Be afraid of potentially devastating cyber attacks, and be better prepared to guard against them. But also be wary of the risks — especially to privacy — that accompany a growing focus on cyber security that may exaggerate some threats.
Those are among the major themes and dissents that emerge from a report Wednesday by the Pew Research Center and Elon University’s Imagining the Internet Center. Its authors surveyed more than 1,600 computer and Internet experts on the future of cyber attacks, and found that most said there was good reason to worry about what previous attacks portend.
More than 60 percent answered “yes” to the question: “By 2025, will a major cyber attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?”
“The majority opinion here is that these attacks will increase and that lots of institutions, including major government institutions, will be at risk,” said Lee Rainie, director of the Pew Research Internet Project and coauthor of the report.
Rainie said many experts pointed to the Stuxnet worm as an example of the devastation that a cyber attack could wreak on essential systems such as power grids, air-traffic controls, or financial institutions.
Stuxnet, widely believed created by either U.S. or Israeli intelligence to undermine Iran’s nuclear program, infected the software of at least 14 industrial sites in Iran, Pew said.
Pew said Stuxnet helped destroy as many as a fifth of the centrifuges Iran was using to enrich radioactive fuel that could be made into weapons. Unlike computer viruses, which a user must unwittingly install, worms can spread on their own through a computer network once they are introduced.
Many study participants called Stuxnet a harbinger of future cyber attacks.
Jason Pontin, editor and publisher of MIT Technology Review, told Pew that “there has already been a ‘Pearl Harbor’ event: the Stuxnet computer worm that was used to attack Iran’s nuclear capabilities. Do we really believe that the infrastructure of a major industrial power will not be so attacked in the next twelve years? The Internet is an insecure network; all industrialized nations depend on it. They’re wide open.”
Some said a Cold War-like dynamic — particularly the threat of “mutually assured destruction” — should inhibit international cyber warfare. One predicted “many, many small and medium-size cyber attacks between now and 2025, but nothing on a major scale.”
Others saw more danger to financial systems than to other kinds of infrastructure, which states or terrorists could more easily target with conventional weapons.
“Right now cyber attacks are too costly,” one unnamed respondent said. “The bigger risk will be when cyber crooks drain Wall Street of all its cash.”
And some warned that the threats themselves “are being exaggerated by people who might profit most from creating an atmosphere of fear,” said coauthor Janna Anderson, of Elon University. Some also warned that privacy would continue to suffer from an overreaction to security threats.
“Perhaps I am optimistic, but this concern seems exaggerated by the political and commercial interests that benefit from us directing massive resources to those who offer themselves as our protectors,” wrote Jonathan Grudin, a principal researcher at Microsoft Research, who said media reports overstate the threats.
Recalling President Dwight Eisenhower’s 1961 warning about the influence of a “military-industrial complex,” Grudin said leaders seem “powerless to rein in the military-industrial-intelligence complex, whose interests are served by having us fearful of cyber attacks.”
Many of the skeptics also voiced hope that the biggest threats were containable.
“While in principle all systems are crackable, it is also possible to embed security far more deeply in the Future Internet than it is in the present Internet environment,” said Lee McKnight, a professor at Syracuse University’s School of Information Studies.
McKnight said that while it was easy to see today’s multimillion-dollar online financial frauds foreshadowing even larger attacks on property or life, “the white hat good guys will not stop either.”
Both the worriers and the skeptics agree on one point: Today’s expensive cyber arms race has only just begun.
Visit The Philadelphia Inquirer at www.philly.com