Future threats to future trust
Kapitel i bok, 2008
Only a few years ago, big worms roamed the
planet, spreading within hours, or even minutes, to
every nook and cranny of the Internet. The damage
caused by them was equally impressive; worms
have taken out alarm phone centers, train signalling
systems, thousands of cash machines, millions of
production PCs and servers, and, oh yes, South
No wonder academics and industry scrambled
to counter the threat. Indeed, fast spreading flash
worms were all the rage among security experts
and millions of euros were spent on projects to
counter them. Alliances were formed, research
grants applied for, projects started, prototype solutions
developed, refined, and discarded. Unfortunately,
by the time we developed practical counter
measures, flash worms had all but disappeared.
Instead, we now worry about stealth attacks, botnets,
phishing sites, attacks on mobile phones, and
whatever new threats emerged in recent years. The
problem is that we tend to work on solutions for
today’s problems and have no time to worry about
the threats of the future. The problem is that we
are often caught unawares.
This need not be the case and there are examples
of threats that we saw coming before they hit us.
A well-known example is RFID. An RFID tag
is a small, extremely low-cost chip that can be
used for purposes like identification and minimal
processing. By adding RFID tags to everything,
from pets to products, industry aims to use RFID
technology to create the “Internet of Things”. However,
researchers have shown that tags can be used
to propagate malware, which in turn has led a
concerned industry to scrutinize security issues in
RFID. All of this happened before any real attacks
For this reason the FORWARD initiative intends
to bring together experts to discuss future threats
and develop realistic threat scenarios. As a first
step in that direction, a workshop was organized
1The country virtually dropped off the map as a result of the
Slammer worm .
in G¨oteborg, Sweden, in April 2008, to discuss
future threats . The workshop consisted of broad
plenary sessions interspersed with focused experts
meetings. This paper summarizes the workshop’s
findings and their bearings on the future of trust.
The remainder of this paper discusses the findings
of the targeted expert meetings on critical
infrastructure and large scale systems (Section II),
fraud (Section III), and malware (Section IV).
Concluding remarks are in Section V.