Eight ITSec (in)predictions for '08
In no particular order:
- Mobile malware will be responsible for toll call fraud. Somebody, somewhere, is working on a mobile network botnet infrastructure to disrupt services. Somebody else, who owns the building the first somebody pays rent to live in, is working on a mobile network botnet to accommodate organized crime telephone fraud.
- The end of the ITSec independents. We'll see the end of the smaller shops as they're absorbed into larger companies, private management firms, and other shops that have many more lawyers, proposal writers, and Government contacts for contracts. Either that or In-Q-Tel will expand their operations significantly to make sure some of the smaller innovators get the appropriate guidance without getting lost in the mix of old timers. Remember 2006? I think 2008 will be at least twice as big as companies start seeing new regulations and cyber panics squeeze out from under the doors of Industry and Government.
- The 'Great Firewall of New Hampshire' goes online. While I doubt New Hampshire, being the Free State and all, will be the first but I expect State legislatures to start going down the naive road of more ISP filtering and monitoring. This will lead to a lot of other genius initiatives like State control over IDS, DRM, QoS, etc. Actually, I'm being naive, this will almost certainly come down from the Federal level first. And, mark my words, part of the justification will be to defend against foreign adversaries whose networks are more closed to us therefore to protect ourselves we need to close our networks. Sound familiar?
- Power usage will become a competitive factor. Expect to see vendors start advertising their battery friendliness, low overhead, small footprint, and operating costs including power usage. Some already do but I think 2008, with continued pressure in the Energy sector, will cause most customers to seriously look at all computer asset overhead. An AV that uses 10% less power will get scored higher in corporate reviews. Don't ask me how they'll prove it but you know they will.
*pause*
- Data-at-rest encryption will become the norm but not in a good way. As more encryption is used you can be assured of two things: 1) that there will be more data loss and outages due to poor implementation and management and that 2) the commoditization of encryption into baseline OS features will provide further false sense of security to those people who already think that patching the OS is enough for a comprehensive security posture.
- Major media outlets will roll out ITSec 'reality' shows. In the dark corners of some writer's strike coffee shop there is a group trying to figure out how to get 'the Google Hacking guy', 'that red pill Chick', and 'some guy named Mudd or Fudge' into the same house where people stop being polite and start, err, umm, yeah.
- The RIAA and/or MPAA will go after a close relative of a Government official. And the reason this is an ITSec prediction is because the media coverage will be all about P2P, tunneling, firewalls, and oohs and aahs because this poor soul setup eJackAss or something like that.
- ITSec intelligence firms will come under serious Government scrutiny. I'm not talking about the public 3Com/TippingPoint/China debacle either. I believe you'll see divisions like TippingPoint and iDefense in some lawsuits not unlike the lawsuits against gun manufacturers and distributors. And this will create unnecessary noise at the Federal level with plenty of FUD. All the while other less targetable organizations like the RBN will go unmentioned.
Pardon my cynicism, selective linking, and poor grammar but I've seen too much. The rest of my predictions aren't fit for font. Cheers, -Ali
Comments