Jiri’s Notepad

This was a panel with several different perspective on where the world is going to be in 10 years time.

Introduction
Chris Potter, PWC

If we were to look 10 years out, what would be different? Because security incidents are a byproduct of changes in business and technology environment, we need to look out to the changes in a broader environment:

• Increasing staff turnover
• Outsourcing and offshoring
• Increasing bandwidth and death of a distance
• Network boundaries expanding and becoming wireless
• Mobile telephony, convergence and digital TV
• Techno-savvy younger generation

It is impossible to guess future, but we still need to have a vision of where the world is heading to.

Trusted Computing – Benefits & Challenges
Shane Baife, Royal Holoway, University of London

Why can’t you trust your computer? Malware is getting more sophisticated, working on industrial scale. Once infected, the platform is no longer under your control and cannot be trusted. What is trust? Expectation that a device will behave in an intended manner.

Trusted Computing= trusted platform modules plus

• Integrity measurement & storage,
• Attestation (checking of the state of the device),
• Protected storage (bind data to a unique platform in a cryptographic manner
• Software isolation (compartmentalisation of memory – security process running completely separate from other processes)

Key Challenges

• Usable security [Note JL: this is IMHO one of the fundamental points]
• Global PKI required to enable the concept

Mobile Computing
Howard Schmidt

Today we are facing issues that are conceptually similar to those we had ten years ago. It’s only that the computers and communications are much more widespread. How will the internet look like in ten years’ time?

In ten years time…

There will be 2bn devices, which translates to 10 IP addresses for every person on the Internet. Mobile devices will be more powerful than desktop computers and they all be connected to everything else. You will go shopping and after buying what you wanted you just walk out and the goods will get charged to the mobile. Then you put your shopping in the fridge, which will automatically update the inventory. When the food goes off and you throw it away, your bin will check what you bought and thrown away and adjusts your future shopping plans. It will also notify your financial system to make appropriate changes to your financial plans. You will have calendaring system connecting all family members and friends, your work, hobbies and television shows. Medical devices will be connected, monitoring bodily functions and external environment, alerting your GP when necessary and recommending you the right nutrition. It will work globally, regardless of your city, country or airport. It will be more user friendly. A global, federated, identity management (see global PKI above) will enable this type of functionality.

We will own our data. We will be able to sign up to a loyalty programme, but also unsubscribe . We will be able to provide data temporarily to the parties that need it (e.g. for credit check) with specified expiry period after which the data will self destruct.

Technology will evolve to support this new ultra mobile world. There will be a variety of mobile protocols including a number of new ones. We will need to understand their security impacts. There will be a new generation of software. We should try to avoid inherent vulnerabilities. The weakest link will be something unexpected, e.g. power management or environmental impact.

Generation Z and Enterprise Data Protection
Nigel Stanley, Bloor Research

People are always the weakest link and we are entering into the Golden Age of computer crime.

The demographics is changing: Generation Y is entering the workplace with a very different set of expectations. Web 2.0 is the way they work. We (security professionals) need to understand them – their culture, language, expectations; currently we don’t.

In ten years we can expect:

• Growth of virtual worlds leading to illicit real world activities (e.g. drug dealing and money laundering) overflowing into virtual realities and vice versa (people being killed for stealing a sword of destruction in VR)
• E-crime will professionalise and grow into professionally run organisations with marketing, sales, technicians. Nation states will sponsor information warfare. Quite possibly, the traditional bank robbery will come to an end. Why bother robbing banks?

To deal with it, security will have to be baked in, yet there will always be room for small innovative companies. But people problems and desires and motivations will remain the same.