« Oddly Normal: 2010 In Review | Main | How Does This Add Value? »

2011: A Look Ahead

"The problem with the future is that it keeps turning into the present." (Hobbes)

This is not a prediction piece. In general, I think prediction tends to be rather silly. Instead, I'm hoping this will be an interesting read for you in terms of how I see the coming year. If you'll recall my version for 2010, I tend to be a bit more tongue-in-cheek than most on this topic, and this piece may be no different, though my tone in retrospect seems more serious than intended. ;)

As per usual, we will continue to see big, splash incidents. However, it does seem like people are getting a wee bit smarter, even if only by the tiniest of measures. We should take heart in these improvements.

We have a reasonable path forward that we understand better today: survivability and legal defensibility. That said, we still don't fully grok these notions, and we certainly haven't internalized them. People and businesses need to accept that you cannot foresee and prevent all faults, and thus we must plan for them. We need to optimize detection and recovery while engineering-in a reasonable degree of resiliency.

"Cyber war" will continue to be debated as a definition and term of art, but we will definitely continue to see offensive operations online, and they're likely only to get more interesting. Stuxnet has been a fascinating study - far more so than Aurora - and I think it's inevitable that this will lead to new insights, assuming we can finally learn the full story behind it.

People are starting to realize that vendors can't save us from ourselves. Many of our problem stem directly from the disconnect between what people do and the results of those actions. Specifically, the "Human Paradox Gap" tells us that people not only don't understand the consequences of their actions, but they're also far-removed from the corresponding impact. We need to work harder to connect people to the impact of their choices so that they'll better understand why what they're doing is so bad.

In terms of corruption, particularly in government, I'm inclined to think that it will only continue to get worse. It seems very likely that we've already passed the tipping point where the monied are able to run things, elections be darned. What's the way out here? I'm not certain, and I don't know that it is anything positive. It strikes me that western civilization has a history of collapsing around these points. Hmmm...

It will be very interesting to see what the 2011 Congress ends up doing... the Tea Partiers allegedly want a return to be Constitutionally limited activities. Will that happen? Probably not. I think the real question is whether or not the central federal government will continue to grow, or if it will stay the same size, or maybe even shrink. There seems to continue to exist more than adequate institutional will to expand regulations, at least in some sectors. This will inevitably impact us individually.

We shouldn't expect a rapid economic recovery. It took a decade for the Great Depression to reach some sort of conclusion, which, oh, btw, happened to be in conjunction with WWII. Hmmm. Maybe this isn't a good point to raise, but I think it's something we must keep in the forefront of our minds. Corruption was rampant in Germany as power consolidated under the central government in the mid-to-late 1930s... be mindful of what's happening around you, folks.

Global climate change is a given. What's debatable is how much of an impact we are actually having, and what the result will eventually be. As noted in my last post, I strongly believe we're overdue for an ice age. If you're doing contingency planning, either for yourself or your business, have you taken this into consideration? Certainly, from a data center management perspective, an ice age could be interesting in terms of making air cooling more useful. At the same time, seeing how much trouble DC, NYC, and Philly have had dealing with heavy snows the past couple years, I have to wonder if we're ill-prepared for a long-term down-turn in temps. In the short-term, I imagine we'll continue to see increased precip and severe weather, like tornados in St. Louis in December.

Is privacy an illusion in the digital age? Maybe so. Need it be that way? Absolutely not. Unfortunately, we have two main problems. First, the paparazzi mentality of the average person (or American, anyway) seems to fuel a craving for invasion of privacy. It's time to grow up, people! Second, continued riding of the terrorism wave of FUD will only lead to more oppressive and invasive government. The TSA is looking at naked-equivalent pictures of people in airports with a technology that, by their own admission, would not stop attempted attacks from the last couple years. In the meantime, they choose not to do reasonably smart things like intensive screening/interrogation of all passengers. Corruption and bureaucracy win out over common sense every time, or so it seems.

It seems more evident now more than ever before that we are in a transitional period in history. I can't help but wonder if this transition really started in the 70s or 80s. What's clear is that the next few years/decades will see continued change on a relatively massive and rapid scale. The digital age is no less powerful than the industrial age in terms of transformative power. If memory serves, didn't the industrial revolution also included a high degree of government corruption?

At last we seem to be turning the corner on maturing risk management and data collection and analysis. It's hard to do measurements when you have no consistent units, and this is where our industry has been stuck. We're now improving our models and measurements, which can only be a good thing. Pay no attention to the nay-sayers as they simply don't understand or haven't adapted yet. I find it ironic that at least one leading opponent to risk management advocates risk management practices (using different terminology) and actually threw away measurements 30+ years ago because small-minded people couldn't grasp their importance. At the same time, I think it's safe to say that our understanding of social metrics is far better today than it was in the 60s and 70s.

Global instability seems likely to continue in 2011. Europe and the euro zone seem to be on a risky footing. The Middle East, Pakistan, Afghanistan, Iran... all seem like powder kegs with lit fuses. Venezuela seems to be getting shakier... and, let's not forget about the good ol' U-S-of-A... The ancient Chinese curse "may you live in interesting times" seems to be in full effect. My hope is that a path to peace and stability will become evident sooner than later, and that it won't include another world war.

Speaking of global concerns, the Red Tide is rising again, only this time it's China in the lead (though Russia is certainly there, too). What will 2011 bring? It's hard to tell. More than anything else, I really hope that China will help stabilize the Korean peninsula as I don't fancy a nuclear war in my lifetime (or, ever). Hopefully there will be less cyber conflict in 2011, but I can't help but wonder if the holders of many of our purse-strings is just waiting for the right time to give a yank and send us flying? We shall see.

On a personal note, my hope for 2011 is to hold down this job for the entire year (and beyond). I hope to have the opportunity to speak more, while doing a better job of selecting venues. I'm very concerned with adding real value, rather than contributing to the echo chamber. I'm convinced that I'm oftentimes addressing the wrong audience when I tout ideas. We'll have to see about doing a better job of that going forward.

Toward that end, I continue to wonder about how to revolutionize the security industry? What we're doing isn't general right or effective. Our mindset is typically all wrong. How do I help change that? How do I get business leaders to understand and act on the notion that their focus should be on survivability and not on the mythical "perfect prevention"? I'll be noodling this in the coming weeks and maybe, just maybe, I'll have a good idea before the year is out that will help achieve this goal. Or maybe not. Only time will tell!

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/1081

Post a comment

About

This page contains a single entry from the blog posted on January 5, 2011 3:29 PM.

The previous post in this blog was Oddly Normal: 2010 In Review .

The next post in this blog is How Does This Add Value? .

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.