The Future of Cyberspace Security: The Law of The Rodeo

This is an update of my now annual assessment of the future of technology associated with good and evil in cyberspace which was first posted here.

Predictions of the future of technology are increasingly starting to sound like science fiction, with powerful computing grids giving incredible computational power to users and with autonomous robots becoming closer and closer to being in our daily lives just in computer science departments. Infotech, nanotech and biotech are fueling each other and each of those three dominate fields are generating more and more benefits that impact the other, propelling us even faster into a new world. Depending on your point of view the increasing pace of science and technology can be good or bad. As for me, I’m an optimist, and I know we humans will find a way to ensure technology serves our best interests.

But a sad fact of the human condition is that bad people will likely be with us long into the future. And sometimes good people can be tempted to do bad things, so we really need to engineer solutions that keep the bad guys from benefiting from technology and keep those whocan sometimes be tempted from giving in to their darker side.

So is is possible to engineer perfectly secure systems? Consider the law of the rodeo: “There’s not a horse that’s never been rode, and not a rider that’s never been throwed.” I like the analogy since it reminds us that all computer evil can be mitigated. But it always fights back. Good and evil will continue a fast paced rodeo dance long into the future.

To engineer secure systems for the future we need to continually assess where we are and what the near term future holds for our technologies. Here is a couple short predictions that could be useful in this discussion.

– Remote power is here today and will soon be widely distributed. This will allow small power consumption devices (like keyboards, mice, bluetooth headsets, hearing aides, small sensors) to be provided power by RF energy.

– Power generation from motion is almost ready for prime time. This will allow devices to gain energy from vibrations, like the vibrations in a bridge when a car passes over it, or the vibrations in a wall of a building when the wind blows past it, or the vibrations caused by a person’s movement through the day.

– Communication capability (bandwidth) between fixed facilities will increase 1000 fold over the next five years. Cellular systems are on a dramatic improvement slope. My view: AT&T seems to lead in speed this year. Verizon will probably lead next year.

– More users will be on the net. There are about 1.3 billion PC’s connected to the Internet today. There are about 3.3 billion active cell phone subscriber accounts today. Those numbers will grow.

– Storage, especially flash storage technologies, is decreasing in price so much we can afford to store data anywhere on almost anything.

– Chips are being designed in ways that actually beat the old Moore’s Law projections. This is being done by placing many cores on one chip. Very high data rate capabilities are being connected directly to the cores on these chips.

– RFID is becoming so widespread we can place devices on everything that allows devices to report back what they are and what they are for and where they have been.

– All this capabilities are being networked together, including increasingly direct device-to-device connections via capabilities provided by enhanced protocols (especially IPv6).

– Consumer devices, especially consumer communication devices, are becoming increasingly capable. What used to be called a cell phone is now a phone/video recorder/video editor/entertainment/mobile office device with location aware data (GPS).

– Social networking sites/tools such as Facebook will expand till one day 100% of the population will have active, up to date, authoratative online profiles.

There are many other elements of the future relevant to security discussions, but the projections above lead to some interesting conclusions on their own. So lets think through some of the impactsof the above.

– Bad actors who want to exploit systems will increasingly not have to worry about them being powered off. They will be on all the time.

– Bad actors will increasingly be able to expoit social systems to gather data pre-attack. However, the powerful trust models of social networks may offer a counter to some of these attacks.

– Many paths into devices will be available for unauthorized users to exploit. And if they are compromised by people or code that intendon generating denial of service attacks, huge amounts of bandwidth will exist for them to attack from.

– When a bad actor gets through defenses into data stores, they will likely find a wide range of data to exploit, since it is becoming so easy and low cost for us to store everything.

– Having things networked together means it can be easier to penetrate a target by finding one weak link that is connected to the infrastructure.

– Areas of people’s lives they once thought private, especially their cell phones and the data on their cell phones, are increasingly becoming attractive targets to hackers.

What is needed in an environment like this? I can’t pretend to know all the solutions but here are a few points I support:

– Enhanced firewalls and intrusion detection devices.

– Better configuration control, for all devices. When a device is out of configuration is must be brought back into compliance immediately.

– Better laws and treaties concerning cyberspace. Deterrence policies by governments.

– More attention to standards and to industry organizations (including supply chain quality organizations) is a must.

– Better training and education for all (I mean ALL) humans connected to the grid.

– Better, continuous upgraded anti-virus solutions.

– Automated response to attacks.

– Enhanced, easier to use encryption.

– Enhanced, more secure identity and authorization technologies.

Link to original post