Nations prepare for cyber war

cybercrime

Security analysts are predicting that 2013 is when nation-sponsored cyberwarfare goes mainstream -- and some think such attacks will lead to actual deaths.

In 2012, large-scale cyberattacks targeted at the Iranian government were uncovered, and in return, Iran is believed to have launched massive attacks aimed at U.S. banks and Saudi oil companies. At least 12 of the world's 15 largest military powers are currently building cyberwarfare programs, according to James Lewis, a cybersecurity expert at the Center for Strategic and International Studies.

So a cyber Cold War is already in progress. But some security companies believe that battle will become even more heated this year.

"Nation states and armies will be more frequent actors and victims of cyberthreats," a team of researchers at McAfee Labs, an Intel (INTC) subsidiary, wrote in a recent report.

Michael Sutton, head of security research at cloud security company Zscaler, said he expects governments to spend furiously on building up their cyber arsenals. Some may even outsource attacks to online hackers.

The Obama administration and many in Congress have been more vocal about how an enemy nation or a terrorist cell could target the country's critical infrastructure in a cyberattack. Banks, stock exchanges, nuclear power plants and water purification systems are particularly vulnerable, according to numerous assessments delivered to Congress last year.

Related story: Malware attacks on the rise

But after legislation aimed at preventing such attacks stalled in Congress last year, some experts believe this will be the year when cyberattacks turn deadly.

"Nation-state attackers will target critical infrastructure networks such as power grids at unprecedented scale in 2013," predicted Chiranjeev Bordoloi, CEO of security company Top Patch. "These types of attacks could grow more sophisticated, and the slippery slope could lead to the loss of human life."

Security firm IID also predicted that cyberattacks will lead to the loss of life in the next couple years.

But others say that such event is unlikely. Our most potent online foes, Russia and China, haven't shown an interest in infrastructure attacks. Those that would pursue them -- Iran is often mentioned -- haven't yet proven capable of pulling off something on that scale.

Hackers are holding data for ransom
Hackers are holding data for ransom

Verizon (VZ), which runs an extensive cybersecurity business, is in the doubters' camp.

"Many security experts are using anecdote and opinion for their predictions, whereas Verizon's researchers are applying empirical evidence," said Wade Baker, head of Verizon's security division. "First and foremost, we don't believe there will be an all-out cyber war, although it's possible."

The U.S. has already put would-be attackers on notice. Defense Secretary Leon Panetta said recently that the United States reserves the right to use military force against a nation that launches a cyberattack on the country.

Even if hackers aren't capable of killing with a cyberattack, there is no doubt that they've become more destructive.

The August attack on oil company Saudi Aramco, for instance, crashed 30,000 computers. One month later, a series of attacks brought down the websites of several of the largest U.S. banks. It was the largest "denial of service" attack ever recorded, by a significant margin.

Those kinds of attacks will grow "exponentially" in 2013, McAfee predicts.

"Recently, we have seen several attacks in which the only goal was to cause as much damage as possible; we expect this malicious behavior to grow in 2013," the McAfee researchers wrote. "The worrying fact is that companies appear to be rather vulnerable to such attacks."

But there may be some good news on the cybersecurity front. Hacktivist group Anonymous is starting to fade.

The leaderless collective's attacks have gained less attention lately, and many proposed operations have failed. That's because companies are beefing up their defenses against Anonymous' main weapon, the denial of service attack.

"Anonymous' level of technical sophistication has stagnated and its tactics are better understood by its potential victims," McAfee said in a recent research report. "While hacktivist attacks won't end in 2013, if ever, they are expected to decline in number. Sympathizers of Anonymous are suffering."

CNNMoney Sponsors