The Center for Long-Term Cybersecurity’s recently released scenarios for the future of cybersecurity have started to ripple through the public discourse.
In his story, Who Will Own Your Data If the Tech Bubble Bursts?, Kaveh Waddell writes in The Atlantic about the CLTC scenario called Bubble 2.0, which depicts how a widespread collapse of the internet economy could lead companies to sell off large troves of user data.
Of the five scenarios, Waddell writes, “this one is by far the most alarming…. It’s not just social-networking, online shopping, and other technology companies that have to plan for this eventuality. Just about every company holds user data now, in one form or another.”
Waddell points to indicators that this scenario could easily unfold, including a June 2015 New York Times analysis that detailed how 85 out of the top 100 websites in the U.S. have privacy policies that allow them to sell data they have collected about consumers. He also describes how, when RadioShack filed for bankruptcy in 2015, it put its customer data up for sale, ultimately leading the Federal Trade Commission to step in to block the transaction.
“In the event of a crash,” Waddell notes, “it’s unlikely the FTC would be able to keep up with the sheer number of previously overvalued data-rich companies offering themselves up for sale. If that’s the case, the post-bubble technology industry will take your data down with it as it slips beneath the waves.”
Read the entire article—along with a lively exchange of reader comments—on The Atlantic‘s website.
Meanwhile, CLTC Senior Fellow Jonathan Reiber published an op-ed in Today Online, a Singapore-based publication, that details some of the vulnerabilities that Singapore and other nations face in an increasingly digital world. “The technology that now runs our world, dense urban populations, and global interconnectedness make us more vulnerable to smaller-scale attacks—be it from planes that can be turned into missiles, or 1s and 0s that can be coded into malicious software,” he writes.
Reiber praises Singapore for taking steps to prepare for these threats—including developing its National Cyber Security Masterplan 2018, which “promises to enhance Singapore’s security monitoring and detection capabilities, and provide threat analysis and advisory services to companies.”
But he notes that organizations must do their own part, including by developing better cybersecurity strategies, training employees to use multifactor authentication and other best practices, and enlisting cybersecurity experts to help secure large IT systems.
In addition, Reiber writes, governments should be prepared to use all the tools at their disposal to battle hackers, including international indictments, economic sanctions, cyberspace operations to counter cyberattacks, and non-cyber military actions.
“Singapore has taken an important step forward by establishing its Cyber Security Agency and its new strategy,” Reiber writes. “Now it is time for implementation, and for companies to take the next steps in securing their assets.”
“Cybersecurity is a fast-morphing technology, meaning that making any assumptions about what will be needed six months from now is difficult at best,” Kassner writes. “Yet, a group of researchers at the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) are looking even further ahead to the year 2020.”
After providing an overview of scenario planning and the five CLTC scenarios, Kassner concludes that “the only thing for sure is that in four years cybersecurity will still be very much in play.”