Last year I did a prediction blog (along with almost everyone else with internet connectivity) and had only one glaring “miss.” I predicted that we would have a major cyber event in the United States, and the President would be forced to decide how we would respond, with our own cyber capabilities, or with other, more kinetic means. Well, that clearly (and thankfully) did not happen. I am going to leave this one on my list for 2011. I still hope it will not happen, but unfortunately, my gut says it is coming. That said, let’s see what will happen in 2011.
1. There will be a formal expansion of U.S. Cyber Command’s authorities.
GEN Alexander’s quiet efforts and the nation’s great needs will cause the command to be given more tools through which to protect our digital and digitally enabled infrastructures. This will drive many people crazy and give others some comfort. The authorities will be linked to DHS responsibilities, so for me, it will be comforting.
2. We will see at least two new variations of the Stuxnet Worm released into the wild.
These will target more than Seimens systems and will probably be unrelated to the original Stuxnet. Basically, people will reverse engineer it, alter it for the new targets, and launch the new weapon. The good guys will spend a lot of time and effort to find ways to detect these weapons and counter them. A whole new class of cyber defenders will be developed to deal with these control system attacks.
3. We will see a snowstorm (I am in Northern Michigan writing this) of new products that will claim to address the WikiLeaks kind of problem.
This is mostly hype. While tech can help (anomaly detection, internal access controls), a malicious insider is still mostly a people issue. Be cautious of any claims to a completely tech (and easy) fix for this.
4. We will see comprehensive cyber security legislation pass this year.
In general, this is a good thing, but I am afraid we may see a negative effect on the Tech Business model, causing some price rises. This will be due mainly to attempts to help with supply chain security. The vulnerability of the tech supply chain is a huge issue, which draws great investment from the tech industry (it is our reputation on the line after all). However, many still think a complete “buy American” approach will fix it. It will not, and it will potentially hurt the entire Tech Industry. I hope wiser heads will prevail.
5. The Department of Defense will begin to enforce more standardization of cyber security tools on their massive network of networks.
This will elicit a huge pushback form the services and agencies, which will all claim unique needs, missions and methods are critical to their effectiveness. The new SecDef (yes, Sec Gates will depart very early in 2011) will squash this resistance as one of his/her first shows of authority. Full compliance will be directed, and the demand will be to do it fast. Many will cry “Doom,” but the change will be VERY beneficial. DoD will make great progress, and it will lead to calls for more centralization government wide. This will not occur.
Overall, it will be a better year for cyber security, with awareness and cyber hygiene growing in the general public, and more leaders in government and business beginning to “get it.”
Have a Blessed New Year, be Cyber Smart.