This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
I think you're right; at a meta-level, the problems are going to stay the same. What's shocking and disappointing to me is that our responses to those problems also remain the same, in spite of the obvious fact that they aren't effective. It's 2007 and we haven't seemed to accept that:
You missed one important aspect of the problem: By 2017, computers will be even more important to our lives, economies and infrastructure.
If you're right that crime remains
| a constant, and I'm right that our responses to computer security remain ineffective, 2017 is going to be a lot less fun than 2007 was.
I've been pretty dismissive of the concepts of cyberwar and cyberterror. That dismissal was mostly motivated by my observation that the patchworked and kludgy nature of most computer systems acts as a form of defense in its own right, and that real-world attacks remain more cost-effective and practical for terror purposes.
I'd like to officially modify my position somewhat: I believe it's increasingly likely that we'll suffer catastrophic failures in critical infrastructure systems by 2017. It probably won't be terrorists that do it, though. More likely, we'll suffer some kind of horrible outage because a critical system was connected to a non-critical system that was connected to the Internet so someone could get to MySpace--and that ancillary system gets a piece of malware. Or it'll be some incomprehensibly complex software, layered with Band-Aids and patches, that topples over when some "merely curious" hacker pushes the wrong e-button. We've got some bad-looking trend lines; all the indicators point toward a system that is more complex, less well-understood and more interdependent. With infrastructure like that, who needs enemies?
You're worried criminals will continue to penetrate into cyberspace, and I'm worried complexity, poor design and mismanagement will be there to meet them.
This was first published in January 2008