leuven-2013
advertisement
What’s a seven-year view anyway? Ross Anderson Cambridge University ICSS, Leuven, 06/09/2013 What’s good engineering research? • Advice I got from my thesis adviser, the late Roger Needham – Don’t try to invent stuff that will get to market next year – you’re competing with industry who have more people and more money – If you try to invent stuff for 25 or 50 years from now, you’re doing pure maths or science fiction • So try to figure out what people will need 5–10 years from now. That’s out of scope for product managers (and ministers) but maybe just about foreseeable ICSS, Leuven, 06/09/2013 Where are the real problems? • Crypto we can do now (AES, SHA2/3) though protocols can be hard in practice [2] • Hardware tamper-resistance we can sort of do but it’s harder than crypto [3] • Access control is often tractable but there are constant new challenges (phones, SDN …) [3] • Software security is seriously hard [7] • The complexity of real-world systems is the real long-term killer [4+] ICSS, Leuven, 06/09/2013 What’s our Grand Challenge? • Complex, global-scale socio-technical systems are emerging as computers and communications become embedded everywhere • We’re coming to depend on the Internet, on the payment system, on many others … • How are we to understand them, manage them and improve them? ICSS, Leuven, 06/09/2013 Complex Systems • Since the invention of agriculture and towns about 10,000 years ago we’ve been building complex systems • Armies, civil services, religions, industries, markets… • Until recently systems were driven by people – with control mechanisms based on hierarchy, small-group relationships or exchange ICSS, Leuven, 06/09/2013 Roman Army ICSS, Leuven, 06/09/2013 Chinese Civil Service ICSS, Leuven, 06/09/2013 Bank of England ICSS, Leuven, 06/09/2013 Tiffin Box Delivery ICSS, Leuven, 06/09/2013 Complex Socio-technical Systems • Now we have people plus software! – – – – – – The Internet itself The global card payment system The global advertising ecosystem Smart grids for distributing electricity Facebook … • But with global-scale systems we get conflict! • How do we build such systems to be dependable and fit for purpose? ICSS, Leuven, 06/09/2013 Economics Matters Too • Since 2000, we have started to apply economic analysis to security and dependability • Systems often fail because the folks who guard them, or who could fix them, have insufficient incentives – Where banks can dump fraud risk on customers or merchants, fraud increases – If electricity generation companies don’t have an incentive to provide reserve capacity, there will be blackouts • Insecurity is often an ‘externality’ – a side-effect, like environmental pollution ICSS, Leuven, 06/09/2013 IT economics and dependability • High fixed/low marginal costs, network effects and switching costs all tend to lead to dominant-firm markets with big first-mover advantage • Microsoft philosophy of ‘we’ll ship it Tuesday and get it right by version 3’ was quite rational • In a market race, you must appeal to complementers – developers for PC versus Apple, Symbian versus Palm, Facebook versus Myspace • Little security in early versions so easier to develop apps; win the market; then lock it down • That’s one of the reasons platform security sucks! ICSS, Leuven, 06/09/2013 Information Security Economics • Models of what’s likely to go wrong – perverse incentives, asymmetric information • Measurements of what is going wrong – patching cycle, malware, fraud • Recommendations for how to fix it – what actors can likely do what • In the last ten years, it’s grown from zero to over 100 active researchers • Policy recommendations now being adopted in both the USA and Europe ICSS, Leuven, 06/09/2013 Security economics and policy • 2008: ‘Security Economics and the Single Market’ report looked at cybercrime and what governments could do about it • 2011: ‘Resilience of the Internet Interconnection Ecosystem’ examined critical infrastructure and made recommendations • 2012 ‘Measuring the Cost of Cybercrime’ sets out to debunk myths and scaremongering ICSS, Leuven, 06/09/2013 What’ll be hot in policy in 2020? • Policy timescale is 5–10 years or more while ministers mostly think of the next election … • So policy becomes reactive! Two big drivers: – Tech shifts create winners (who keep quiet) and losers (who lobby) – Existing state agencies try stuff, and do more of what ‘works’ • So we get the music industry’s copyright jihad, the spooks’ surveillance programs, … ICSS, Leuven, 06/09/2013 IT economics in maturing markets • A firm building a network monopoly must race to market – and appeal to complementary vendors • Once established, it’s about lock-in • So don’t be surprised at creeping platform lockdown (UEFI …) • With service firms, expect more bundling, and exploitation of what they know of the customer • Security tussles over many systems from smart meters to medical record privacy are increasingly about business models, not evil outsiders ICSS, Leuven, 06/09/2013 Who’ll be the lobbying losers? • They’re bound to be interests that are already losing. Here are some thoughts: – Big pharma, as the new drugs pipeline is getting empty and genomic medicine isn’t delivering; so use genomics to sell existing drugs more – Service industries: for example, lawyers’ salaries are under pressure now that firms in India can take over routine and unregulated work – There will be rush to access ‘big data’ to lock in customers, and to lobby for privacy carve-outs ICSS, Leuven, 06/09/2013 Public-sector lobbying successes? • In the 15 years since the dotcom boom, winners have ranged from the smart-meter lobby to the NSA. Who else? – If crime continues to move online, the police might eventually be more serious winners – Local data-centre owners can use Prism to sell ‘government clouds’ – But overall there will be a push to use ‘big data’ to discriminate between taxpayers / service users – More privacy carve-outs will be demanded ICSS, Leuven, 06/09/2013 What might break? • The biggest candidate is data protection! • This is a classic ‘sanctuary’ set up by elected politicians to avoid toxic choices (see Fiske and Tetlock, or www.lightbluetouchpaper.org) • That was OK so long as choices between privacy and profit / convenience had few visible consequences for most voters • That’s now changing! Lobbying storm over the Data Protection Regulation, and now Prism ICSS, Leuven, 06/09/2013 A view on 2020 • See this morning’s Guardian! • Recall Crypto AG, Clipper, key escrow? • The crypto wars didn’t end in 2000: the NSA and their friends have worked hard to insert vulnerabilities via vendors and standards • Will the Internet fragment? Saskia echoed industry’s response to Prism: can’t use clouds or the Americans will get your stuff • Now: can you trust any foreign vendors? ICSS, Leuven, 06/09/2013 Bruce Schneier’s op-ed this morning ‘Government and industry have betrayed the internet, and us. ‘By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards. ‘This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.’ ICSS, Leuven, 06/09/2013 Conclusion • Security is just one aspect of a complex regulatory mix that also affects competition, trade liberalisation and much else • Member states will be much more able to stand up to US / Chinese bullying collectively • Cecilia’s vision of a European internet that promotes and defends our values is great, but her cybersecurity proposals would channel EU efforts via one agency in each nation state • That’s giving control to GCHQ & friends ICSS, Leuven, 06/09/2013
