Uncertain Future – Part IX – Physical Security

Changing gears from cyber security to the tangible world, 2015 saw one of bloodiest years on record since the end of World War II. Terrorism that originated in Middle Eastern conflicts has spread out and is beginning to become commonplace in Europe and even starting to appear, yet again, in the United States. The Charlie Hebdo and November 2015 Paris Attacks, along with a third attempt foiled by the presence of American military veterans rocked Europe as the world mourned for them. In the US, a similar, though far less attack, took place in San Bernardino, California. Between these three major attacks, around 160 people were killed. This, however, pales in comparison to the world-wide effects of terrorism. In total, there were nearly 400 terrorist attacks around the world that we know of [51]. In that, it is likely that more than ten thousand people lost their lives in acts of pure terror. I say pure terror, not to add drama to the point, but to differentiate these acts from the similar acts of violence. Acts of warfare, kidnapping, and social strong-arming are being ignored, as their practice has exploded in the last decade to unestimatable levels.

How this will affect the world in the next twenty years is that people, meaning nations, firms, and individuals, will be taking greater steps towards ensuring their own safety in the event of attack. For many, this will see annual trainings being required at many workplaces and schools. Many are already doing this. In another answer, I described how the last decade of terror and threat of “active shooters” has led to new methods and tactics aimed at empowering the individual victim to better deal with theses threats in a way that mitigates their danger, or when cornered in the worst case scenario, confront and attempt to neutralize the attackers. One such training program is ALICE, controversial in that it actually coaches victims of an active shooter incident to fight back as a very last. [52]

Advertisements

Uncertain Future – Part II – Information Security

Information Security

Not every bad thing can kill you. Oh sure, there are many things that can still ruin your life, but most won’t kill you.

Something that has remarkably changed in last twenty years is something that didn’t exist twenty years before it – online security. The information we publish online about ourselves, the groups we associate with, and even our country, can devastate our lives, or even the lives of people we will never meet. This is so true, that to sign on to read this article, you no doubt had to fill out at least four passwords. Then there is work email, phone keys, banking password, anything associate with a bill, your firewall software (that one’s ironic) and anything with the Apple logo that assumes anyone with fat fingers are criminals and forces you redo your freaking password every single time I try to buy a song… legally (that’ll teach me the punishment for being good.)

In fact, the information that exists in the open is an entire field of spycraft. Open-source intelligence (OSINT) is intelligence collected from publicly available sources. It is the science of gathering executable knowledge to use against someone which they have willingly left available to the world. That’s not true, some of that knowledge could be stolen and published already, without the subject’s knowledge, and certainly without their permission. In my book, The Next Warrior, which deals with exploring the real way technology will change the face of warfare in the next few decades, this concept is explored with a young female spy named Samantha Avery. In 2026, Avery isn’t like the modern day spies, case officers that are employed by the CIA. She sits at a desk and gathers information at her comfortable office outside Washington DC. What makes her special is the ability to find and pool vast databases and other intelligence sources hidden throughout the internet to decipher useful information and patterns her clients are willing to pay desperately for. Why is this special in 2026, when we have Google today? One might only look back to 2006, when there were only 85,507,314 websites in existence. For a better understanding of how much things have changed, as I write, there are 998,253,877[1], just shy of a billion. Sure Google will still be a valuable tool, but as the rest of this section will show you, the information you can access via Google is limited. Beyond the reach of search engines is information hidden in the dark web, databases and forums which house classified, illegal, or personal information that some would pay well to know, or for Avery’s case, just pay well to know what to do with it.

That said, Cyber Security is already a big deal today. The world isn’t waiting for 2026 when Supersleuthes have already mastered the art of unburrying skeletons. Between personal invasions of privacy, to massive breaches of corporate firms and even national governments, the industry surrounding cyber security has exploded to levels we haven’t seen ever. In the future, this will be even more true. When we consider the other answers, which show a future possible (almost certain) marriage between our electronics, communications, cars, homes, and entertainment unseen today, and add with them more levels of privately controlled automated drones, our augmented reality suites, driverless everything; all at work, school, home, and at play, security analysts cringe at the myriad of ways in which these technologies will interlock and overlap – each time creating a new vulnerability and entry into our own private motherload of personal information. In truth, swarm technology and the internet of things is a terrifying concept, because with each new device that enters our sphere of influence, we experience a new breach point to our data, one that hackers can use to enter into our lives.

Take Nicholas Allegra. He’s a hacker who makes a hobby out of defeating Apple’s best and brightest security chiefs.  [2]

“It feels like editing an English paper,” Allegra says simply, his voice croaking as if he just woke up, though we’re speaking at 9:30 pm. “You just go through and look for errors. I don’t know why I seem to be so effective at it.”

Going by the hacker name Comex, Allegra created the JailbreakMe code, which allowed millions of users to upload any applications they wanted to Apple’s infamously restrictive devices. The way he did it was through exploiting a bug in how Apple’s mobile operating system iOS handles PDFs fonts. That allowed him to both locate and repurpose hidden commands. That critical flaw allowed a series of exploits that not only gains… blah, blah, blah, technical nerd jargon. The point is, this kid was able to publish code allowing millions of people to manipulate their phone against the creator’s wishes because of the way the phone read fontson pdfs.

