Everybody is putting out their Top 10 lists of predictions for 2011. Not to be left out of the party, below is a list of what we expect to see in 2011 in Cyber Security.
2. Blame the User.
3. Reactive approaches to security will continue to fail.
4. Major Breaches in Sectors with Intellectual Property.
5. Hacktivists will bask in their new-found glory.
6. Critical Infrastructure Attacks.
7. Hello Android.
8. Windows Kernel Exploits.
9. Organized Crime rises.
10. Congress will rear its head.
Phi Beta Iota: Nothing wrong with any of the above, except that they are out of context. As the still-valid cyber-threat slide created by Mitch Kabay in the 1990’s shows, 70% of our losses have nothing to do with disgruntled or dishonest insiders, or external attacks including viruses. Cyber has not been defined, in part because the Human Intelligence crowd does not compute circuits, and the circuit crowd do not computer human intelligence. We are at the very beginning of a startling renaissance in cyber/Information Operations (IO) in which–we predict–existing and near-term hardware and software vulnerabilities will be less than 30% of the problem. Getting analog Cold War leaders into new mind-sets, and educating all hands toward sharing rather than hoarding, toward multinational rather than unilateral, will be key aspects of our progress. Cyber is life, life is cyber–it’s all connected. Stove-piped “solutions” make it worse.