The featured topic on the cover of the June 2010 issue of Scientific American has the title “12 Events That Will Change Everything – And Not in the Way You Think.” The events, and the likelihood of them happening (according to the authors of the pieces on each event), are as follows, with catastrophes highlighted:
- The Big One (Pacific Earthquake) – Almost certain
- Synthetic Life – Almost certain
- Self-Aware Machines – Likely
- Extra Dimensions – 50-50
- Alien Intelligence – Unlikely
- Human Cloning – Likely
- Nuclear War – Unlikely
- Fusion Energy – Very unlikely
- Everyday (Room-Temperature) Superconductors – 50-50
- Asteroid Collision – Unlikely
- Deadly Pandemic – 50-50
- Polar Meltdown – Likely
The three events that would be catastrophic and also have a 50-50 or greater chance of occurring, are: the Pacific earthquake, a deadly pandemic and Polar meltdown. There is no disastrous oil spill on the list, possibly because the lead time of the magazine was too long to capture the breaking news. Also, it has already happened so has no place in a forward-looking piece, although prediction of the potential impact of the oil spill might be a worthwhile topic.
What struck me most about the list is that the threat of a devastating cyber attack or cyber war is blaringly absent. It is frustrating to see that cybersecurity is either relegated to minor consideration when discussing threats to our lives and livelihoods or ignored altogether, as it was in the above Scientific American article.
If I were to write a piece on the “thirteenth event,” it would be about the degree to which the World’s critical cyber infrastructure is at risk and that there is “almost certainty” that there will be a major cyber event, brought about intentionally or possibly accidentally, within the next decade. If the response to such a cyber event follows the pattern of the Gulf of Mexico oil spill, government will defer the elimination the source of the problem to the private sector and will take on some responsibility for helping people put their lives back together. Like the oil spill, a cyber event will likely be long and debilitating with the failure of numerous attempts to stem the source by Internet service providers, backbone telecommunications companies, and a host of vendors and industry experts from various sectors.
It is still too early to know what the outcome of the oil spill will be in terms of laws, regulations, liabilities and responsibilities. It is likely that government will play a much more active role in reducing risks and in preparing for responses to events, if not banning deep-water drilling altogether.
If one were to derive the cyber event analogy, government will introduce laws, regulations, restrictions, guidelines, penalties, etc. but not until after a major cyber event. There are those, such as Vice Admiral Michael McConnell (USN, Ret.), who believe nothing will happen until after a major cyber catastrophe, as I describe in my March 29, 2010 Bloginfosec column “Cybergeddon – Ho Hum.” Why not learn the lessons of the oil spill disaster and put in place parallel measures for cyber, as with oil drilling, before a cyber catastrophe occurs, rather than after the fact?