A major cyber attack will happen between now and 2025 and it will be large enough to cause “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars,” according to more than 60 percent of technology experts interviewed by the Pew Internet and American Life Project. (...)
A key concern for many of the experts Pew interviewed is infrastructure, where very real cyber vulnerabilities do exist and are growing. Stewart Baker, former general counsel for the National Security Agency and a partner at Washington, D.C.-based law firm Steptoe & Johnson told Pew, “Cyberwar just plain makes sense. Attacking the power grid or other industrial control systems is asymmetrical and deniable and devilishly effective. Plus, it gets easier every year. We used to worry about Russia and China taking down our infrastructure. Now we have to worry about Iran and Syria and North Korea. Next up: Hezbollah and Anonymous.”
Jeremy Epstein, a senior computer scientist working with the National Science Foundation as program director for Secure and Trustworthy Cyberspace, said, “Damages in the billions will occur to manufacturing and/or utilities but because it ramps up slowly, it will be accepted as just another cost (probably passed on to taxpayers through government rebuilding subsidies and/or environmental damage), and there will be little motivation for the private sector to defend itself.”
Today, cities around the world use supervisory control and data acquisition (SCADA) systems to manage water, sewage, electricity, and even traffic lights. Last October, researchers Chris Sistrunk and Adam Crain found that these systems suffer from 25 different security vulnerabilities. And it’s not unusual for them to have the same security passwords that came direct from the manufacturer. As writers Indu B. Singh and Joseph N. Pelton pointed out in The Futurist magazine, the failure to take even the most basic security precautions leaves these systems open to remote hacking.
Its one reason why many security watchers were hopeful that the Obama administration’s Cybersecurity Framework, released earlier this year, would force companies that preside over infrastructure components to take these precautions, but many in the technology community were disappointed that the guidelines did not include hard mandates for major operators to fix potential security flaws. (...)
But SCADA vulnerabilities look quaint compared to the exploitable security gaps that will persist across the Internet of Things as more infrastructure components are linked together. “Current threats include economic transactions, power grid, and air traffic control. This will expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure,” said Mark Nall, a program manager for NASA
Other experts told Pew that military contractors, facing declining business for missiles and tanks, have purposefully overblown the threats posed by cyber attacks to scare up an enemy for the nation to arm against.
“…This concern seems exaggerated by the political and commercial interests that benefit from us directing massive resources to those who offer themselves as our protectors. It is also exaggerated by the media because it is a dramatic story,” said Joseph Guardin, a principal researcher at Microsoft Research. “It is clear our leaders are powerless to rein in the military-industrial-intelligence complex, whose interests are served by having us fearful of cyber attacks. Obviously there will be some theft and perhaps someone can exaggerate it to claim tens of billions in losses, but I don’t expect anything dramatic and certainly don’t want to live in fear of it.” (...)Still others, such as lead researcher for GigaOM Research Stowe Boyd, said that the growing cyber capabilities of states like China almost promise bigger cyber attacks of growing international importance.
“A bellicose China might ‘cyber invade’ the military capabilities of Japan and South Korea as part of the conflict around the China sea, leading to the need to reconfigure their electronics, at huge cost. Israel and the United States have already created the Stuxnet computer worm to damage Iran’s nuclear refinement centrifuges, for example. Imagine a world dependent on robotic farm vehicles, delivery drones, and AI-managed transport, and how one country might opt to disrupt the spring harvest as a means to damage a neighboring opponent,” Boyd said.
by Patrick Tucker, Defense One | Read more:
Image: via: