Home / Blogs

The Top 3 Emerging Threats on the Internet

Terry Zink

Last week at RSA, Bruce Schneier gave a talk on the top 3 emerging threats on the Internet. Whereas we in the security field usually talk about spam, malware and cyber crime, he talked about three meta-trends that all have the potential to be more dangerous than the cybercriminals (he talks a bit about it here).

Below are my notes.

1. The rise of big data

Schneier's first threat was the rise of Big Data. This is data that is collected by companies like Google, Facebook and Amazon without their users' knowledge or consent. With technical advancement, the cost of storing data and analyzing it has dropped to almost zero. It is cheaper to save everything than to decide whether or not to delete it (how much email do you delete in your Outlook inbox?). Search has become easier than sort. All of this data is going to the cloud and the cost that dominates is the sysadmin costs. To most users, this is preferable because if they screw up, the data is still there and not deleted. The goal of all of this is for companies to make judgments about us — what we like, what ads are relevant, our credit worthiness, etc.

Why is this a threat?

The reason is Big Data as a lobbying force. It is becoming a powerful industry and a lot of money is invested in being able to buy and sell data (in the US; in Europe it's different). Therefore, there's a lot of money invested to make sure that things stay this way, and resist calls for regulation.

2. The threat from government

As more and more people move towards doing their daily tasks on the Internet, more crime has moved onto the Internet. This is not because of some inherent weakness of the Internet, but that the criminals are following the money. As a result, more laws relating to the Internet are being passed at the request of law enforcement.

During the middle of the 1990's, Schneier coined the term "The Four Horseman of the Internet Apocalypse" which were the four areas that law enforcement would crack down on. These were Terrorism, Kidnapping, Drug Dealers and Child Pornography. Politicians want to be seen as tough on crime, and people want to make the 'net safer. As a result, we get Internet regulations that don't help; people that aren't in our community come in and say "Do that and make stuff safer" even though the security industry says that it won't help.

When we see gov't intrusion, it's usually in response to one of those four threats. For example, the NSA required AT&T to allow them to eavesdrop on people without a warrant. In the past, the FBI made phone companies redesign their equipment in order to make listening in easier (consider circuit switching vs. packet switching). With today's modern communications, people don't talk to each other over the Internet. The worst case is (for gov't) Skype; because it is encrypted end-to-end, the FBI cannot listen in the middle without forcing an insecure redesign. Data retention laws are another area where law enforcement is a player. They could force companies to retain data longer in case they want to look at it one day to combat one of the four threats.

It is easy to get bad laws because the force of common sense is a terrible lobbying group. The reason why SOPA and PIPA died is not because common sense prevailed, nor because Wikipedia went dark, but because large companies like Google got behind the blocking of the bills. In other words, powerful lobbies whose interests the bills were not in, defeated the bills.

3. The cyber arms race

The cyber arms race has lots of rhetoric with lots of exaggeration. There is lots of fear and posture including people in the military who say there are big, scary things that threaten civilization. As a result, they propose technologies be built like an Internet kill switch.

The result of the cyber arms race is more gov't involvement in standards, more gov't involvement in offensive attacks (e.g., Stuxnet), and nations stockpiling cyber weapons. The result is less stability in cyber space.

When you have a Cyber Command, you need stuff to do. Therefore, we can expect to see recon missions like we saw during the Cold War. This is the doctrine of Preparing the Battlefield. In the US and China, you penetrate networks to see where the vulnerabilities are working, and perhaps leave behind things that will help you get in later or set off a logic bomb. The US is currently doing this, and probably China. The problem is that because this is so new, decisions about this sort of thing are being made at a lower level in the command structure.

What does this all mean?

As the stakes become higher, attackers will become more sophisticated with more targeted attacks (e.g., APTs). IT security industry has a lot of technical work to do, but will see less direct consumer work. We will sell directly to the vendor (i.e., Apple) who packages it and sells it to the consumer. Selling to users will fade and instead we sell to aggregators. Also, IT industry will have to get involved in politics more and more. Battles are won and lost there; SOPA and PIPA will continue. Finally, good political solutions will be necessary because tech solutions will not be enough.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: Cyberattack, Cybercrime, Data Center, Internet Governance, Malware, Policy & Regulation, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

The four horsemen are five Carlos Afonso  –  Mar 06, 2012 10:02 AM PDT

Zink skipped the fifth horseman, who is pushing hard at governments in many countries for restrictive legislation and censorship, and are the force behind bills like SOPA and PIPA: this horseman represents the big intellectual property rights companies.

--c.a.

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

3 Questions to Ask Your DNS Host About DDoS

Afilias Director Wins ICANN's 2014 Leadership Award

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Neustar to Build Multiple Tbps DDoS Mitigation Platform

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

New gTLDs and Best Practices for Domain Management Policies (Video)

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Neustar to Launch usTLD Stakeholder Council

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

Sponsored Topics

Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Afilias

DNS Security

Sponsored by
Afilias