Geopolitical Trends in Cybersecurity for 2015
New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So I will go with the third choice in the hope that, by calling out some of the common threads running through major stories of 2014, we can take some cues for the future.
Wearables may be hacked for personal information: Wearable technologies and high-profile data breaches were two of the biggest technology headlines of 2014. With consumer items such as camera headsets and computerized watches expected to hit markets in 2015, it would be surprising if hackers were not already working on ways to gain access to the personal health and lifestyle information that will be recorded on these devices and stored in the cloud. Makers of these technologies will have to hit the ground running in terms of security. Experience shows that early versions of new devices rarely have the luxury of thorough debugging before they arrive on store shelves. Let the buyer beware.
Businesses won’t resort to retaliatory cyber offense: 2014 witnessed dramatic cyber attacks against big-name companies in retail, financial, and entertainment industries. Familiar questions of attribution and the threshold for government retaliation to cyber attacks dominated the blogosphere over the holidays. Some media reports suggested that businesses, fed up with the apparent inability of governments to protect them from cyber sabotage or extortion, might be forced to go on the offensive against their attackers. I don’t think this is likely. Even if companies can catch a bad actor’s hand in the cookie jar, the number of things that could go wrong in an attempted retaliatory move are so numerous and legally tenuous that it is unlikely on a large scale.
Privacy advocates may cede ground to security advocates: Several developments in 2014 impacted the public debate over security and privacy. These include the rise of transnational terror group Islamic State (IS), and terrorist attacks in Canada and Australia. There were also violent incidents in the US involving law enforcement that lead to large-scale public protests, and dramatic attacks against a satirical magazine in Paris. Recent calls for wider use of wearable and dash-mounted cameras might have been a non-starter a year ago, when anger over bulk data collection and law enforcement use of drones dominated headlines. In 2015, pressure for stricter oversight of public authorities, government information sharing, and more nuanced security practices will continue to impact communications technologies. Security specialists know that security-versus-privacy is not a zero-sum proposition, but corporate decision-making nevertheless will be highly reactive to public opinion in coming months.
Cyber weaponization may continue to evolve: In 2015, IS will remain focused on building an Islamic caliphate in the Levant, while its opponents will make progress in degrading and destroying the group’s capabilities and sources of finance. As a result of this inward focus, the group’s activities outside the Middle East—both kinetic and cyber—will probably be minimal. Perhaps the greater threat is from inspired copycats, who may be anywhere and virtually impossible to identify ahead of time. Alternatively, Al Qaeda-affiliated groups, feeling upstaged by IS perhaps, may seek to demonstrate their continued relevance. Critical infrastructure security specialists will continue hardening networks, in the hope that they can stay ahead of opportunists bent on weaponization scenarios, some of whom may be insiders with privileged access.
Policy and public opinion challenges for technology companies may intensify: As Internet technologies pervade every aspect of our lives, disruptive pressures on established business models are prompting calls for a re-levelling of the playing field, often through legal means. On a microeconomic level, we saw this play out last year in pressure on technology-driven business models for online books sales, mobile payments, vacation home rentals, and taxis-via-app. This is also playing out on a macroeconomic level. Slower economic recoveries in some parts of the world, particularly Europe, may be contributing to frustration against foreign companies that may be winning attention and market share for their technological innovations. In 2015, cutting-edge technology companies may perceive they are being scapegoated or punished; that may simply be the price that market disrupters pay.
Security may hinder usability: As the Internet of Things takes up residence in our appliances, our groceries, our cars, and everything else we touch, the struggle for miniscule computing real estate is underway. Trade-offs between user features and security will be actively debated. In 2015, users may feel the impact as companies—chastened by the high profile hacks of the past year—try to strengthen security measures in devices already at the limits of computing power. Or, perhaps more likely, the lack of security in these tiny devices may lead to new breaches.