Several months after the WannaCry cyber-attack, much of the world still seems to be asleep to the potential catastrophic effects of cyber-attacks on critical infrastructure systems.

The first nation state-level cyber-attack on critical infrastructure, widely attributed to a joint collaboration between American and Israeli intelligence against Iran, was uncovered in 2010. Known as the Stuxnet virus, the attack aimed to take down Iran’s nuclear program.

The virus failed to achieve its mission. But by destroying nearly 1,000 uranium-enriching centrifuges, it was unprecedented for having caused physical damage by way of virtual attack. And it ushered in a new era of conflict: that of offensive cyber-warfare.

A brazen example of this new era occurred on 23 December 2015, when a stunned Ukrainian power plant worker watched the cursor on his computer screen come to life. As the cursor began to click through his system, he tried to regain control, but became locked out of his own computer. From far away, a sophisticated hacker was controlling his computer.

Jon Nichols, a former US military IT expert, and his colleague Beau Woods, a deputy director of the Cyber Statecraft Initiative at the Atlantic Council’s Brent Scowcroft Center on International Security, met with BBC Future in Washington DC. They both believe that the 2015 Ukraine attack was significant – but less damaging than what else might happen if the world doesn’t begin to take cyber-security more seriously.