Executive Overview
The threat of severe, debilitating cyberattacks is growing exponentially as the digital world envelops all facets of modern life.
China, Russia, and North Korea pose the biggest risks, with myriad attacks on Western governments and companies daily. The problem is expected to grow more menacing as terrorists become involved. NATO, the US, EU, South Korea, and Israel are bearing the brunt of the damage, but it could spread easily to encompass entire global systems. Iran has already been the target of at least two cyberattacks on its nuclear program to steal data and sabotage operations, and North Korea disrupted a Sony film that was critical of its leader.
Protective defenses are being developed, and authorities think the possibility of a “Cyber Armageddon” is less likely than a continuing wave of small assaults that wear away at infrastructure and morale.
Most Likely Forecast
As shown below, myriad cyber assaults on corporations and governments occur daily. Most are not very damaging, but the global costs run in the US$ trillions.
- Security Cost US$86B and rising According to Gartner, global spending for information security products and services will reach US$80 billion in 2017 and US$93 billion in 2018. [i]
- Cybercrime Will Cost US$8T Cybercrime is expected to cost global businesses over US$8 trillion over the five years to 2022. [ii]
- Cost per Attack Rising The average cybercrime to US companies costs an average of US$21 million, with the global average being US$11.7 Billion. The costs continue to rise at a rate of over 20 percent year on year. [iii]
TechCast experts estimate a roughly 78-percent probability that a series of attacks launches a cyber war that severely damages the economy, defense, or other crucial sectors of major nations over the next few decades. Experts’ confidence is high (70%) and they think consequences of a major cyberattack could be devastating..
Constant Minor Assaults at Great Cost
The explosive growth of world-wide IT capabilities and antagonism from powerful nations is causing an ever-expanding growth in the scale, frequency, sophistication, and damage done by cyberattacks. A Ponemon Institute survey of 639 IT professionals in the US found that 35 percent had been the target of a nation-state cyberattack.
- US Government Hacked Thousands of cyber breaches occur at all levels of the US government annually, including stealing top-secret tools and material from the NSA and breaching the Securities and Exchange Commission. [iv] Research from Security Scorecard give government systems one of the lowest security ratings across all industries. [v] The US Government Accountability Office has also identified “consistent shortcomings” in the federal government’s approach to cybersecurity. [vi]
- Companies Not Ready According to an IBM study, 68 percent of companies do not believe their organizations can remain resilient in the wake of a cyberattack, and 66 percent aren’t confident in their ability to recover from an attack. [vii]
- Infrastructure Can Be Brought Down Cyberattacks have been shown to be able to bring down critical infrastructure, such as the malware that caused widespread electricity blackouts in Ukraine in 2015 and 2016. Lloyd’s estimates that a successful cyberattack on the Northeast US electricity grid could result in economic damage of more than a US$1 trillion. Transportation devices from connected vehicles to airplanes have been shown to be vulnerable to hacking, even remotely. [viii]
CyberWarfare Nations
At least 15 countries have been shown to launch cyberattacks; the most active countries are Russia, United States, North Korea and China.
Russia Russian hackers have been very active on a number of fronts, ranging from penetrating Democratic National Committee servers to hacking into the World AntiDoping Agency medical records.
China The People’s Republic has been responsible for a number of attacks, such as stealing sensitive information about the F-35 Lightning II fighter plane from US Defense Department computers. In 2017, the US National Cybersecurity and Communications Integration Center warned of an “emerging sophisticated campaign” from a group with suspected ties to the Chinese government, affecting a growing number of companies globally. [ix]
North Korea North Korean hackers have quickly gained global “respect” as they have become increasingly sophisticated since the Sony hack in 2014. North Korea was, for example, responsible for the widespread Wannacry malware in 2017. [x]
Australia While little is known of Australia’s ability to launch cyberattacks, the Signals Directorate has been publicly recruiting “offensive cyber specialists.”
Protection is Coming
Fortunately, some measures are underway to preclude cyberattacks:
Funding for US Defenses on The Rise The cybersecurity spending of US Government is rising rapidly, having risen from US$7.5 billion in 2007 to US$28 billion in 2016. President Trump’s first budget blueprint also proposes an additional US$1.5 billion for the Department of Homeland Security specifically to protect federal networks and critical infrastructure from cyberattacks. [xi]
US−China Cyberspace Agreement The United States and China agreed on the first arms control accord for cyberspace. The agreement says that each country will not be the first to use cyberweapons to cripple the other’s critical infrastructure during peacetime. There is, however, growing doubt whether the agreement will have any practical effect on China’s behavior. [xii]
Strategic Implications
A major cyberattack could target a developed country’s vital civilian or military infrastructure, terrorizing the populace and making it much more vulnerable to conventional attack. A successful attack on infrastructure such on the US power grid has the potential to cause as much as US$1 trillion of economic damage and significant loss of life. Hiscox Insurance estimates cybercrime is already costing the global economy over US$450 billion annually. [xiii]
Contrary to the common fear that cyber-attacks would be devastating, James Clapper, the US Director of National Intelligence, told the Senate, “Rather than a ‘Cyber Armageddon’ scenario that debilitates the entire US infrastructure, we … foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time.”
[i] Gartner, Aug 16, 2017
[ii] Juniper Research, May 30, 2017
[iii] Accenture, 2017
[iv] New York Times, Nov 12, 2017
[v] Security Scorecard, 2017
[vi] GAO, Feb 14, 2017
[vii] IBM, Nov 16, 2016
[viii] Aviation Today, Nov 8, 2017
[ix] Department of Homeland Security, Apr 27, 2017
[x] New York Times, Oct 15, 2017
[xi] Hill, Mar 16, 2017
[xii] Diplomat, Jan 19, 2017
[xiii] CNBC, Feb 7, 2017