17 February 2014

Physical Safety

November 24, 2013 



Wikistrat recently ran a simulation called Global Middle Class Values 2033 in which we asked our strategic community to define what will constitute global middle class values two decades from now, using Abraham Maslow’s “hierarchy of needs” as a categorization scheme.

The following is a sample scenario from that simulation, entitled When Cyber Security Equates With Physical Safety. The scenario sees the proliferation of digital assets making privacy and security concerns for the global middle class more important than they’ve ever been before.

Summary

By 2033, much of the daily life of the global middle class (GMC) is intricately weaved between digital assets in the data cloud and digital assets around, on and sometimes within their persons. The GMC’s ability to get fresh food, manage disability and disease, commute, get an education, participate in commerce, as well as store intimate details of living and managing family life is completely within commoditized data clouds. The core values of the GMC shift from consumable values of features and price to privacy and security. The technological progresses and their dissemination among the middle class will dramatically shift their safety needs toward an emphasis for cybersecurity.

Safety

Commodity Liability Models for Digital Assets

The 2033 GMC’s baseline needs will begin including new forms of insurance to protect against any damages done to online personas, accounts and any other data that becomes trafficked over the internet. Such insurance will become a vital component of GMC life by 2033. These liability models will need to integrate cleanly into what would be called “umbrella” policies in Western insurance markets today. The GMC will likely push for the equivalent of a single-payer liability system that would further integrate with reforms for over-criminalization, consumer credit privacy and other traditionally disparate issues that will be much further integrated in the GMC’s digital reputation by 2033.

Personalized Security Services

Personal digital security today is based entirely on reactive signature-based solutions with minimal meaningful behavioral analysis. The GMC of 2033 will need “enterprise” security postures readily available on their persons and at a personal level. Systems tailored toward “traffic analysis” of lifestyles, utility use, communication pathways and other manners of daily nuance. The concept of perimeter firewalls becomes moot and the necessity of peer-to-peer trusted controls and anomaly monitoring become key. Concepts such as a “Neighborhood Watch” for digital assets evolved for the GMC of 2033.

Security Obligations of Cloud Service Providers (CSP)

Cloud computing has become increasingly popular (Dropbox, Amazon Web Services) but the security of the cloud is a serious concern. The GMC will eventually realize that “the cloud” is not impenetrable and CSPs will need to require some kind of assurance that their information is protected.


Greater Knowledge of the Threats that Exist

As the GMC begins to engage in more activities where personal data is trafficked over the internet, there will be a demand for classes, literature, and (in general) knowledge about how to keep one’s information safe. The large majority of the current GMC has little awareness of the kind of security threats that exist and relies on luck rather than an understanding of cybersecurity to keep information safe.

International Legal Frameworks Normalize for Cyber Affairs

Driven primarily by informal conflict management of hacktivist affairs, the GMC of 2033 expects and receives normalized crowdsourced rulesets for their digital lives. European or American data privacy controls take a backseat to directly democratic co-ops that eventually fold into state-backed or managed cloud assets. Along with this comes de facto legal frameworks across state borders. What started as Interpol and U.N. guidelines into the 2020s becomes community managed for the GMC by the 2030s.

Consumer Safety Dramatically Overhauls Digital Device Security

The complex weavings between digital identity, data and consumer devices drives the demand for competitive device security services. The GMC of 2033 will no longer accept arbitrary “advancement” in their personal devices such as cars and diabetes pumps. The GMC of 2033 will drive and execute GMC crowd reviews of the devices we use in our daily affairs, their security and interoperability. While the early 21st century model was driven by private industry and sometimes regulatory bodies, the GMC of 2033 will peer review and peer assess all such systems. This will be driven, like the other items discussed, by the growing disparity in needs and liability cushions of the GMC versus the so-called 1%.

Drivers

In the mid-late 20th century, booming economies and rises in purchasing power prompted the buying of cars, and enabled access to complicated and expensive medical procedures. This massive boom necessitated insurance to protect individuals, families and corporations from accidents and other unforeseen damages. It’s currently the same for the digital domain, where the progressive shift of our whole societies toward immaterial, computerized and online property will push the GMC to develop a Maslowian safety need within the cyberspace. They will want their virtual identity and properties protected, as much as their physical ones for most, and even more for the tech-enthusiasts who will spend most of their time connected and cut from the real world.

Compared to Today

This cyber safety need has already been present for decades, but has been most prominent within big corporations and administrations. Under these difficult economic times, smaller businesses tend to adopt a postponing behavior which can be detrimental for them; according to a report from McAfee, “the costs associated with criminal cyber activity in the U.S. alone may be as much as $140 billion—and a half-million American jobs—annually“. For individuals of the current middle class, the cohort of those who are “not connected” aren’t active enough on the Internet (which they use occasionally for non-vital activities) to really develop a need for digital security. However, it isn’t the same for the “connected” groups who are getting accustomed to the Internet and have shifted many of their activities online. A Pew Research Center survey shows that: 

86% of internet users have taken steps online to remove or mask their digital footprints — ranging from clearing cookies to encrypting their email. 

55% of internet users have taken steps to avoid observation by specific people, organizations or the government. 

This rising sense of the importance of the digital safety need is also evidenced by the multiplication of ambitious efforts from many countries, for instance Japan, which needs 80 000 more information security engineers will need to train enough people to this field in order to protect key infrastructures.

Another difference between physical security and cyber security is the legal structure that attempts to provide insurance or protection against such harm. An individual’s physical security is largely defined by their physical location and the legal infrastructure that governs that location. In contrast, an individual’s cyber security is unlikely to be guaranteed by one overarching legal structure, and it’s witnessed nowadays with a rather chaotic legislation and structure over these matters. Since one legal system can’t guarantee safety, there exists greater risk to an individual’s cyber security.

Wikistrat Analysts Yoni Dayan, Keith Hilden, Andrew Pratt, Jared Haase and Ali-Reza Anghaie contributed to this scenario.

No comments: