How might individuals adapt to a world in which all online activity is assumed to be accessible by hackers? How could the proliferation of networked appliances, vehicles, and devices transform human society? What would be the consequences of powerful algorithms capable of predicting human behavior at a granular scale?
These are among the questions considered through “Cybersecurity Futures 2020,” a set of five scenarios released on April 28 by the Center for Long-Term Cybersecurity (CLTC), a research and collaboration center founded at UC Berkeley’s School of Information with a generous grant from the Hewlett Foundation.
The Cybersecurity Futures 2020 scenarios are intended to help identify emerging areas of interest for researchers at UC Berkeley and beyond. The scenarios were presented at the National Press Club, in Washington DC, during an event attended by an audience of roughly 120 guests, including members of the media, as well as invited representatives from government, industry, and other organizations.
Dr. Betsy Cooper, Executive Director of the CLTC, opened the event by welcoming the audience and providing an overview of the CLTC’s mission and activities. Professor Steve Weber, Faculty Director of the CLTC, then provided an overview of two of the scenarios. He stressed that these narratives are not meant to serve as predictions, but rather aim to challenge current assumptions and explore how emerging and unknown forces could intersect to shape the future of technology and security in important and unexpected ways.
“Cybersecurity is one of the fastest moving targets in today’s research and policy domains,” Weber explained in an interview. “We need to try to look ahead systematically, if we are going to have a chance of really protecting the core values we care about where human beings and digital technologies intersect.”
The opening presentation was followed by two panels, hosted respectively by Sara Sorcher, Deputy Editor, and Michael B. Farrell, Editor, from Christian Science Monitor‘s Passcode. The panels featured discussions with technology luminaries about issues raised in the scenarios, as well as other important challenges facing the cybersecurity community.
Speaking on the first panel, Jeff Moss, founder of the Black Hat and DEF CON security conferences, explained that he sees hackers as “white blood cells” who play a valuable role by exposing vulnerabilities in systems, but he warned that companies need to be more proactive in going after “bad actors” through legal means while also protecting themselves from major attacks. “Otherwise,” he said, “we’re in danger of government showing up and fixing that problem for us.”
Moss also advised Internet users to use more discretion in their online behavior to avoid being hacked. “An ounce of prevention is worth a pound of cure,” he said.
Ed Felten, Deputy Chief Technology Officer of the United States, acknowledged that companies and the government are “frustrated that the other party cannot solve the problem to a greater extent,” and he noted “we have to work together to make better progress against this problem.” He explained that government can play a unique role by serving as a “catalyst for improvement in the private sector” and supporting “sharing of information, education, and R&D.”
Felten also said that a key future challenge lies in ensuring the internet remains as free as possible on a global scale. “What kind of internet is going to exist around the world?” he asked. “Will it be built in a way that is a tool of excessive government control, or will it be built in a way that gives people space to communicate? It should be a goal of the United States to make sure the internet is a tool of freedom.”
On the second panel, Walter Parkes, an award-winning film producer whose credits include War Games and Minority Report, called for more clear and specific language to guide the conversation around cybersecurity. “I’ve written three movies about this, and I don’t know what cyberwar is,” Parkes said. “I don’t know who the real actors are. It operates at a level of abstraction that is very difficult…. We use terms like ‘cyber Pearl Harbor’ and ‘cyberbombs’. We’re grabbing onto metaphors that are not necessarily relevant to the task at hand because we have been unable to communicate in concrete ways what the real parameters of the threat are.”
Phyllis Schneck, the U.S. Department of Homeland Security’s chief cybersecurity official, commented that government agencies have been making greater efforts to collaborate with companies, but she suggested that many private-sector organizations do not do enough to protect their digital assets and stay “left of boom” to mitigate their risks. “We need our vaccines, but we also need our immune system,” Schneck said. “It gets back to basics like brush and floss: make a harder password or just change it…. If you own or operate a piece of critical piece of infrastructure, you are vulnerable. Understand how to look for things. There are simple things you can do.”
Nathaniel Fick, CEO of cybersecurity company Endgame, also emphasized the importance of continued collaboration among industry, academia, and government. “If we’re going to see [the internet] as one more instrument of national power, whose morality depends on how and why it’s being used, we have to talk about that,” he said. “There has to be an ecosystem… and it has to be normalized somehow.”
Betsy Cooper concluded the event by thanking the many people who developed the scenarios before announcing that the complete report was live and accessible online. “Scenario thinking has really encouraged us to stretch our imaginations and expectations about the future of cybersecurity,” Cooper said in an interview. “We hope the scenarios will do the same for others who engage with them, and that they will inspire others to begin to prepare now for those possible futures.”
The full Cybersecurity Futures 2020 report can now be accessed online at https://cltc.berkeley.edu/scenarios, or you can download the report as a PDF here. To accompany the release, an article about the scenarios, written by Cooper and Weber, was published by The Conversation.
A video of the presentation can be seen below.