"The majority opinion here is that these attacks will increase and that lots of institutions, including major government institutions, will be at risk," said Lee Rainie, director of the Pew Research Internet Project and coauthor of the report.
Rainie said many experts cited the Stuxnet worm as an example of how a cyber attack could wreak havoc on essential systems such as power grids, air-traffic controls, and bank networks.
Stuxnet, widely believed to have been created by U.S. or Israeli intelligence to undermine Iran's nuclear program, infected the software of at least 14 industrial sites in Iran and helped destroy as many as a fifth of the centrifuges being used to enrich radioactive fuel, Pew said. Unlike computer viruses, which a user must unwittingly install, worms can spread on their own through a computer network once they are introduced.
Many study participants called Stuxnet a harbinger of future cyber attacks. Jason Pontin, editor and publisher of the MIT Technology Review, likened it to "a Pearl Harbor event."
"Do we really believe that the infrastructure of a major industrial power will not be so attacked in the next 12 years?" he asked. The Internet is an insecure network; all industrialized nations depend on it. They're wide open."
Some said a cold war-like dynamic - particularly the threat of "mutually assured destruction" - should inhibit international cyber warfare, at least involving major attacks. Others see more danger to financial systems than to other essential infrastructure that could easily be hit by ordinary weapons.
"Right now, cyber attacks are too costly," one unnamed respondent said. "The bigger risk will be when cyber crooks drain Wall Street of all its cash."
And some say the threats themselves "are being exaggerated by people who might profit most from creating an atmosphere of fear," said coauthor Janna Anderson of Elon University. Some also warn privacy would continue to suffer if security risks are exaggerated.
"Perhaps I am optimistic, but this concern seems exaggerated by the political and commercial interests that benefit from us directing massive resources to those who offer themselves as our protectors," wrote Jonathan Grudin, a principal researcher at Microsoft Research, who said media reports overstate the threats.
Recalling President Dwight Eisenhower's 1961 warning about the influence of a "military-industrial complex," Grudin said leaders seem "powerless to rein in the military-industrial-intelligence complex, whose interests are served by having us fearful of cyber attacks."
Many skeptics also voiced hope that the worst threats would be containable.
"While, in principle, all systems are crackable, it is also possible to embed security far more deeply in the future Internet than it is in the present Internet environment," said Lee McKnight, a professor at Syracuse University's School of Information Studies.
McKnight said that although it was easy to see today's multimillion-dollar online financial frauds foreshadowing even larger attacks on property or life, "the white-hat good guys will not stop, either."
But the worriers and the skeptics agree on one point: Today's expensive cyber arms race has only just begun.