- Expect greater government involvement in assessing the security of private sector networks. I wasn't inventing this a year ago, and I'm not inventing it now. I'm extrapolating from a trend line. My post Letters You Will Need to Know: 201 CMR 17.00 is just the latest example of increasingly aggressive government involvement in private sector security matters.
- Expect to start learning about IPv6, or be confused quickly. 2009 is not the year of IPv6, but we're getting there. The US Department of Defense is already grappling with IPv6, despite the compliance charade of mid-2008. Wider adoption of Microsoft Vista and its tunnel mechanisms, along with IPv6-active consumer devices, are driving IPv6 in one form or the other into our lives.
- Expect at least one cloud security incident to affect something you value. This is not the great Cloud Security blog, but I know many of us are already depending on cloud services. In 2007 and 2008 we started suffering denial when services suffered problems of availability. Next will be disclosure and then degradation. For more on these terms read First They Came for Bandwidth...
- Expect network security to matter again. I may be a little late on this one, given problems we had with DNS, BGP, and even SSL in 2008. I think these sorts of problems demonstrate that there's lots of vulnerability left outside the platform, operating system, and applications. As IPv6 becomes more important this one is going to the top of the list, probably in 2010.
- Expect to buy fewer "new" security products. We need to get back to basics by answering the sorts of questions that appeared in my post Marcus Ranum on Network Security. In tough economic times, managers are not going to spend on new equipment if they still don't know what the stuff you just bought does. Spend more time on consolidation and specialization and less time on looking for the next security silver bullet.
Good luck in 2009 everyone. It's going to be a good year -- "fine in '09"!
Richard Bejtlich is teaching new classes in DC and Europe in 2009. Register by 1 Jan and 1 Feb, respectively, for the best rates.