Crossroads Blog | Institute National Security and Counterterrorism

Uncategorized

The Year Ahead

Ok, I've decided to toss my hat in the ring and make a few cyber-predictions for 2012.  Keep me accountable if I'm off, because I'll boast if I'm right.  Below are my 5 cyber predictions for 2012.

1) There will be more cyberattacks in 2012 than there was in 2011.  I know, I really reached for that one.  There will obviously be an increase in cyberattacks for 2012.  Cyberattacks have become the norm, so it just makes sense that there will be more of them in 2012.  However, I do believe that the manner of reporting cyberattacks will represent a significant change.  New SEC regulations should prompt businesses to report cyberattacks in their routine filings.  The regulations aren't binding, but Con. Ed. already acknowledged the threat of cyberattack in one of its recent filings.  We still haven't seen a business disclose news of a cyberattack to investors.  However, that day is coming, and it will be interesting to see how investors react. 

2)  Congress will pass cybersecurity legislation, likely in a form similar to the PrECISE Act.  Another freebie, I know, but I'm stretching my legs.  Passage of some form of cybersecurity legislation seems almost a given.  In November and December, the concept of cybersecurity legislation had strong bi-partisan support.  The Chinese hacking of the Chamber of Commerce apparently gave lawmakers some incentive to pass legislation.  CISPA sped through committee, and is supposed to see a floor vote in mid-January.  Of course, there was slight disagreement in ideology; the Senate favored a regulatory approach, House Republicans favored an incentive-based approach.  There was also a split as to who had cybersecurity responsibility within the US.  CISPA would give that power to the NSA.  The PrECISE Act would give that power to DHS.  Both bills stressed threat-information sharing between the government and private sector.  I believe that the PrECISE Act (or legislation similar to it) will utimately prevail because many expressed privacy concerns over certain provisions during CISPA's markup.  Moreover, some may be uncomfortable with NSA holding cybersecurity responsibility within the US, and would prefer DHS.  Whatever the case, Congress will likely pass some form of cybersecurity legislation; it remains to be seen in what form.

3)  The Obama administration will confront the Chinese on their cyber-espionage.  Ok, now I'm getting a bit more risky.  It would seem that the Obama administration would eschew any type of confrontational approach with the Chinese.  The Obama administration has favored a non-confrontational approach in declining to label China as a currency manipulator and declining to sell jet-fighters to Taiwan.  However, there is a lot of momentum behind confronting the Chinese.  There are new reports everyday of Chinese cyber-espionage.  Lawmakers on both sides of the aisle are increasing the rhetoric on China (which is nothing new, but still significant).  Most importantly, President Obama is heading into election season.  Several Republican candidates (namely Mitt Romney) have turned up their rhetoric on China.  Granted, this is primary season, but some of that will carry over to the general election.  President Obama may decide to confront the Chinese in order to present a position of strength to the American voters.  I'm unsure as to what form that confrontation may take (likely diplomatic channels) or what effect it will have, but I do think that it will happen.

4)  We will see another cyberattack on the level of Stuxnet.  Now I'm starting to reach.  When I say another cyberattack on the level of Stuxnet, I mean a Stuxnet-like cyberattack that targets industrial control systems in some politically significant target.  I came to this conclusion because the emergence of Duqu means something.  Again, many cybersecurity experts have described Duqu as an information-collector virus.  Duqu snoops around industrial control facilities and collects information on how those facilities operate.  That information could then be used to custom-tailor a cyberattack to that facility.  Consequently, Kaspersky Labs noted that whoever is behind Duqu custom-tailors the virus to that specific facility.  Now, Duqu has been to a lot of places, but it recently visited the Iranians.  Also consider that Duqu somehow attempts to communicate with Stuxnet, and that three other viruses built off the same Stuxnet platform may be in existence.  Duqu may be shopping around for information that could be used to tailor a Stuxnet-like cyberattack.  To me, these indicators all point to a Stuxnet-like cyberattack in 2012.

5)  SOPA/PIPA will not pass, at least not in their current form.  Another cream-puff prediction to wrap things up.  The opposition to SOPA/PIPA has been ferocious.  Off the top of my head, the NYT, the LA Times, Google, Microsoft, Twitter, Facebook, Wikipedia, Craigslist, LinkedIn, Imgur, and nearly the entire Reddit online community opposes SOPA/PIPA.  SOPA has a markup session coming up in mid-January.  If the bill survives markup, I seriously doubt it will survive a full floor vote (at least in current form).  I imagine that PIPA will suffer a similar fate.

***

Just for comparison.

On Dec. 27th, 2011, Rachel King wrote for ZDNet on cybersecurity company McAfee's cyber predictions for 2012.  Here are a few of McAfee's predictions:

  • There will be an increase in targeted cyberattacks as opposed to general spam e-mails.  In this sense, cybercriminals will migrate from broad attempts at ensnaring computer users to targeted "phising" e-mails.
  • Hackers will increasingly target mobile devices.
  • Cyber-criminals will increasingly target utility systems and use that information to blackmail operators.
  • We'll see a proliferation in fake security certificates.
  • New hacktivist groups will be created.  Interestingly, McAfee feels that the hacker group Anonymous will either disband or reorganize in 2012. 

There are many more predictions, and more in-depth analysis.  The McAfee predicition report can be found here.

***

I also predict that you'll follow us @cyberlawblog

Leave a Reply

Bitnami