“I spent a lot of time on the polish,” Allegra says with a hint of pride.

As I said before, these sorts of security failures aren’t limited to phones. In the next era of technological revolutions, new methods will open to new exploits in the same way that a 19 year old can crack the world’s safest phone. In a further example of how more tech means more problems, security researcher Nils Rodday is preparing a demonstration for the RSA security conference in San Francisco that will show how he is able to hack and take control of police drones from more than a mile away. [3]

“…flaws in the security of a $30,000 to $35,000 drone’s radio connection allow him to take full control over the quadcopter with just a laptop and a cheap radio chip connected via USB. By exploiting a lack of encryption between the drone and its controller module known as a “telemetry box,” any hacker who’s able to reverse engineer the drone’s flight software can impersonate that controller to send navigation commands, meanwhile blocking all commands from the drone’s legitimate operator.

I’m just going to take this opportunity to remind people that these things exist, and leave it at that.

Personally, I’m just glad people like Nils Rodday and Comex aka Nicholas Allegra are at worst chaotic good, working for the betterment of us all through nefarious means, rather than a full on evil geniuses.

There are, however, lots of evil people on the internet and many of these people want to do you great harm, or at least, have no concern for your well being as they attempt to make a better life for themselves. Whether it is because of a lone wolf cyber idealist like Comex; a community of hackers with motivations ranging from patriotism, sexism, anarchism, or just for the lulz; corporate hackers out to steal your money; or national hackers out to bring down the power grid, the internet is growing a more dangerous place, and Wall Street knows it.

HACK, the exchange-traded fund bundling 30 cyber security companies, has seen quite a year for just these reasons. Last year, following a spree of high profile hacks across several industries, the fund skyrocketed, increasing in value nearly 30% in only six months to over a $1 billion market cap. [4] Since June, the value in the fund has receded, along with the entire sector. Since the downturn, however, these security companies are coming together, literally, to shake up the security industry again. In the last quarter, niche security companies that weren’t able to compete on their own, are merging together and with much larger firms to solve problems some thought we wouldn’t have cracked for another decade, along with others, no one predicted.

Last year, there were 133 security M&A deals, up from 105 in 2014, according to 451 Research’s February report on the tech outlook for 2016.  Its recent survey of investment bankers showed that security is expected to have the most M&A activity this year, surpassing mobile technology for the first time in six years.

What this means is that many of today’s fears and concerns for tomorrow are getting a lot of attention, and new methods to solve them are gathering steam and energy to attempt the mitigate the flood of invasions expected in the next two decades. One of the biggest leaders in this is a company you know well. Microsoft is shoring up their defense against cyberattacks by purchasing many of these fledgling firms into their corporate umbrella, creating several new layers between its customers (along with itself) and would be hackers.  [5] The majority of the new additions came from startups that didn’t really have a place in the industry, solving problems too specific to truly go it on their own, but filled with good ideas and brilliant people. Microsoft’s recent acquisitions have been intended to add new capabilities, as well as new minds to the brain pool of Seattle. The hope is that, as these new units are integrated, the company will be capable of creating value and new technologies that will keep Microsoft and its users secure for at least the span of this question.

So here’s the real question: What exactly is it that Microsoft is so afraid of? Throughout this answer, I’ll attempt to explain some the risks that have the world’s largest tech firms, and even the world’s largest nations, preparing for a battle that we all need them to win. We will start off small with things that can only ruin your life, and then work up to the stuff that can legitimately break the world.

Uncertain Futures – How Safe Will You Be and How Security Will Change in the World of Tomorrow

I’m starting a multipart series on what are the biggest ways in which the world will be be different 20 years from now, with a key focus on how changes in the security fields will impact all of our lives.

When you ask most people what the groundbreaking “X-factors” of the future will be, they’ll say many wildly bold, exciting, and optimistic predictions of a future not far from us today. So far, answers to that question have ranged from technological leaps in machine automation, biotech, robotic swarms, and 3D printing; to social evolutions such as the conversion to all credit economies, an end to diseases, the post-scarcity, and new levels of international individual equality. Yet more promise better governance via more openness, and even a possible end to war through an even more interconnected world. Of course, others are going the other direction with predictions of diseases we haven’t yet discovered, or worse, haven’t yet invented. Some warn weapons too terrifying to detail. Others have echoed cautionary tales against the possible destruction of us all through climate change, energy crisis, nuclear devastation, and now to add to the list… radical religious fundamentalism.

As I examine the answers I wonder to myself what the odds of any one of these outcomes may be. Some seem well thought out, bringing in insights from brilliant minds. Some are simply ridiculous. I am left, however, with one surreal and terrifying truth… at least a few of them will be right. Some of these predictions, wild as they may be, will come true. The sad thing is, we aren’t really sure which ones. All we can be sure of, is that there will be change. Change, however it happens, is the one certainty among all this speculation.

Change will most certainly come, but it won’t come alone. After great change, there is always a period of disruption. Disruption is often used in Silicon Valley to symbolize the moment one company strikes it rich by finding an unknown vacuum to fill, a need to satiate, or dismantling an inefficient system. For many others, it is the fear that automation will leave them and millions of others out of a job and no hope to fill it. To some governments, disruption means a protest of thousands of angry and jobless people turning into a riot, or even a full blown rebellion. Disruption may be in the creation or destruction of entire industries, or as has been the case very recently, entire regimes. Most of the world has already experienced a decade pass where we feel less safe, less secure, and less sure that some catastrophic event won’t destroy our lives in the blink of an eye or the click of a mouse. Likewise, many millions have already felt the effects of change destabilize their nations with ramifications that will echo for years to come. Many of the other answers to this question have illustrated why, whether they intended to or not.

Consider a case study in change and disruption that was the Arab Spring of 2010. Then, new technology gave way to empowering the youth of several nations with information. A wave of democratic energy swept across the region. Caught in this wave were dictators over nations like Libya, Tunisia, Egypt, and Syria. The world watched in amazement as millions upon millions flooded streets to demand change. To them, change indeed came. In several nations, reforms are taking root, and dictatorial regimes have been replaced, if not ousted entirely. Millions are indeed living freer lives.

But…

At the same time, today there are three nations currently gripped in struggles of civil war, numerous uprisings already violently crushed, millions already killed, and many tens of millions of people displaced from their homes both nearby and across the world. Worse yet, chaos and anarchy in the region formed in the void of power that once existed under the despots who ruled there. In that void grew medieval death cults bent on absolute devastation and the full scale disruption of the Western world, for no other reason than that the West needed to be disrupted. Today, news of the Middle East centers only on one word – Chaos.

This isn’t to say that change is necessarily a bad thing, nor even that the disruption that change brings is evil in itself. It is just acknowledging that change happens, and that where change occurs, not far behind it, disruption is sure to follow. Finally, where disruption takes place, as we have seen in Middle East, instability is sure to follow, as well. It is this instability that leads to the crises which we hear about daily, and this instability that creates an ever widening gulf between where are today and the world we envisioned for it twenty years ago. Furthermore, as we experience yet more change, the kinds of technological, social, and political changes highlighted over and over throughout this question, instability will build upon itself, sometimes making way for progress and improvements, but other times, most of the time, preparing the ground for the kinds of horrors that only come from the vacuum where order once existed. It is in these environments desperation happens, and the kind of dangerous actions take place which only further dismantle everything. We see a model of this in Syria, where a desperate leader does unspeakable things to his people, to stop rebels and religious fanatics, all empowered by modern technology, both military and civilian. From the chaos of that nation we have seen yet more chaos spread far beyond when millions fled to Europe, bringing with them terror hidden as one of the refugees.

For this reason, the real “X factor” won’t be any one technology or suite of technologies. It won’t be an idea or a revolutionary act of governance, nor will be the culmination of one single ideological movement. The real “X factor” will be how we deal with all of these changes that are sure to come. How do we deal with change which could come from any source, at any time? How can we continue our operations when others fall into chaos? How do we guarantee safety when we have no guarantees on what tomorrow will look like? The world will change, but it will be the people who can adapt to that change that will survive it the best. Those people are going to be the ones who protect themselves, their communities, and their assets. As others fail and a little bit more chaos is built, these groups and individuals will be those who provide the long term stability needed and become anchors in ever changing worlds. For that reason, the true “X-factor” in the future will be the force, in all its forms, that allows the most positive change for the greatest numbers of people, while preventing the kinds of negative change that pulls us all a little bit closer to the abyss.

The factor, is security.

But wait, security isn’t something that is “possible.” It is everywhere around us already. While I would agree, this answer will seek to explain just how good our security needs to be in the future, and how it has failed us today. More so than this, I want to show all the needs we have for security already, and how improbable it is that we will live in perfect peace in the next twenty years. Internationally, 2015 saw a surge in terrorism born from conflicts in the Middle East. Attacks in Paris, one at the beginning and again the end of the year, along with another in California, woke many in the West to the present threat that exists when terrorists inspired by jihad overseas are brewed at home. The year also saw tens, perhaps hundreds of thousands of individuals hacked in some of the largest information attacks in history. Going beyond this, privately operated drones are now being empowered not only to deliver mail to our doorstep, but to look right in on our lives, as well. What this means for today is a desperate scramble to attempt to find a new normal which we can all feel a sense of peace. What it will mean in the next twenty years is a complete change in the way we see the security industry, and scale which we deal with it in our daily lives.

The rest of this series will be dedicated to listing some of the ways the security industry will need change, and how those changes will affect off all of us. Perhaps more than the question asked, this answer will leave you realizing one truth. Anyone can handle when something goes right, and some new technology makes your life better, but who is going to be left when everything goes to Hell?