About Me

Bay Area, CA, United States
I'm a computer security professional, most interested in cybercrime and computer forensics. I'm also on Twitter @bond_alexander All opinions are my own unless explicitly stated.

Tuesday, March 22, 2011

Future trends in computer security

These are exciting and fascinating times we live in, particularly for computer security. There's so much change going on that frequently it can be difficult to keep track of what's going on and what's coming before it hits you in the face. I rely on a wide selection of blogs (see the sidebar) to keep me informed of current trends.

Frequently I find the same "hot topic" being discussed simultaneously by a wide range of sources, rehashing the same limited information (e.g., Stuxnet or HBGary). Once in a while, though, I find a little nugget of information that startles me and really makes me wonder why no one else has noticed it.

Strategic Studies Quarterly is not normally in my reading list, but the spring issue is devoted in large part to cyberwar. As you know from my blog, normally I'm skeptical about claims of cyberwar, but this is the military's view of cyberwar instead of reporters or politicians, so I think it's worth reading. Some of the articles are more interesting than others, of course. For example, I think the article Rise of a Cybered[sic] Westphalian Age is fundamentally impractical due to the rapidly changing nature of malicious code. On the other hand, the feature article An Air Force Strategic Vision for 2020-2030 has some very interesting revelations for the computer security field.

In particular, they are very interested in integrating "cyber operations" (hacking) into their battle plans as a component of warfare. For example, this quote from page 12:
Fourth, offensive and defensive cyber capabilities must be fused into air and space platforms. By 2030 cyber capabilities may become the greatest power-projection tools in the Air Force arsenal, serving as both force multipliers and an Achilles’ heel.
Later in the article, the authors address some specific challenges for the US military in computer security, including a lack of trained personnel. However, I think the really interesting bit is here:

In the future, cyber will evolve into a weapon of preference, replacing many of the kinetic choices in today’s arsenal. The reduction in aircraft numbers and the ranges required for power projection, particularly in the Pacific, will drive cyberspace to the forefront of Air Force operations. Suppression of enemy air defenses and the ability to corrupt the software of an adversary’s aircraft will become a reality, not just science fiction.
At first glance, the idea of an Air Force aircraft that can hack targets seems like a futuristic daydream, but in actuality it's not as bizarre as one might think. Take a look at the WiFi Arial Surveillance Platform (WASP), a WiFi-hacking UAV that was built by a couple of enthusiasts in their garage. Take a look at it's capabilities:
the operator can "control the payload from anywhere in the world -- including mobile devices. It also allows for processor-intensive applications, such as WPA attacks and password cracking, to be offloaded securely in real-time to a remote computing powerhouse utilizing CUDA technology, for mind-blowing performance."
This is just a WiFi penetrator, but the possibilities of what Boeing or Lockheed could do with their gigantic budgets is mind-boggling. Fortunately, we don't have to imagine what it might look like. It's already here in the Next Generation Jammer (found via Wired.com)

For military targets, the hacker of tomorrow could be an F/A-18 Growler.

(Public domain Growler image obtained from Wikipedia)

The Aviation Week article is obviously short on details, but if air defense systems use wireless connections to launch their missiles then they would obviously be vulnerable to disruption. There's some evidence that this has actually been done in combat by Israel as early as 2007. More details on Israel's airstrike on Syria can be found here.

This doesn't mean much for civilian computer security folks yet (except for defense contractors), but military technology has a way of working its way down to other uses, such as law enforcement, corporate or criminal. We'll have to wait and see what the future brings, and in the meantime it's simply amazing to know it's possible and actually being done.

1 comment:

  1. Wow, it's really interesting to see the direction cyber is going in, and may be going into, in the future. o_0