United Kingdom-based cybercrime expert and professor Victoria Baines recently addressed attendees of the M3AAWG 55th member meeting (summary of meeting sessions here: https://www.m3aawg.org/blog/m3aawg-meeting-sessions-tackle-variety-of-security-topics) in London. A video also is available here, https://www.m3aawg.org/keynote-videos.
Baines, who has a wide-ranging background including various professorial and research roles, consulting on abuse and cybercrime for non-profit and law enforcement organizations and developing trust and safety policies for Facebook, noted there always will be people who want to harm others using the technology available to them.
She also noted how difficult it is to make predictions about the future, which in turn makes planning and mitigation for cybercrime and cybersecurity continually challenging. The Europol Project 2020 (https://www.un.org/disarmament/wp-content/uploads/2019/12/icspa-project-2020-scenarios-for-the-future-of-cybercrime.pdf), an initiative of the International Cyber Security Protection Alliance (ICSPA), was created in 2012 to anticipate the future of cybercrime and help enable governments, businesses and individuals prepare for upcoming challenges.
Baines explained that the effort, while not predictions, provided descriptions of potential future cybercrime impacts – based on evaluating the current environment, research and open source info and real-life narratives. Baines noted “…there is no excuse for failing to prepare…”.The group created a number of scenarios and narratives based on the information gathered, covering economic, civic and technology aspects.
Project 2020 participants found that 84 percent of cybercrimes anticipated by Project 2020 actually manifested. The group has since started Project 2030 ( https://2020.trendmicro.com/wp-content/uploads/2020/10/Project-2020-in-Review-1.pdf) – a similar effort to gather information from the many patent filings, research reports and other open sources to determine what new threats are emerging, how they can be used and how the security community can identify, understand and help mitigate them.
Of course, this new effort is taking AI, the Internet of Things, AR, VR, 3D and 4D printing and other technologies into account, joined by blockchain, quantum cryptography, gene editing, robotics, nanotechnology and 5G/6G.
With data sources and technologies identified, the Project 2030 team then developed again a series of narratives around a future community as how it uses and is impacted by this mix of technologies and threats. Identified threats recognized include interception of data and data exposure, extortion, denial of service, influence operations and similar misuses. More on scenarios for Project 2030 can be found here: https://resources.trendmicro.com/rs/945-CXD-062/images/WP01_Project%202030_White%20Paper_210505US_Web.pdf?_ga=2.242557762.1388765527.1654412041-1297095070.1616938859.
Baines wrapped up her talk noting that cybersecurity, not surprising, continues to evolve. Changes to business models, the definitions of trust, truth and authenticity, gaps in regulation and moral and ethical issues will impact how practitioners operate -and how consumers, businesses and governments are impacted by cybersecurity.
More info on the October 2022 56th general meeting and how to submit session ideas (deadline August 3, 2022) is here: https://www.m3aawg.org/upcoming-meetings. M3AAWG also is seeking nominations until August 9, 2022 for its J.D. Falk Award for meritorious work to protect the Internet, https://www.m3aawg.org/events/jd-falk-award.