With the exponential growth of the information economy since the 1990s, cyber-security has become a top priority for governments and industry world-wide. Corr Analytics predicts increasing cybersecurity risks from 2020 to 2025. While cyber-security measures continue to evolve positively, cyberthreats from crime, terrorism, militarization, espionage, and censorship are co-evolving in a strategic competition. Conflict over cybersecurity will increase between the West, and criminals and states from which cyber-threats emanate, including China, Russia, Iran, North Korea, and criminal or terrorist actors in India, Pakistan, Brazil, and Argentina. Increasing technical sophistication and vulnerabilities in critical infrastructure, military systems, industrial control systems, the internet of things (IoT), machine-to-machine (M2M) communications, and mobile platforms will increase opportunities for states, criminals, and thrill-seekers to discover zero-day vulnerabilities and benefit from cyber tactics. Individualized encryption and the use of crypto-currencies such as bitcoin will continue to facilitate anonymous crime and terrorism, and thereby complicate the cyber-security landscape in the 2020s.
Secure backdoors for legitimate governance and additional regulation of crypto-currencies is necessary. The lack of cyber-security budgets has created labor market shortages in cyber-security, leaving most small countries and mid-sized companies lagging well behind a growing army of cyber-criminals. As cyber-security budgets increase in 2016, so will the incentives to enter the cyber-field. As cyber-security hiring often comes from hackers, hacking conferences, and even cyber-criminal communities, increased budgets are a double-edged sword that may also provide a pull-factor for new hackers.
Protecting governments and economies from these threats will require increasing the treatment of cybersecurity as a public good, increasing cyber-security budgets in a smart manner, and strong public-private partnerships for provisioning codes of conduct, mandatory information sharing, law enforcement, defense, industrial control system (ICS) security, and non-subsidized cyberinsurance. International agreements on cyber-security will be necessary to properly incentivize countries to prosecute cyber-criminals within their borders, and disincentivize their own use of cyber-tactics for war and espionage.
For responsible governance, sometimes the best defense is a good offense – governments need to increase efforts to find, fix, and finish malign state actors, cyber-criminals and terrorists in order to decrease the costs of often ineffective cyber-defenses. Voluntary codes of ethics and privacy technologies will be necessary to discourage slander and the invasion of privacy by hackers and governments, and encourage responsible use of the internet by citizens.
Boston Global Forum, a leading Harvard-linked think tank promoting peace, security and privacy, contracted with Corr Analytics in 2016 to provide cyber-security research and analysis.