Whats a sevenyear view anyway Ross Anderson Cambridge
What’s a seven-year view anyway? Ross Anderson Cambridge University ICSS, Leuven, 06/09/2013
What’s good engineering research? • Advice I got from my thesis adviser, the late Roger Needham – Don’t try to invent stuff that will get to market next year – you’re competing with industry who have more people and more money – If you try to invent stuff for 25 or 50 years from now, you’re doing pure maths or science fiction • So try to figure out what people will need 5– 10 years from now. That’s out of scope for product managers (and ministers) but maybe just about foreseeable ICSS, Leuven, 06/09/2013
Where are the real problems? • Crypto we can do now (AES, SHA 2/3) though protocols can be hard in practice [2] • Hardware tamper-resistance we can sort of do but it’s harder than crypto [3] • Access control is often tractable but there are constant new challenges (phones, SDN …) [3] • Software security is seriously hard [7] • The complexity of real-world systems is the real long-term killer [4+] ICSS, Leuven, 06/09/2013
What’s our Grand Challenge? • Complex, global-scale socio-technical systems are emerging as computers and communications become embedded everywhere • We’re coming to depend on the Internet, on the payment system, on many others … • How are we to understand them, manage them and improve them? ICSS, Leuven, 06/09/2013
Complex Systems • Since the invention of agriculture and towns about 10, 000 years ago we’ve been building complex systems • Armies, civil services, religions, industries, markets… • Until recently systems were driven by people – with control mechanisms based on hierarchy, small-group relationships or exchange ICSS, Leuven, 06/09/2013
Roman Army ICSS, Leuven, 06/09/2013
Chinese Civil Service ICSS, Leuven, 06/09/2013
Bank of England ICSS, Leuven, 06/09/2013
Tiffin Box Delivery ICSS, Leuven, 06/09/2013
Complex Socio-technical Systems • Now we have people plus software! – – – The Internet itself The global card payment system The global advertising ecosystem Smart grids for distributing electricity Facebook … • But with global-scale systems we get conflict! • How do we build such systems to be dependable and fit for purpose? ICSS, Leuven, 06/09/2013
Economics Matters Too • Since 2000, we have started to apply economic analysis to security and dependability • Systems often fail because the folks who guard them, or who could fix them, have insufficient incentives – Where banks can dump fraud risk on customers or merchants, fraud increases – If electricity generation companies don’t have an incentive to provide reserve capacity, there will be blackouts • Insecurity is often an ‘externality’ – a side-effect, like environmental pollution ICSS, Leuven, 06/09/2013
IT economics and dependability • High fixed/low marginal costs, network effects and switching costs all tend to lead to dominant-firm markets with big first-mover advantage • Microsoft philosophy of ‘we’ll ship it Tuesday and get it right by version 3’ was quite rational • In a market race, you must appeal to complementers – developers for PC versus Apple, Symbian versus Palm, Facebook versus Myspace • Little security in early versions so easier to develop apps; win the market; then lock it down • That’s one of the reasons platform security sucks! ICSS, Leuven, 06/09/2013
Information Security Economics • Models of what’s likely to go wrong – perverse incentives, asymmetric information • Measurements of what is going wrong – patching cycle, malware, fraud • Recommendations for how to fix it – what actors can likely do what • In the last ten years, it’s grown from zero to over 100 active researchers • Policy recommendations now being adopted in both the USA and Europe ICSS, Leuven, 06/09/2013
Security economics and policy • 2008: ‘Security Economics and the Single Market’ report looked at cybercrime and what governments could do about it • 2011: ‘Resilience of the Internet Interconnection Ecosystem’ examined critical infrastructure and made recommendations • 2012 ‘Measuring the Cost of Cybercrime’ sets out to debunk myths and scaremongering ICSS, Leuven, 06/09/2013
What’ll be hot in policy in 2020? • Policy timescale is 5– 10 years or more while ministers mostly think of the next election … • So policy becomes reactive! Two big drivers: – Tech shifts create winners (who keep quiet) and losers (who lobby) – Existing state agencies try stuff, and do more of what ‘works’ • So we get the music industry’s copyright jihad, the spooks’ surveillance programs, … ICSS, Leuven, 06/09/2013
IT economics in maturing markets • A firm building a network monopoly must race to market – and appeal to complementary vendors • Once established, it’s about lock-in • So don’t be surprised at creeping platform lockdown (UEFI …) • With service firms, expect more bundling, and exploitation of what they know of the customer • Security tussles over many systems from smart meters to medical record privacy are increasingly about business models, not evil outsiders ICSS, Leuven, 06/09/2013
Who’ll be the lobbying losers? • They’re bound to be interests that are already losing. Here are some thoughts: – Big pharma, as the new drugs pipeline is getting empty and genomic medicine isn’t delivering; so use genomics to sell existing drugs more – Service industries: for example, lawyers’ salaries are under pressure now that firms in India can take over routine and unregulated work – There will be rush to access ‘big data’ to lock in customers, and to lobby for privacy carve-outs ICSS, Leuven, 06/09/2013
Public-sector lobbying successes? • In the 15 years since the dotcom boom, winners have ranged from the smart-meter lobby to the NSA. Who else? – If crime continues to move online, the police might eventually be more serious winners – Local data-centre owners can use Prism to sell ‘government clouds’ – But overall there will be a push to use ‘big data’ to discriminate between taxpayers / service users – More privacy carve-outs will be demanded ICSS, Leuven, 06/09/2013
What might break? • The biggest candidate is data protection! • This is a classic ‘sanctuary’ set up by elected politicians to avoid toxic choices (see Fiske and Tetlock, or www. lightbluetouchpaper. org) • That was OK so long as choices between privacy and profit / convenience had few visible consequences for most voters • That’s now changing! Lobbying storm over the Data Protection Regulation, and now Prism ICSS, Leuven, 06/09/2013
A view on 2020 • See this morning’s Guardian! • Recall Crypto AG, Clipper, key escrow? • The crypto wars didn’t end in 2000: the NSA and their friends have worked hard to insert vulnerabilities via vendors and standards • Will the Internet fragment? Saskia echoed industry’s response to Prism: can’t use clouds or the Americans will get your stuff • Now: can you trust any foreign vendors? ICSS, Leuven, 06/09/2013
Bruce Schneier’s op-ed this morning ‘Government and industry have betrayed the internet, and us. ‘By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. ‘This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. ’ ICSS, Leuven, 06/09/2013
Conclusion • Security is just one aspect of a complex regulatory mix that also affects competition, trade liberalisation and much else • Member states will be much more able to stand up to US / Chinese bullying collectively • Cecilia’s vision of a European internet that promotes and defends our values is great, but her cybersecurity proposals would channel EU efforts via one agency in each nation state • That’s giving control to GCHQ & friends ICSS, Leuven, 06/09/2013
- Slides: 22