Here at Quest, we’re aware that cyber security is on the up as a popular career choice among Service leavers. If it’s a sector you’ve set your sights on, Airbus CyberSecurity has rounded up a list of tech predictions that we hope you’ll find useful. Based on trends identified at its Security Operations Centres in France, the UK and Germany, as well as recent geopolitical and social events, the full list of predictions provides insider information that will inform you – and could set you apart from the rest
Extortion attacks on OT and IIoT infrastructure
Prediction: Critical infrastructure will be disrupted by a major extortion attack
We’ve already seen extortion-driven attacks on infrastructure such as cities and ports, which history suggests will continue and spread to energy and transport infrastructure. With the rise of the Industrial Internet-of-Things (IIoT), and its close relative operational technology (OT), manufacturing industry will become a new target. Professional cyber crime is increasingly driven by the simple psychology of extortion, while the almost limitless potential targets are simply a means to a financial end. One of these attacks will finally hit home somewhere in the world, causing memorable disruption.
‘We expect that IIoT devices will become a major target for cyber-attackers, especially in the manufacturing industry. The trend with Industry 4.0 to use IIoT technology for real-time data collection of production processes will generate a benefit but also produce an additional risk due to the still low maturity of the cyber security protection of IIoT devices,’ says Airbus CyberSecurity CEO, Markus Braendle.
AI’s use in malware
Prediction: AI-based malware will ‘escape’ beyond an intended target, with devastating consequences
A malware developer applying machine learning (ML) targeting and/or self-propagation could create a strain so capable that it might ‘escape’ beyond its intended targets, causing massive collateral damage. The use of AI in such an event is likely to increase the fallout beyond that seen with Stuxnet, Mirai and NotPetya. In addition, ML will for the first time be used in a real-world cyber attack to automate manual hacking techniques usually only associated with APT threats. Balancing this, Security Operations Centres (SOCs) will start using AI and ML algorithms as a way of plugging the cyber security skills gap. The security analyst role will have to adjust to accommodate these new artificial colleagues.
‘Open source machine learning libraries/frameworks such as TensorFlow and Pytorch are making these sophisticated techniques ever more accessible,’ says Braendle.
Prediction: Regulators will lose patience with cryptocurrencies
Blockchains are a short-term risk because the technology is immature and heavily tied to the fate of cryptocurrencies. This needs to mature if the technology is to succeed in areas such as supply chain security. As cryptocurrencies become mainstream, the worry of attacks on blockchain currency for geopolitical gain will rise. For this reason, they will face increased controls to mitigate economic risk as they trade more in conventional markets. More generally, confidence in blockchain will take a knock as worries over security problems with cryptocurrencies increase, and with the realisation that blockchain is not a panacea.
'The security concerns that have emerged with some cryptocurrencies are likely to lead to closer attention from the financial authorities and stricter regulation as they become more mainstream,’ says Braendle.
World’s first cyber security treaty
Prediction: Two cyber-powers will start negotiations to agree the world’s first cyber security treaty
There is a growing danger that people will get hurt because of a deliberate or inadvertent attack on critical infrastructure such as power stations and hospitals. Ideas to address these dangers have included Microsoft’s suggestion of a digital Geneva Convention with an independent NGO, the Global Cyber Attribution Consortium, to monitor compliance. Although this and other UN initiatives could take years to come to fruition, the balance of risks vs rewards are steadily tipping towards a system of rules for at least some nations, especially if this has geopolitical advantages mirrored in other economic and military ties. A formal cyber security treaty of this kind would rest as much on its political and symbolic capital as its technical detail.
‘States needs to advocate the need for cyber cooperation instead of cyber warfare. Indeed, states have an obligation to work towards such as treaty to make this happen in order to prevent a harmful cyber attack,’ says Braendle.
Prediction: A local government somewhere will ban public-sector ransomware payments
It has become commonplace for public-sector organisations to pay ransom payments when critical systems are hijacked by extortion attackers. This has always been controversial and the rules governing its legality are complex even in developed legal systems. The price of this short-termism is starting to dawn on governments. Payment risks financing new attacks and offers no guarantee against repeat episodes, while the ransom sums themselves have increased tenfold. Attackers are also moving towards ransoming critical infrastructure – a dangerous development. Banning ransom payments might deter extortion attacks and encourage investment in the sort of security designed to avoid them happening.
‘With the ransom sums being demanded rising dramatically, a growing number of organisations have been paying up. This isn’t sustainable, especially in the public sector – eventually voters’ patience might snap,’ says Braendle.
Markus Braendle concludes: ‘Our predictions are an indication of how the world has become complex and unpredictable. Coping requires having partners on board whom you absolutely trust. At Airbus CyberSecurity, we’re also seeing a trend for organisations to move away from simply building high walls to focus more investment on forward intelligence, real-time detection and response.’
Airbus CyberSecurity’s recommendations
IT and OT (operational technology) cyber security must be assessed at board level and managed as part of an organisation’s corporate risk management.
Too many organisations get distracted by shiny boxes – businesses must always find a balance between spending on response and training as well as detection.
To achieve success, multi-skilled teams need to be built, able to collaborate internally as well as externally. No single department or organisation can do this alone.
To find out more about careers in cyber security, read our in-depth feature here