believe that the concern over major cyber-attacks is hype, created by those who stand to gain from creating an atmosphere of fear.
- Deterrence is working: Some of the experts believe that threats of retaliation will keep the bad guys in check. In addition, many cyber-criminals are successful with smaller attacks, which experts can keep mining without concern that they will be detected.
Cyber Vulnerability
The importance of the Internet to businesses, governments and individuals leaves everyone vulnerable to attacks. Individuals stand to have their personal information stolen and financial accounts hacked, while businesses could be persistently under attack.
Many experts believe that anti-government hackers could target public utilities and attempt to disrupt the economy, or that opposing governments could increasingly engage in cyber warfare.
On the other hand, several experts responded that insider threats and accidents are likely to cause as much – or more – damage as external cyber-attacks. And one respondent said that while cyber-attacks would continue, they will probably pale in comparison to the damage caused by natural disasters (for example, Hurricane Katrina caused $100 billion in damages).
Whether or not a major attack occurs by 2025 remains to be seen; however, the experts agree that cyber-crime and cyber-terrorism will likely continue to be a risk to businesses, individuals and the nation’s security, and that countries around the globe will increase their efforts to fight it.