Thursday, December 20, 2007

Predictions for 2008

For the last five years I've resisted the urge to write year-end predictions (thanks Anton). However, I'm seeing indications of the following, so maybe this is more about highlighting trends than taking wild guesses.

Here are my five predictions for 2008.

  1. Expect greater government involvement in assessing the security of private sector networks. I base this item on what's happening in the UK following their latest data breach. The article Data watchdog seeks dawn-raid powers states the following:

    The Information Commissioner’s Office (ICO), which polices the security of the nation’s data, is to be given the power to raid Government departments suspected of breaching protection laws.

    The move, announced today by Gordon Brown, comes in response to the loss by HM Revenue & Customs (HMRC) of personal details of some 25 million Britons. The Prime Minister said the ICO would be given extra powers to carry out “spot checks” of government departments.

    However, it is unclear whether the new powers will extend to companies - something that Richard Thomas, the Information Commissioner, is pressing for.

    "Alarm bells must ring in every boardroom," Mr Thomas said today.

    He added: "For some time I have been pressing the government to give my Office the power to audit and inspect organisations that process people’s personal information without first having to get their consent."

    Mr Thomas also repeated a call for the law to be "changed to make security breaches of this magnitude a criminal offence."
    (emphasis added)

    Security raids would be an amazing event. I think it would significantly alter the way security is managed by every major company.

  2. Expect greater military involvement in defending private sector networks. I base this item on reporting by the Baltimore Sun, no longer posted on their site but repeated elsewhere:

    In a major shift, the National Security Agency (NSA) is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials.

    From electricity grids to subways to nuclear power plants, the United States depends more than ever on Internet-based control systems that could be manipulated remotely in a terrorist attack, security specialists told The Baltimore Sun.

    The plan calls for the NSA to work with the Department of Homeland Security (DHS) and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the "Cyber Initiative." Details of the project are highly classified.

    Director of National Intelligence Mike McConnell, a former NSA chief, is coordinating the initiative. It will be run by the DHS, which has primary responsibility for protecting domestic infrastructure, including the Internet, current and former officials said.

    At the outset, up to 2,000 people -- from the Department, the NSA and other agencies -- could be assigned to the initiative, said a senior intelligence official who spoke to The Baltimore Sun on condition of anonymity.


    I know nothing about this outside of what I just posted, and the story House panel chief demands details of cybersecurity plan discussing activities of the US House Committee on Homeland Security.

  3. Expect increased awareness of external threats and less emphasis on insider threats. Maybe this is just wishful thinking, but the recent attention on botnets, malware professionalization, organized criminal cyber enterprises, and the like seems to be helping direct some attention away from inside threats. This may be premature for 2008, but I expect to see more coverage of outsiders again.

  4. Expect greater attention paid to incident response and network forensics, and less on prevention. This could also be wishful thinking, but I am seeing a lot of movement in the commercial space involving effective incident response processes and tools. I've been speaking to several vendors while I build my IR and forensics lab for work and 2008 will see some very cool capabilities arrive, particularly in live response and remote forensic assessments. Several vendors will aggressively ship network forensic systems in 2008 with increased tie-ins to other existing products, like SIMs, firewalls, IPS, and the like.

  5. Expect talk of an "IPv6 gap," especially with respect to China. Leading up to the start of the Olympic Games in China in 2008, I am sure we will here a lot about IPv6. I mentioned this last year. Talk of an "IPv6 gap" will build upon a perceived "space gap" as China pursues its vision to put men on the moon by 2020. You will hear people say we need IPv6 because it is "inherently secure" or something similar. The China hacking stories of a few months ago embedded themselves in the IT consciousness, and that will be a continuing theme. I'm not sure if any of this will result in IPv6 being effectively deployed in 2008, 2009, or even 2010 in the US.


A year from now I'll see how these trends played out in 2008 and report back.

3 comments:

Isam said...

A few thoughts.

Points 1. and 2.:
They may get involved but for sure not for the benefit of private sector AND they will want something in return :]

As far as 3. I don't think that we put enough focus on insider threats nowadays. Corporate should for sure focus on outside threats since they are usually insider-threat-aware. SMB sector on the other hand has usually no idea about insider threats.

rent a car said...

very nice

Brian Dykstra said...

Richard, in respect to comment #2. We've conducted incident response at three different corporate sites this year that were all clued into their problem by a government agency.

I can't think of a worse way for a CIO or CSO to find out that they have been compromised but it does get their attention.

I like the trend and the cooperation has been good so far. I hope that it continues in 2008.