The need to build or rebuild trust, ideological shifts pointing towards cyber war, technology touching all parts of our lives, cultural shifts spawning cyber activism, digital natives and the democratisation of technology in favour of less developed nations. These are all factors that are driving change and that will shape the future cyber environment. We are all now living in a cyber era and things are getting more and more unpredictable. So says Jarno Limnéll, director of cyber security for Intel and a doctor of military science. And I must say that I agree with him.
Here is what we have got in store for us:
Who on earth—and what—can we trust these days?
Stealthy, targeted attacks; reliance on the cloud; virtual money; big data gathering; mass surveillance; the mobile revolution. Technology has changed dramatically. It is now all-pervasive, part and parcel of every aspect of our lives.
We place a great deal of information about ourselves online, but that is a bonus for attackers preparing targeted attacks. We cannot trust that that information will not be used against us. Recent revelations about widespread surveillance means that we cannot really trust that our communications are not being intercepted. Data placed in the cloud can be subpoenaed without our knowledge. There has been talk of creating a European internet to ensure privacy concerns are guarded, which goes against its global nature and the principles on which it was founded.
Trust is the very cornerstone of society—and of business. We need to build safeguards that ensure that information is secure and privacy is respected in order to rebuild the trust that is being eroded. Security needs to be balanced with privacy.
With nation states increasingly being seen as adversaries in the cyber arena, is it inevitable that future wars will be fought with cyber weapons? For many, this would seem to be a low-cost, low-casualty option. Countries in Europe are known to be spending large sums to develop cyber warfare capabilities.
A recent article in the New York Times states that, although the US government has not spoken publicly about its capabilities or willingness to use such weapons, cyber weapons and special forces are two areas seeing growth in a recent budget released by the Pentagon. The first country to strike using such weapons could embolden other countries to do likewise. According to Limnéll, the growth in cyber weapons programmes is a very worrying trend and the only way to control the situation is by reaching an international agreement for cyber arms control.
Today’s always-on world represents a paradigm shift in security and privacy. For too long, technology has been developed first, and then security has been bolted on as it becomes evident that it is necessary. The internet is a prime example of this. It was developed with openness and inclusion in mind—but it has been shown to be manifestly insecure.
The same is true for a host of other technologies that pervade our everyday lives. Now, and into the future, we are envisaging the Internet of Things, where billions of devices become interconnected, accessible over networks. This will include devices such as medical equipment and systems. Researchers have already shown these to be hackable, presenting worrying scenarios regarding the safety of patients. If the promise of the Internet of Things is to become a reality, a rethink is required in terms of security. Instead of bolting it on as an afterthought, it must be built in from the outset.
According to urban legend, bank robber Willie Sutton robbed banks “because that’s where the money is.” Today, the number of physical bank robberies has declined dramatically. Instead, criminals have turned their attention to the internet and associated technology, because that is where the money flows today and it can make for easier pickings. Criminal gangs attacking online targets are forming into organisations with resources that could rival large multinationals.
But motivations go beyond money. Cyberactivism is growing all the time and is something we are going to have to learn to live with. Today’s young people—the so-called Generation Y—are growing up with cyber being part of everything they do. They know no other way. The more pervasive technology continues to become, the more cyber security will become a more personal issue. According to Limnéll, every one of us will need will have cyber rights and responsibilities and these will impact every decision that we make.
According to the United Nations, there will be more Chinese-speaking users of the internet than English by as early as next year. It has also been reported that there are already more mobile phones in use in Africa than in the US and Europe combined. Regions previously seen as remote to those in the Western world will gain in significance, forcing businesses out of their own backyards in order to compete more effectively in fast-growing markets. Cyber security is coming to be more than just about high technology. It will see us having to make changes in the way we behave.
The world is changing and we need to adapt to new realities. At a strategic level, we need to adapt the way we develop policies and make industry and business decisions. At an operational level, we need to consider what kind of security procedures, processes and models we need. And at a technical level, we need to develop new ways of solving security problems technologically.
The cyber era is the new reality and we must evolve old ways of thinking if we are all to prosper.