The year is 2020. The cyber attack of your worst nightmare has just become a reality. Are you at all prepared?
That’s the question — and the scenarios — that researchers and experts are undertaking to minimize any damage caused by extensive cyber attacks, the type that could shut down power grids and totally reshape internet users’ attitudes about the likelihood that their information will be stolen. By doing so, they hope to find the solutions and actions to fit different types of situations.
As part of its initiative to develop cybersecurity practices to handle future threats, the University of California, Berkeley Center for Long-Term Cybersecurity developed a study of worst-case scenarios involving attacks and solutions to address them.
In its report, the center noted that in the near future most people and things will be connected to digital networks, especially in the wake of an increasingly popular Internet of Things (IoT) environment. People will be using the internet to automatically open doors, close windows, operate refrigerators, monitor their homes, control temperatures and other tasks.
“For these reasons we believe the cybersecurity research and policy communities will soon confront a much more diverse set of problems and opportunities than they do today,” the researchers said in its report.
In another similar announcement, the North American Electric Reliability Corp. (NERC) said that in a worst-case scenario, a cyber attack on the electric grid could cause an outage that lasts one to two weeks. In making the announcement, the nonprofit organization said that a physical attack on electric substations could potentially be more damaging. A cyberattack in Ukraine left more than 250,000 without power in December 2015. There has been concern it could also happen in the United States.
To address the new issues that may come about in that future environment, the Berkley Center developed several worst-case scenarios. They include:
Scenario 1: After years of frequent data breaches, Internet users no longer will be assured about the security of their personal data. They will start assuming that it will be stolen — it’s just a matter of when. At that point, more individuals and institutions may decide to go offline or find ways to protect their own information.
Scenario 2: As data scientists will develop more powerful models that are able to predict and manipulate our behavior with a high level of accuracy, there is a risk for new security vulnerabilities that could lead to extensive damage, including financial.
Scenario 3: With advertising-driven business model for major Internet companies, such as Facebook, gathering massive amounts of data on Internet users, the researchers explore the possibility of that system falling apart. If the companies happen to become cash-strapped, for instance, the value of selling datasets.
Envisioning these scenarios can help institutions, including the government, develop strategies to help them become more resilient against these type of attacks and threats.
Even if the predictions turn out to be wrong, “the effort to anticipate is worth a lot, because it gives you the ability to react quickly,” said Herb Lin of Stanford’s Center for International Security and Cooperation. “ And if you can react quickly, you’ll be less screwed.”