Bruce Schneier on the 10 year security outlook (it's worrisome)

Bruce Schneier on the 10 year security outlook (it's worrisome)

Summary: Technology will evolve as computers become 100 times more powerful in 10 years. IT systems will become so interconnected that the risk of failures will escalate.

SHARE:
TOPICS: Browser, CXO, Security, Telcos
4

Technology will evolve as computers become 100 times more powerful in 10 years. IT systems will become so interconnected that the risk of failures will escalate. And endpoints will never be secure.

Meanwhile, the same old crimes--fraud, theft, impersonation and counterfeiting--will remain old standbys as new technology leads to new attacks.

These are just some of the takeaways in a conversation posted by Bruce Schneier. In the discussion, which is from TechTarget's Information Security magazine's 10th anniversary issue (January, 2008), Schneier speaks with Marcus Ranum about security in 10 years. It's an interesting read definitely worth a look.

A few takeaways:

Crime will move quickly.

Schneier says:

Fraud, theft, impersonation and counterfeiting are perennial problems that have been around since the beginning of society. During the last 10 years, these crimes have migrated into cyberspace, and over the next 10, they will migrate into whatever computing, communications and commerce platforms we're using.

Ranum says:

You can't turn shovelware into reliable software by patching it a whole lot.

My take: Not terribly comforting. But not surprising either. Will the defenders be able to adapt fast enough? Probably not. Is there a better model than patching?

Cascading IT failure is inevitable.

Ranum says:

I believe it's increasingly likely that we'll suffer catastrophic failures in critical infrastructure systems by 2017. It probably won't be terrorists that do it, though. More likely, we'll suffer some kind of horrible outage because a critical system was connected to a non-critical system that was connected to the Internet so someone could get to MySpace -- ­and that ancillary system gets a piece of malware. Or it'll be some incomprehensibly complex software, layered with Band-Aids and patches, that topples over when some "merely curious" hacker pushes the wrong e-button. We've got some bad-looking trend lines; all the indicators point toward a system that is more complex, less well-understood and more interdependent. With infrastructure like that, who needs enemies?

Schneier says:

By 2017, the interconnections will be so critical that it will probably be cost-effective -- and low-risk -- for a terrorist organization to attack over the Internet. I also deride talk of cyberterror today, but I don't think I will in another 10 years.

My take: Infrastructure in the U.S. is fragile. And the problem is only getting worse. A massive IT blowup that takes out a power grid or even the Internet is highly likely. The only question is what the trigger will be.

IT services as utility could escalate risk.

Schneier says:

By 2017, people and organizations won't be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We're starting to see this trend today, and it's going to take off in the next 10 years. Where this affects security is that by 2017, people and organizations won't have a lot of control over their security. Everything will be handled at the ISPs and in the backbone.

Ranum says:

So if you're saying the trend is to continue putting all our eggs in one basket and blithely trusting that basket, I agree.

My take: The IT services movement essentially gives hackers one throat to choke. The big emerging worry is the loss of control for customers.

Topics: Browser, CXO, Security, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • My view

    "IT systems will become so interconnected that the risk of failures will escalate."

    IT systems will hopefully use the increased connectivity to increase redundancy to counter this. One node failing should not bring down the entire network.

    "And endpoints will never be secure."

    Yes and no. Security technology is improving, so it's not as hopeless as it seems. As always, it's a matter of balancing security against convenience.

    "By 2017, people and organizations won?t be buying computers and connectivity the way they are today. The world will be dominated by telcos, large ISPs and systems integration companies, and computing will look a lot like a utility. Companies will be selling services, not products: email services, application services, entertainment services. We?re starting to see this trend today, and it?s going to take off in the next 10 years."

    People said that ten years ago. It didn't happen. Ten years from now, he'll still be saying the same thing and it still won't happen.

    And I'll fight it tooth and nail, because it benefits nobody. For exactly the reasons he says. SaaS is our enemy, not our friend. I don't like it and I don't want it. I want to have all of my applications on my computer, not in the "cloud."
    CobraA1
    • I Agree

      When you start to fight, you can count on me. I too will fight any movement to have all my applications and the security of all my information dependant on the service of any ISP. I barely trust them just to provide me with Internet access. No, I will fight with you to the end. Viva la software, no matter how bad it may be.
      cmichael@...
  • The web needs to be rebuilt

    Bruce Schneier is usually good at guess out comes, though this one seems to be self evident. I think the issue will require that the internet be rewritten from the ground up. The back bones of the current web, DNS, TCP/IP never were designed to handle the web as it now lives. Saddly, it will be need to be more controlled and more regulated. The end of the wild west.
    gurg13
  • RE: Bruce Schneier on the 10 year security outlook (it's worrisome)

    There will be a rude awakening for all the trusting users out there. I wonder what will happen when people stop accepting electronic payments and goes back to cash.
    oakenwall