Discussion Questions: “The difficulty in predicting the future is that the outcomes are unreliable, due to the occurrence of wild-card events that distort the relatively well-understand trends for the near to mid-future.” Offer an example of such a “wild-card” event and some ways in which the security professional might address it in an effective manner. Regarding the need for the security industry as a whole to maintain the professionalism and competencies needed to address emerging threats and hazards, what do you feel are its primary areas of weakness and what proposals could you offer to address them?
The Future of the Security
When considering what awaits the security profession in the years to come and those that will operate within it, developments and forecasts related to security science will in large part be impacted by what has occurred in the past and in present day. What might occur, what is most plausible and feasible given current and expected occurrences, and what has proven to be effective (or not) will all need to be considered in determining those issues that will remain relevant or change. So predicting the future (not in the form of Nostradamus or similar prophets) as it relates to security is a technique that considers probable or desirable outcomes in the face of known or anticipated risks. So given this backdrop, where is security heading?
As long as there are structures that people operate within and house various assets, there will continue to be a need to offer needed protection related to them. All of the topics discussed in this course related to walls, fencing, sensors, alarm systems, guards, locks, and other such issues will be needed in some form or fashion. Whether through manual or technological means, these will remain a constant for the security administrator in providing appropriate defensive measures for the material, tangible assets they oversee. Concerning technology, the same trend will continue in serving as a needed aid in providing security moving forward. Mobile devices of various types, functions, capabilities, and their ability to access data, the ever-increasing use of robotics and the functions they can carry out, sensors that will be able to gain more intelligence regarding detection, and high frequency security cameras that will have the capability to verify the chemical compound of an object at a distance are just some of the many technical innovations on the horizon. Yet, just as technology has taken on a greater role in providing these efforts, so too does technology represent ever-increasing concerns to the security manager.
As society becomes connected on an ever-increasing basis, attention must be directed towards what implications this environment has related to not only security, but related privacy concerns as well. In Future Scenarios and Challenges for Security and Privacy (2016, Williams, Axon, Nurse, & Creese), the researchers took a very methodical approach in considering some 30 predictions obtained from a variety of organizations and disciplines; consolidating them into ten defined scenarios. These scenarios took into consideration a range of not only technological possibilities that might occur over the next decade, but those that represented commercial and political ramifications as well. A brief overview will be provided regarding these various situations:
- Growth of the Internet-of-Things. The Internet-of-Things will permeate all aspects of daily life moving forward, making the lines between the physical and virtual worlds less defined. Unfortunately, this only lends itself to increased online risks and related threats and attacks.
- Proliferation of offensive tools. Although all public or private sector entities will not find themselves targeted by nation-states or other forms of government, the capabilities represented by a variety of simple attack tools can place individuals and organizations alike under the pervasive risk of identity theft.
- Privacy becomes reinterpreted. As it is with many issues, the overall concept of privacy can be viewed and defined differently. Nowhere is this more evident than in those labeled as “digital natives,” individuals who have been raised in an age of unfettered Internet access and increased use (and dependence) of social networking. Although the development and use of these platforms has become commonplace and offer a host of benefits, they can be seen as invasive and present a number of risks and concerns regarding confidentiality.
- Repressive enforcement of online order. Issues related to free speech have and will continue to have an impact on security; where liberal versus what might be seen as repressive approaches regarding online activity are taken. Issues regarding surveillance, censorship, and regulations not only have the potential to impact attacks that are carried out in the cyber operating environment, but could inadvertently affect commerce and free enterprise as well.
- Heterogeneity of state postures. An environment made up of dissimilar or diverse elements can certainly be a positive in many ways. However, when there is a great disparity in how Personally Identifiable Information (PII) is defined, cooperation over cyber norms could be negatively impacted. This would generally be seen at the uppermost levels where certain governments may decline to prosecute their cyber criminals; where working relationships would no doubt be impacted. However, even in corporate America, this could be seen as well to varying degrees.
