Future threats to future trust

Kapitel i bok, 2008

Only a few years ago, big worms roamed the planet, spreading within hours, or even minutes, to every nook and cranny of the Internet. The damage caused by them was equally impressive; worms have taken out alarm phone centers, train signalling systems, thousands of cash machines, millions of production PCs and servers, and, oh yes, South Korea1. No wonder academics and industry scrambled to counter the threat. Indeed, fast spreading flash worms were all the rage among security experts and millions of euros were spent on projects to counter them. Alliances were formed, research grants applied for, projects started, prototype solutions developed, refined, and discarded. Unfortunately, by the time we developed practical counter measures, flash worms had all but disappeared. Instead, we now worry about stealth attacks, botnets, phishing sites, attacks on mobile phones, and whatever new threats emerged in recent years. The problem is that we tend to work on solutions for today’s problems and have no time to worry about the threats of the future. The problem is that we are often caught unawares. This need not be the case and there are examples of threats that we saw coming before they hit us. A well-known example is RFID. An RFID tag is a small, extremely low-cost chip that can be used for purposes like identification and minimal processing. By adding RFID tags to everything, from pets to products, industry aims to use RFID technology to create the “Internet of Things”. However, researchers have shown that tags can be used to propagate malware, which in turn has led a concerned industry to scrutinize security issues in RFID. All of this happened before any real attacks took place. For this reason the FORWARD initiative intends to bring together experts to discuss future threats and develop realistic threat scenarios. As a first step in that direction, a workshop was organized 1The country virtually dropped off the map as a result of the Slammer worm [2]. in G¨oteborg, Sweden, in April 2008, to discuss future threats [1]. The workshop consisted of broad plenary sessions interspersed with focused experts meetings. This paper summarizes the workshop’s findings and their bearings on the future of trust. The remainder of this paper discusses the findings of the targeted expert meetings on critical infrastructure and large scale systems (Section II), fraud (Section III), and malware (Section IV). Concluding remarks are in Section V.