The future of security: Will our brains host botnets?

What does the future hold in store for us and how does IT security fit into the picture of things to come? Chad Perrin envisions the security threats of a brave new digital world.

What does the future -- not tomorrow or next year, but much farther into the future -- hold in store for us? How does IT security fit into this picture of things to come?

I do not have a crystal ball, and I have not yet written a program that predicts future events. We all think about the future from time to time, though, and even speculate about what might yet arise in that future -- especially those of us with an interest in technology.

When we think about the future, though, we usually keep our science-fictional speculations neatly divided from our career planning. Will we be able to send humans to other solar systems in fifty years? What about Mars? Maybe so, and it might be an exciting time for the human race, but it is not common for us to start looking into a career path that is intended to put us in the middle of planning a manned mission to Mars or to Alpha Centauri. Instead, when we think about our careers and skills development, we tend to think about things like attending the Black Hat conference or learning Python.

In the last few years, though, I have been thinking more and more about how my professional skills might be guided toward a future with flying cars and washing machines that communicate with me via brain implants. In fact, such speculations are not even strictly career-oriented in nature.

It occurs to me that, in at least one conception of a future that I think is very likely, secure software development might actually become a survival skill. Somewhere down the line, we are going to start seeing cybernetic implants on the market. The first such thing available for general use might be a direct interface between the brain and the computer. The way things are going in the cellphone world, the computer might even be the implant, with an always-on wireless Internet connection.

Considering the security landscape of today's Internet, though, and the direction security on the Internet seems to be going, that could be a very scary thought to consider. What kind of damage can a computer virus do if it infects a cybernetic implant? Will denial of service attacks only affect our Internet connections, or might they find a way to affect the cerebral cortex as well? Will our brains become nodes in the world's largest botnet?

What about the day that may come when we get implants that allow us to adjust our metabolisms, that can enhance or diminish sensory input on command, or that simply repair replication errors in our cells? What will a computer virus that infects the systems that can do such things actually do to us? Will we one day manage to solve all biological illness problems only to simultaneously open ourselves up to man-made digital infections that can be even more deadly?

As we approach the day when we may find ourselves incorporating computers into our very bodies, people will hopefully become more careful about what kind of software and hardware systems they buy. Today, those of us who worry about Chinese hardware and Microsoft software that could spy on our email are regarded by many as paranoid. In twenty years, it may be perfectly normal to worry about Chinese hardware and Microsoft software that could spy on our most private moments -- perhaps even on our thoughts.

I, for one, hope that open source software is at the forefront of software development for cybernetic systems, for security reasons. I also want to be able to safely and securely tweak the code myself. I am beginning to think it is time to start learning languages like Ada, Go, and Io for secure, massively concurrent development, which may become incredibly important as nanotechnology starts giving us a view into the highly complex future of programmable selves.

How do we plan for the science-fictional future? As technological advancement accelerates with every passing year -- perhaps every day soon -- this question becomes more and more urgent. If things go anywhere near the way I expect, learning security skills may be the most important thing we can do to prepare for the future.