John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys
It’s hard to believe 2016 is almost one for the record books. And what a year it was, seeming a lot like that old proverb that states, “may you live in interesting times.” Between the election, the internet of things attack, vehicle hacking, Windows 10’s big release, virtual reality going mainstream, advances in quantum computing, government threat data sharing, an artificial intelligence beating humans, the takeoff of drones and billions of compromised emails, you almost couldn’t get away from the next big story. Some of these items and events even forced people to became part of the story, whether they wanted to or not. Interesting times, indeed.
Sadly, I doubt 2017 will be much calmer, or less interesting. But I got two out of three predictions right for 2016, so if I am mostly correct again, at least you will know where the trouble is coming from next year. Here are my predictions for technology and government in 2017.
The Taming of IoT
This year, we learned the dangers of deploying massive amounts of unsecure technology as hackers compromised millions of baby monitors, refrigerators, thermostats, televisions and other so-called smart devices in the internet of things, and turned them against us.
Formed into a botnet called Mirai, the coordinated junk packets they unleashed created a massive denial of service attack that took down some of the biggest Internet sites on the planet for a while. More troubling, they also released the source code for the botnet, so theoretically, wannabe attackers can try and do the same thing.
Mirai showed us the dangers of IoT. In a way, it did us a favor attacking now instead of in a few years when 50 billion new IoT devices will come online. The smart thing to do would be for manufacturers to patch their existing devices and fix any new ones. And that is happening in limited numbers. Chinese electronics firm Xiongmai recalled all its webcams after learning they were part of the Mirai attacks as one example. But these self-policing efforts are a drop in the bucket.
The problem with expecting industry to fix IoT is there is almost no impetus or pressure to do so. Consumers who own compromised devices probably don’t even know it. Their thermostat may be sending pings through the internet to help bring down Twitter, but it’s still keeping their house warm at the same time. Parents went crazy when it was reported hackers could watch their babies and even tease them through unsecured webcam connections. But if those same webcams are part of Mirai, nobody would even know.
But the threat is real, and could even endanger the internet itself if allowed to continue to grow unchecked. That is why my prediction is that the federal government will act to secure IoT in 2017. Laws need to be put into place that require all new IoT devices have security and the ability to be patched against future threats. Perhaps penalties for noncompliance, like how Health Insurance Portability and Accountability Act is enforced, might be imposed on companies that don’t obey the new rules. My fear is, if we don’t do this one, everything else could be put in danger.
Securing Future Elections, or Not
To call the recent presidential election contentious is like saying the sun is lukewarm. But perhaps the most disturbing aspect of it was the prospect that foreign powers, or just plain hackers, could somehow steal or rig our election.
In my pre-election column, I wrote about how it would be nearly impossible for an outside source to hack a presidential election, though not for the reasons one might initially think. Because each election district came up with the technology they use on their own, detached from federal oversight, we ended up with thousands of different ways to vote in this country ranging from paper ballots to computers. Breaking undetected into enough systems to swing a vote would be challenging at best, perhaps a shade less than impossible.
And the government did take election security seriously, offering advice on how to make those disparate systems safe. The National Institute of Standards and Technology, working with the U.S. Election Assistance Commission, developed technical Voluntary Voting System Guidelines for that purpose. And Homeland Security Department's offer to monitor election security was taken up by 30 states.
Even so, not everyone believes their vote really counted. A recent survey conducted by Edelman Intelligence found only 56 percent of African-American voters felt the national results were adequately tabulated. The fact that many African-Americans had to vote in districts with aging voting technology probably had some influence. Of the general population, the confidence was much higher, at 81 percent, though still not high enough for so important an event.
So, you might think my prediction is that we will now finally see election technology reform. But you would be wrong. My prediction is: nothing will happen with this in 2017. Although it’s becoming clear Russia did try to influence our election, it was not done as a direct attack on any voting system—which would probably be considered close to an act of war. People have very short memories when it comes to elections. And the candidate who complained the loudest and most often that the system was vulnerable and rigged ended up winning. He’s hardly going to lead a charge now to try prove his victory was illegitimate.
We still do need election technology reform in this country. But we won’t get it next year.
The Endpoint is Near
No, I don’t think the world will end in 2017. I am talking about the shift in cybersecurity importance to protecting endpoints.
For years, everyone from the government to private companies have worried about protecting their core networks and data, and they would be foolish to abandon those defenses. But criminals will likely shift their tactics to attacking endpoints instead of making runs directly at the crown jewels.
Compromising an endpoint is frequently the easiest way to get into a network these days. Endpoints are often only guarded by standard anti-virus programs and weak passwords, and likely dispersed well outside of any security perimeter.
Even better for the attackers is the fact that untrained users can sometimes be tricked into giving them access through social engineering and phishing attacks. How much do you want to bet that the billion compromised Yahoo emails were specifically stolen, or at least will be heavily mined, as a springboard for that type of attack?
Almost everything is a powerful network client these days, from a notebook to a tablet to a smartphone, and many of them do their work well outside of a monitored environment. Compromising any one of those could grant access into a government network under the right circumstances. As such, 2017 will see the rise of robust endpoint security products, or else we are in for a very bad year.