- Traditional business models under pressure. Each and every day, it seems that the landscape the overall business community, associated operating frameworks, and issues related to intellectual property are all impacted by not only competitors, but those that would wish to do them harm through nefarious means. Although financial capital, ingenuity, and innovation will remain in high demand, “the evolution of new business models would see individuals’ personal data become the most valuable commodity (2016, p. 3). As such data resides in global repositories on an ever increasing basis, associated security concerns will also increase.
- Big data enables greater control. There is really nothing new with manipulating data in order to produce a desired outcome (as can be in every election cycle related to polls), but the amount of data that will continue to be accessible moving forward will have a great impact on how an individual’s behavior might be managed by both corporations and government. Such analysis could be utilized to customize everything from advertisements to campaigns, but straying away from these types of activities must be viewed with suspicion and appropriately guarded against.
- Growth of public-private partnerships. It should come as no surprise that as the amount of information submitted, stored, and retrieved about individuals increase, that it would be shared between various entities as well. However, even though the sharing of data between those within the public and private sectors can offer a number of advantages, the risk of confidentiality being violated as the spectrum of these partnerships increase as well.
- Citizens demand greater control. The demand for transparency has become commonplace in our world today, especially as it relates to those who hold elected office. Yet the same demands and expectations by members of the public regarding personal data held online will require appropriate approaches and policies.
- Organizations value cyber-resilience. As more activities are carried out within the virtual environment, it becomes increasingly important for organizations to be resilient in the face of attacks on it. These can come as a result activities carried out by external perpetrators, but insider threats but also be considered. Also, those known as “Advanced Persistent Threats” can especially wreak havoc and must be guarded against. This is where an attack is carried out on an entire network by unauthorized personnel and remains there undetected for a long period of time.
After offering insight regarding each of these issues, the researchers turned their attention to what challenges await professionals in regards to both security and privacy in light of current practices. It was noted that a number of gaps can be found in existing guidelines; those that will prove insufficient in addressing the level to which technology permeates daily life. At its core, a fundamental understanding of online presence and protection of it is needed at the individual level. Likewise, organizations and the documents that have been developed to offer needed guidance would appear to fall short in relation to many of these issues noted. For instance, current recommendations do offer protection against certain risks as long as applicable devices are identified, inventoried, and monitored. Yet as it relates to the Internet-of-Things, it is expected that many of these devices will be personally owned; incorporated as part of their clothing or implanted. Therefore, accounting for each of them would simply not be feasible. So much work needs to be done in the areas of research and development, education and training, and the accompanying policies and guidance needed to enact and govern appropriate security measures.
Code of Ethics. (n.d.) ASIS International. Retrieved from https://admin.asisonline.org/About-ASIS/Pages/Code-of-Ethics.aspx
Borodzicz, E. P., & Gibson, S. D. (2006). Corporate security education: Towards meeting the challenge. Security Journal, 19(3), 180-195.
Griffith, M., Brooks, D.J., & Corkill, L. (2010). Defining the security professional: Definition through a body of knowledge. Paper presented at the Proceedings of the 3rd Australian Security and Intelligence Conference, Perth, Western Australia. Retrieved from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1004&context=asi
Securing Our Future: Cybersecurity and the Millennial Workforce. (2017). Raytheon. Retrieved from https://www.raytheon.com/sites/default/files/2017-12/2017_cyber_report_rev1.pdf
Smith, C., & Brooks, D. J. (2012). Security science: The theory and practice of security. Burlington: Butterworth-Heinemann
Williams, M., Axon, L. Nurse, J. & Creese, S. (2016). Future scenarios and challenges for security and privacy. Department of Computer Science, University of Oxford. Retrieved from https://www.cs.ox.ac.uk/files/8337/2016-rtsi-wanc.pdf
Zorz, M. (2015). Do ethics get in the way of security professionals? Help Net Security. Retrieved from https://www.helpnetsecurity.com/2015/05/13/do-ethics-get-in-the-way-of-security-professionals/