Home / Blogs

The Top 3 Emerging Threats on the Internet

Terry Zink

Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet. Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more dangerous than the cybercriminals (he talks a bit about it here).

Below are my notes.

1. The rise of big data

Schneier's first threat was the rise of Big Data. This is data that is collected by companies like Google, Facebook and Amazon without their users' knowledge or consent. With technical advancement, the cost of storing data and analyzing it has dropped to almost zero. It is cheaper to save everything than to decide whether or not to delete it (how much email do you delete in your Outlook inbox?). Search has become easier than sort. All of this data is going to the cloud and the cost that dominates is the sysadmin costs. To most users, this is preferable because if they screw up, the data is still there and not deleted. The goal of all of this is for companies to make judgments about us — what we like, what ads are relevant, our credit worthiness, etc.

Why is this a threat?

The reason is Big Data as a lobbying force. It is becoming a powerful industry and a lot of money is invested in being able to buy and sell data (in the US; in Europe it's different). Therefore, there's a lot of money invested to make sure that things stay this way, and resist calls for regulation.

2. The threat from government

As more and more people move towards doing their daily tasks on the Internet, more crime has moved onto the Internet. This is not because of some inherent weakness of the Internet, but that the criminals are following the money. As a result, more laws relating to the Internet are being passed at the request of law enforcement.

During the middle of the 1990's, Schneier coined the term "The Four Horseman of the Internet Apocalypse" which were the four areas that law enforcement would crack down on. These were Terrorism, Kidnapping, Drug Dealers and Child Pornography. Politicians want to be seen as tough on crime, and people want to make the 'net safer. As a result, we get Internet regulations that don't help; people that aren't in our community come in and say "Do that and make stuff safer" even though the security industry says that it won't help.

When we see gov't intrusion, it's usually in response to one of those four threats. For example, the NSA required AT&T to allow them to eavesdrop on people without a warrant. In the past, the FBI made phone companies redesign their equipment in order to make listening in easier (consider circuit switching vs. packet switching). With today's modern communications, people don't talk to each other over the Internet. The worst case is (for gov't) Skype; because it is encrypted end-to-end, the FBI cannot listen in the middle without forcing an insecure redesign. Data retention laws are another area where law enforcement is a player. They could force companies to retain data longer in case they want to look at it one day to combat one of the four threats.

It is easy to get bad laws because the force of common sense is a terrible lobbying group. The reason why SOPA and PIPA died is not because common sense prevailed, nor because Wikipedia went dark, but because large companies like Google got behind the blocking of the bills. In other words, powerful lobbies whose interests the bills were not in, defeated the bills.

3. The cyber arms race

The cyber arms race has lots of rhetoric with lots of exaggeration. There is lots of fear and posture including people in the military who say there are big, scary things that threaten civilization. As a result, they propose technologies be built like an Internet kill switch.

The result of the cyber arms race is more gov't involvement in standards, more gov't involvement in offensive attacks (e.g., Stuxnet), and nations stockpiling cyber weapons. The result is less stability in cyber space.

When you have a Cyber Command, you need stuff to do. Therefore, we can expect to see recon missions like we saw during the Cold War. This is the doctrine of Preparing the Battlefield. In the US and China, you penetrate networks to see where the vulnerabilities are working, and perhaps leave behind things that will help you get in later or set off a logic bomb. The US is currently doing this, and probably China. The problem is that because this is so new, decisions about this sort of thing are being made at a lower level in the command structure.

What does this all mean?

As the stakes become higher, attackers will become more sophisticated with more targeted attacks (e.g., APTs). IT security industry has a lot of technical work to do, but will see less direct consumer work. We will sell directly to the vendor (i.e., Apple) who packages it and sells it to the consumer. Selling to users will fade and instead we sell to aggregators. Also, IT industry will have to get involved in politics more and more. Battles are won and lost there; SOPA and PIPA will continue. Finally, good political solutions will be necessary because tech solutions will not be enough.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: Cyberattack, Cybercrime, Data Center, Internet Governance, Malware, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

The four horsemen are five Carlos Afonso  –  Mar 06, 2012 10:02 AM PDT

Zink skipped the fifth horseman, who is pushing hard at governments in many countries for restrictive legislation and censorship, and are the force behind bills like SOPA and PIPA: this horseman represents the big intellectual property rights companies.

--c.a.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Afilias Joins Internet Technical Leaders in Welcoming IANA Globalization Progress

Why Managed DNS Means Secure DNS

2013: A Year in Review, End of Year Message from DotConnectAfrica

SPECIAL: Updates from the ICANN Meetings in Buenos Aires

Rodney Joffe on Why DNS Has Become a Favorite Attack Vector

DotConnectAfrica Attends Transform Africa 2013 Summit in Rwanda

Motivated to Solve Problems at Verisign

DCA Trust Raises Ethical Questions, Writes to Newly Elected African Union Leaders on .africa Debacle

DCA Registry Services Kenya Participates in 2nd African IGF - Updates its .africa Bid

Diversity, Openness and vBSDcon 2013

DotConnectAfrica Refuses to Withdraw its Application for .Africa before Accountability Hearing

Neustar's Proposal for New gTLD Collision Risk Mitigation

SPECIAL: Updates from the ICANN Meetings in Durban

IT Project Management: Best Practices in Small-Scale Engagements

Sponsored Topics