Cybersecurity is a fast-morphing technology, meaning that making any assumptions about what will be needed six months from now is difficult at best. Yet, a group of researchers at the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) are looking even further ahead to the year 2020.

In The Conversation commentary, It’s the Year 2020… how’s your cybersecurity?, two of the researchers — Steven Weber, professor of information and political science, and Betsy Cooper, executive director, CLTC — state the center’s models were formed using a process called “Scenario Planning.”

What is scenario planning?

Scenario planning or scenario thinking started in military intelligence circles as a way to create flexible long-term plans. “Scenario planning may involve aspects of systems thinking, specifically the recognition that many factors may combine in complex ways to create surprising futures,” according to Wikipedia. “The method also allows the inclusion of factors that are difficult to formalize, such as novel insights about the future, deep shifts in values, unprecedented regulations, or inventions.”

Royal Dutch Shell has had a scenario-planning program in place since 1965. “From the beginning, those engaged with Shell’s scenario practice maintained that scenarios are not predictions but can provide a deeper foundation of knowledge and self-awareness in approaching the future,” mention Angela Wilkinson and Roland Kupers, authors of Living in the Future, a Harvard Business Review commentary. “They also felt that the ‘official’ view of the future — the business-as-usual outlook — reflects an optimism bias and is based on the human tendency to see familiar patterns and be blind to the unexpected.”

The following are a few of the more interesting questions used to determine what kind of cybersecurity challenges can be expected in 2020.

  • How might individuals function in a world where going online will likely lead to their online and personal security being compromised?
  • How could the proliferation of networked appliances, vehicles, and devices transform what it means to have a “secure” society?
  • What would the consequences be of employing unimaginably powerful algorithms to predict individual human behavior?

SEE: Businesses beware: the ‘industrial internet of things’ is a prime target for cyberattacks

The CLTC’s five scenarios for 2020

Based on their findings, the CLTC research team came up with five scenarios for cybersecurity in 2020.

Scenario 1: The following bullets describe what the CLTC researchers speculate will be the new normal.

  • Internet users in 2020 assume their data will be stolen and their personal information broadcast.
  • Law enforcement struggles to keep pace as large-scale cyberattacks continue, with small-scale cyberattacks becoming commonplace.
  • Governments are hamstrung by a lack of clarity regarding jurisdiction in digital-crime cases.
  • Hackers prove adept at collaborating across geographies, while law enforcement agencies are not.
  • Individuals and institutions respond in diverse ways: a few choose to go offline, some make their data public before it can be stolen, and others fight back.

The researchers add, only slightly in jest, “Cyberspace in 2020 is the new wild west, and anyone who ventures online with the expectation of protection and justice ultimately has to provide it for themselves.”

Scenario 2: Models capable of accurately predicting and manipulating the behavior of individuals have been developed. This ability will create security vulnerabilities that focus on people instead of infrastructure, which will cause untold damage.

Scenario 3: The advertising model for major internet companies falls apart. As businesses collapse, they will attempt to recoup their losses by selling potentially valuable data assets to interested parties — specifically, criminals. “There are two key assets that criminals exploit: the data sets themselves, which become the principal targets of attack; and the humans who work on them, as the collapse of the industry leaves unemployed data scientists seeking new frontiers,” suggest the CLTC analysts.

Scenario 4: Like anything new, the Internet of Things (IoT) will experience growing pains, in particular cybersecurity weaknesses, which adversaries will quickly exploit. For example, rather than co-opt single devices, hackers will tamper with and repurpose entire IoT networks.

Scenario 5: Wearables will track more than heart rate and the number of steps taken. “With devices monitoring hormone levels, facial expressions, voice tone, and more,” suggest Weber and Cooper, “the Internet is now a vast system of ’emotion readers,’ touching the most intimate aspects of human psychology. These technologies allow an individual’s underlying mental, emotional, and physical state to be tracked–and manipulated.”

The world in 2020 could look very different from today suggest Weber and Cooper.

A cautionary note

“Because the scenarios are models, not predictions, no single scenario described in this work, nor any single implication, will necessarily come true,” explain CLTC analysts. “Cybersecurity in 2020 will likely include elements of all these scenarios.”

It seems the only thing for sure is that in four years cybersecurity will still be very much in play.