Adversaries have a long game. As the severity of the 2020 security compromises are still unfolding let’s fix our eyes on our long game. Taking a look back on our predictions from 2009 when we authored Security 2020: Reduce Security Risks This Decade published in 2010, we got a lot of it right. If you get input from 53 industry experts, you can make some solid predictions, and here are just a few of the scenarios we anticipated. (See Chapter 9: Eleven (maybe Not So Crazy) Scenarios that Could Happen:
#1 Which Way Do I Go? The GPS system for the world is taken down or manipulated. Although there have been some glitches, I would admit this one is still yet to happen but would argue the impact and reality of this happening remains a future threat that is very high.
#2 Is the Network Down? And #3 Snip the Lines. We identify the real risk of taking out physical assets in the world, specifically datacenters, cloud concentration points, and network assets. The impact of the bombing in Nashville, sadly, shows some of this fragility. Now imagine a few critical locations in the United States such as New York, Arizona, and Virginia, being taken offline and our internet and communicates lifeline to it, drastically impacted.
#4 The Pandemic. Unfortunately, we got this big one right. This is a scenario where a pandemic is initially spread through air travel through the US and the world. At the time we were referencing H1N1 and how remote work for technology and certain jobs might flourish but others where remote work isn’t practical would have a disastrous impact to the social fabric and global economy.
#5 Cyber-Hijacking, Blackmail, and Ransom. We referenced examples of using Ransomware in medical environments and how its not only a hack as a monetary tool, but eventually can be used to effect human life as we saw in Germany this year through the supply chain manipulations.
#6 The Facebook Killer. We explored a scenario of using Facebook to coverup a murder and leveraging social media make friends believe the victim is still alive for a period of time due to the social media postings. While we have seen reports of people dying prematurely, we haven’t seen this happen directly, though there certainly has been many account takeovers and of course social misrepresentation.
#7 Is it Getting Hot? In this scenario we cover the risk of Solar Flares to the electrical and electronic infrastructure of the world, and we are extremely lucky this hasn’t happened, yet. NASA and other universities, published a seminal study of the storm in the December 2013 issue of the journal Space Weather. Their paper, entitled A Major Solar Eruptive Event in July 2012, describes how a powerful coronal mass ejection (CME) tore through Earth orbit on July 23, 2012. Fortunately, Earth wasn’t there. Instead, the storm cloud hit the STEREO-A spacecraft. “I have come away from our recent studies more convinced than ever that Earth and its inhabitants were incredibly fortunate that the 2012 eruption happened when it did,” says Daniel Baker, Colorado University. “If the eruption had occurred only one week earlier, Earth would have been in the line of fire.
#8 Which Way is Up? There were many reports in 2020 that the North Pole has been shifting towards Russia, moving slowly like this is the best scenario. Let’s just skip the idea of an abrupt ‘swap’ and just hope it never comes true. If you’re a worrier, never research the frequency of a POLAR SHIFT and how past due we are for one.
#9 Cyber-Hypothermia, Cyber-Heat-Stroke, Utility Terrorism. We know the power and utilities sectors have been targeted and compromised around the world. In this scenario, attackers align their execution of an attack on an OT infrastructure in line with actual physical weather events, thus, creating a multiplier effect in their targeted areas or even limiting response to a physical intervention with a major situation like a nuclear power plant.
#10 The Pundit Hack. Well, I’ll stay out of politics here, but the scenario is influencing opinion and outcomes by manipulating press, news, or social media. Specifically by also representing influences with false messaging to get a desired outcome. I’ll just leave it at that.
Like #10, #11 Stock Manipulation is leveraging social media and other variables in cyber to impact the price of a stock and then through buy/sell or shorts/puts taking financial gains.
So we forecasted with a good degree of accuracy in 2010 what would happen by 2020, what do you think the next 10 years will look like?
Take a look at the Pondurance 2021 predictions for what we expect to see in the year to come.