The past year pretty much proved my theory that predicting the future is easy. The hard part is getting it right. The events of 2016 have soured my sunny disposition, and so from an “overabundance of caution” (the stock excuse for excess timidity) I am playing it safe in my predictions for 2017 by saying I’m pretty sure things are going to be worse.
So gird your loins and read on. Here are a few of the areas that I think will be giving us pain in the coming year.
The Internet of Dangerous Things
This was the year we saw the Internet of Things turned against us for the delivery of Distributed Denial of Service Attacks. Attackers proved that it is feasible to compromise unmanaged and unsecured devices on a massive scale, and I don’t expect they will turn back now.
My TWB colleague John Breeden predicted in Nextgov that this threat will force Congress to put legal safeguards in place to tame the IoT. Much as I respect John’s expertise, I don’t agree. First of all, I’m not convinced the new Congress will be any more effective than recent ones. Secondly, effective and enforceable security standards for such a broad range of technologies would be extremely complex and difficult to craft. We might see some progress for automobiles, voting systems and other critical infrastructure, but the vast majority of connected devices will continue to be developed with a focus on functionality rather than security.
None of this addresses IoT devices already deployed. Unlike laptops, tablets and smartphones, which get updated every year or so, much of the IoT is intended to remain in place for many years. Many devices are not easily upgradable. This means that even if every device added to the IoT going forward is perfectly secure, there remains a huge installed base of vulnerable devices for hackers to play with. And they will play with them.
Ransomware
Ransomware is really interesting and really dangerous. It’s interesting because it is a simple model for making money directly from victims, leveraging digital currency and payment systems. It is dangerous because it works.
The problem with ransomware for criminals is that it is a one-to-one transaction. The attacker encrypts the victim’s data, the victim pays to get a decryption key. Crooks want to make as much money as possible, so they are going to focus on targeting high-value victims that can provide a large return rather than operating at a retail scale to get a modest return from many small victims.
Expect to see ransomware campaigns become more sophisticated and targeted. Unfortunately, this doesn’t mean that we small fish will be let off the hook. Crooks will also take what they can get.
The Misinformation Age
2016 showed just how effective data can be as a weapon, and we can expect to see its continued use.
This is not new, of course. Propaganda has been around for millennia. But it has become so easy to access, manipulate and disseminate digital information that it is much more powerful today. Misinformation comes in two flavors. Fake news is made of whole cloth and based on nothing. Although it can spread quickly via social media, fake news is more of a human weakness than a technology problem—too many people are just dumb enough to believe it. The second flavor is real data that can be manipulated and distributed without context. This includes hacked and leaked information, and this is a technology problem.
Data must be secured and its integrity assured if we do not want the Information Age to devolve into the Misinformation Age.
Distracted Driving
I was horrified to see the recent announcement that “Volvo Cars adds Microsoft’s Skype for Business to its 90 series cars.” As if there are not already enough driver distractions in cars.
I’m sure the folks who put these “features” in cars would argue that with new sensors and self-driving technology, driver distraction is not a problem. But it is. Development of self-driving cars is progressing at a great pace, but they are a far from perfect and distractions are growing at an even faster pace. Drivers are being lulled into a false sense of security by features such as the misnamed “autopilot” that do not remove the necessity for a driver to pay attention. I am a fan of self-driving autos. But until they really arrive, I want to see drivers with their hands on the wheel, eyes on the road, and minds on driving.
Volvo heralds its innovation as “a new era for in-car productivity.” But unless you have a chauffeur, in-car productivity consists only of getting from point A to point B without hurting yourself or others.