America's greatest vulnerability is its continued inability to acknowledge the extent of its adversaries' capabilities when it comes to cyber threats, says Ian Bremmer, founder and president of leading political risk firm Eurasia Group.
Speaking to CNBC from the Munich Security Conference on Saturday, the prominent American political scientist emphasized that there should be much more government-level concern and urgency over cyber risk. The adversarial states in question are what U.S. intelligence agencies call the "big four": Russia, China, North Korea, and Iran.
"We're vulnerable because we continue to underestimate the capabilities in those countries. WannaCry, from North Korea — no one in the U.S. cybersecurity services believed the North Koreans could actually do that," Bremmer described, naming the ransomware virus that crippled more than 200,000 computer systems across 150 countries in May of 2017.
He also noted the NotPetya malware attack in July 2017, considered the costliest cyberattack in history, which U.S. and European governments have accused Russia's military of implementing. Believed to be a deliberate attack on Ukraine, it actually wiped off half a point from Ukraine's gross domestic product.
Borge Brende, president of the World Economic Forum, weighed in, stressing the economic cost of cyber crimes. "It is very hard to attribute cyberattacks to different actors or countries, but the cost is just unbelievable. Annually more than a thousand billion U.S. dollars are lost for companies or countries due to these attacks and our economy is more and more based on internet and data."
Infrastructure will increasingly be at risk from cyberattacks, Brende added. "These kinds of attacks can have an impact on water distribution, electricity, but also on bank accounts and on the global economy … And the stock market, etc. Imagine the cost of that."
But in terms of a single most dangerous country for cyber threats, Bremmer pointed to Russia.
"On cyber directly I'd say the most dangerous nation is Russia," he said. "They're the country that not only has capabilities, but they also are willing to use them, in ways that really do undermine the influence of the U.S. and the West — help to divide, delegitimize, and the rest."
Allegations of this have of course been splashed across headlines for the last year and a half, as the U.S. government investigates the extent of Russian meddling in the 2016 presidential elections. Just on Friday, the Department of Justice indicted 13 Russian nationals and three Russian entities on charges of conspiracy to defraud the U.S. The indictment accused the Russians of seeking to wage "information warfare" and "sow discord" in the American political system.
But this goes beyond states, Bremmer stressed.
"I'm increasingly not just worried about countries, but about anyone with capability that has money to pay for criminals to do their cyber bidding for them. We know that the Russian government itself frequently actually outsources some of their nasty business to criminals inside Russia." And you don't have to be Russian to do that, he noted.
"That really does make the environment around cyberattacks a much more level playing field on the offense, and it makes defense harder to do."