Experts warn of major cyber attack before 2025

Experts believe nations, rogue groups, and malicious individuals will step up their assaults on communications networks, targeting institutions, financial services agencies, utilities, and consumers over the next decade, warns a Pew Research survey.

The web is omnipresent today with all devices from our smartphones and tablets to fitness trackers and home appliances boasting net connectivty. But the very connectivity could spell big trouble the 1,642 experts surveyed by Pew reported.

This survey asked respondents to share their answer to the following:

• By 2025, will a major cyber attack have caused widespread harm to a nation's security and capacity to defend itself and its people? ("widespread harm" means significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars
• Explain what vulnerabilities nations have to their sovereignty in the coming decade and whether major economic enterprises can or cannot thwart determined opponents
• Or explain why you think the level of threat has been hyped and/or why you believe attacks can be successfully thwarted.

Over 60 per cent of experts surveyed by Pew Research believe that by 2025, a major cyber attack could cause massive harm to a nation's security and its capacity to defend itself and its people.

"The Internet was not built for security, yet we have made it the backbone of virtually all private-sector and government operations, as well as communications," Joel Brenner, former counsel to the National Security Agency, wrote in a Washington Post op-ed cited by the Pew study.

The advances in identifying and fixing vulnerabilities apart, a majority of Pew's respondents believe the future had worse in store for individuals and businesses.

According to Joe Kochan, COO, US Ignite, cyber attacks would emerge a pillar of warfare and terrorism between now and 2025. He added that digital warfare would become more prolific with national infrastructures increasingly going online.

According to NASA program manager, Mark Nall, current threats included economic transactions, power grid, and air traffic control. That list would however, expand to include self-driving cars, drones, and building infrastructure.

61 per cent of the experts said a major attack was indeed imminent in the next decade, while only 39 per cent did not think so.

Out of the majority of experts that thought a significant cyber attack would hit before 2025, Pew found some major themes emerging in their explanations.

First, that critical infrastructure for defence, banking, transportation, and other daily nationwide essentials was all internet-connected, "inviting targets."

According to a respondent with the Network Information Center, "The biggest vulnerabilities are with the financial, energy, and transportation sectors -- which represent the soft underbelly of our society and are increasingly under siege from thwarted cyber attacks."

However, it appeared that the inviting targets would proliferate further, as technology got increasingly intertwined with everyday life. According to internet activist Tim Kambitsch, the Internet of Things was just emerging. He added, in future, control of physical assets, not just information, would be open to cyber attack.

Secondly, most internet-connected systems were not designed with a primary focus on cybersecurity. According to IT industry manager Elena Kvochko, a large portion of critical infrastructure facilities still relied on software and technology created decades ago and which had not been upgraded.

In the 10 years since the Pew Research Center and Elon University's Imagining the Internet Center first asked experts about the future of cyber attacks in 2004 a lot has happened:

• The Russian government is suspected to be behind organized crime assaults on official websites in Georgia during military struggles in 2008 that resulted in a Russian invasion of Georgia.
• In 2009-2010, suspicions arose that a sophisticated government-created computer worm called ''Stuxnet'' was let loose in order to disable Iranian nuclear plant centrifuges that could be used for making weapons-grade enriched uranium. It has been speculated that the governments of the United States and Israel might have designed and spread the worm.
• The American Defence Department has created a Cyber Command structure that builds Internet-enabled defensive and offensive cyber strategies as an integral part of war planning and war making.
• In May, five Chinese military officials were indicted in Western Pennsylvania for computer hacking, espionage and other offenses that were aimed at six US victims, including nuclear power plants, metals and solar products industries.
• The indictment comes after several years of revelations that Chinese military and other agents have broken into computers at major US corporations and media companies in a bid to steal trade secrets and learn what stories journalists were working on.
• In October, Russian hackers were purportedly discovered to be exploiting a flaw in Microsoft Windows to spy on NATO, the Ukrainian government, and Western businesses.
• The respected Ponemon Institute reported in September that 43 per cent of firms in the United States had experienced a data breach in the past year.

Retail breaches, in particular, had grown in size in virulence in the previous year. One of the most chilling breaches was discovered in July at JPMorgan Chase & Co., where information from 76 million households and 7 million small businesses was compromised.

Obama Administration officials have wondered if the breach was in retaliation by the Putin regime in Russia over events in Ukraine.

• Among the types of exploits of individuals in evidence today are stolen national ID numbers, pilfered passwords and payment information, erased online identities, espionage tools that record all online conversations and keystrokes, and even hacks of driverless cars.
• Days before the Pew Research report was published, Apple's iCloud cloud-based data storage system was the target of a so-called ''man-in-the-middle'' attack in China that was aimed at stealing users' passwords and spying on their account activities.

Some activists and security experts said they suspected the Chinese government had mounted the attack, perhaps because the iPhone 6 had just become available in the country (iPhone 6 users in China face major threat to security). Others thought the attack was not sophisticated enough to have been government-initiated.