2019: ?G?r?e?a?t? Grim Expectations

As it was fairly quiet over Xmas, some 2019 Security Thoughts that I jotted down. Normally I keep these to myself, but where’s the fun in that?

Quantum Computing will continue to have exactly the same impact as it did last year, ie absolutely none.

Prepare Now For 2038: It sounds like a long way off, but this month we reach a mere 19 years to the 32-bit Unix Clock Rollover (03:14:07 UTC on Tuesday, 19th January 2038). If you are building systems now in, say, Public Cloud, it would be a good idea to specify 64-bit archtecture all round because some of these systems are likely to still be around by 2038, and you don't want your systems to suddenly think it's 13th December 1901.

Crypto: No major new crypto algorithm breaks will become public. Plenty of code, key handling, and procedural errors will result in specific crypto failures though. Plus ?a change, plus c'est la même chose….

Blockchain: Greater understanding of blockchain technology and its appropriateness to various solutions should result in the collapse of the market for blockchain solutions by end of 2019.

Crypto Mining: the cost/benefit ratio will mostly kill off attempts to steal compute power for mining, except maybe for one or two companies who fail either to protect or to monitor their Public Cloud usage who will find that they have rather large bills. In many cases, these organisations will be alerted by the Cloud Provider, since the major players are now monitoring for anomalous usage patterns.

Targeted Phishing Attacks: will become more numerous. Mass untargeted attacks have a poor return rate and are increasingly filtered out by automated systems pooling detections across communities.

NCSC now recommends that commercial (not just government) organisations should use transformation of data via simple formats to defeat malicious content. No one will actually do this though, because even in government organisations this is not done at the OFFICIAL tier, and not often even at higher tiers (SECRET/TOP SECRET). But if you want to break ranks and actually try it out you could do worse than try Deep Secure[0]; simple formats work - they keep complex threats at bay.

Cloud Threats: an unexpected cloud threat will catch some organisations unawares; the inability to restrict many SaaS offerings to specific sources on a per-customer basis means that systems and data previously accessible only by using corporately owned & managed devices can unexpectedly be accessed, with the user’s credentials, from any device on the Internet. This opens up extensive new risks to the confidentiality and integrity of corporate data. Note that there are some SSO solutions which can be used to reduce or even eliminate this risk.

Brexit: the problems around this will be resolved through Quantum Computing Blockchain Public Cloud Crypto Mining Freight RORORO[1] Ferry Take-Away Delivery processes[2]. Simples!

We can check against these at the end of December to see how outrageously wrong I will have been[3]…..

Footnotes

[0] Talk to a former colleague of mine, Paul Rutland

[1] Roll-On Roll-Off (Clock-)Roll-Over

[2] Or a fresh referendum. Actually, that would make a lot more sense. Wait.. sense? What I am thinking.

[3] Tenses are not up to this task. Consult HHGTTG for details.