This article can also be found in the Premium Editorial Download "Information Security magazine: Reflections on the impact of Sarbanes-Oxley."
Download it now to read this article plus other related content.
I think we've already suffered that kind of critical systems failure.
The August 2003 blackout that covered much of northeastern United States and Canada--50 million people--was caused by a software bug.
I don't disagree that things will continue to get worse. Complexity is the worst enemy of security, and the Internet--and the computers and processes connected to it--is getting more complex all the time. So things are getting worse, even though security technology is improving. One could say those critical insecurities are another emergent property of the 100x world of 2017.
Yes, IT systems will continue to become more critical to our infrastructure--banking, communications, utilities, defense, everything.
By 2017, the interconnections will be so critical that it will probably be cost-effective--and low-risk--for a terrorist organization to attack over the Internet. I also deride talk of cyberterror today, but I don't think I will in another 10 years.
While the trends of increased complexity and poor management don't look good, there is another trend that points to more security--but neither you nor I is going to like it. That trend is IT as a service.
| people and organizations won't be buying computers and connectivity the way they are
today. The world will be dominated by telcos, large ISPs and systems integration companies, and
computing will look a lot like a utility. Companies will be selling services, not products: email
services, application services, entertainment services. We're starting to see this trend today, and
it's going to take off in the next 10 years. Where this affects security is that by 2017, people
and organizations won't have a lot of control over their security. Everything will be handled at
the ISPs and in the backbone. The free-wheeling days of general-use PCs will be largely over. Think
of the iPhone model: You get what Apple decides to give you, and if you try to hack your phone,
they can disable it remotely. We techie geeks won't like it, but it's the future. The Internet is
all about commerce, and commerce won't survive any other way.
This was first published in January 2008