This document summarizes a presentation on the future of information security. It discusses trends that will impact security such as increased network speeds, wireless devices, cloud computing and the internet of things. It also covers issues like the decline of traditional computers, increased cyber attacks, the importance of online identity, hacktivism, and the need for improved security training and qualifications. The document concludes that the complexity of security will continue growing and attacks will have greater potential impacts, making security an even more important issue going forward.

1. 1/05/2013
1
ACS VICTORIAN SIG – INFORMATION SECUIRY
THE FUTURE OF SECURITY
Professor Matt Warren,
School of Information Systems, Deakin
University
www.mjwarren.com
A view of the future
• Microsoft’s view of the future.
http://www.youtube.com/watch?v=peSYlJlg14E
• What will be the security implications?

2. 1/05/2013
2
CIA Triangle
• Initial security concept developed with the introduction of the mainframe.
• C.I.A. triangle was standard based on confidentiality, integrity, and
availability.
3
Comments from History
• Computer abuse – where a victim suffered, or
could have suffered, a loss and a perpetrator
made, or could have made a gain.
• Don Parker 1983 – Fighting Computer Crime

3. 1/05/2013
3
AusCert 2012
• Over 90% of respondents deployed firewalls, anti-
spam filters and anti-virus software.
• Two-thirds of respondents had documented
incident management plans, however only 12%
had a forensic plan.
• Over 20% of organisations know they
experienced a cyber incident in the previous 12
months, with 20% of these organisations
experiencing more than 10 incidents.
5
AusCert 2012
• Of the organisations which know they
experienced cyber incidents:
17% suffered from loss of confidential or proprietary
information, 16% encountered a denial-of-service attack,
and 10% financial fraud.
6

4. 1/05/2013
4
AusCert 2012
• The most common responses as to why incidents
were successful, were that they used powerful
automated attack tools, or exploited unpatched or
unprotected software vulnerabilities or
misconfigured operating systems, applications or
network devices.
Security Link to the Past
• Authentication – we are still using security
features from the 80’s.
• User name and password.

5. 1/05/2013
5
We are dealing with the consequences
Associated Press – Twitter hacking
We are dealing with the consequences
• One tweet.
• For a moment in time - $US136.5 billion lost of
the S&P 500 index's value. A quick recovery once
the hoax was identified.

6. 1/05/2013
6
We are dealing with the consequences
• Syrian Electronic army blamed for the incident.
• Phishing attack on journalists (from a number of
media organisations).
• One username and password for the AP twitter –
shared with many users.
The response
• Twitters response.
• Considering two test verification:
• 1) User name & Password
• 2) SMS code or secret code.
Issue – usability.

7. 1/05/2013
7
Next Generation
• What does the future offer from a security
perspective.
• Lets look into the future.
CIA Triangle – still relevant
14

8. 1/05/2013
8
The following trends
• The following themes and trends are based on a
proposed CRC looking at Cyber Security in an
Australian context.
Ultra Speed Networks and Defence
Faster networks allows for faster access and data
transfer rates. But faster networks allow faster
DDOS attacks, spread of malware, real time
impacts.
New approaches to intrusion detection and
response are needed to address highly increased
transmission speeds and diversity of devices
prevalent in cyberspace today and in the future.

9. 1/05/2013
9
Ultra Speed Networks and Defence
Cyber protection systems will need innovative
techniques and technologies to detect intrusions
as perpetrators operate across an increasingly
complex milieu of threat vectors.
Resilient Systems
With a society increasingly reliant on internet
connectivity recovery from any form of attack.
To protect society, organisational and individual
interests more robust and resilient primary
systems in the cyber infrastructure are needed.

10. 1/05/2013
10
Resilient Systems
Solutions will require systems to be self-aware
and self-repairing, and a composite approach
where systems combine to produce an overall
architecture stronger than its component parts.
Current focus of the Australian government.
Wireless, Mobile, Cloud
Wireless and mobile networks, and cloud
computing all impact how and where we store and
access our data.
Individuals using an array of personal devices for
workplace activity create an incredibly complex
environment for managing and using
commercially sensitive data to meet organisational
outcomes.

11. 1/05/2013
11
Trends – Australian 28th March, 2013
• SALES of tablet computers will surpass sales of both
desktop and portable PC sales by 2014.
• A report by the research firm IDC said worldwide
shipments of these devices -- personal computers,
tablets and smartphones -- grew 29.1 per cent in
2012 to 1.2 billion units with a value of $US576.9
billion.
• The expansion was largely driven by 78.4 per cent
growth in tablet shipments, which hit 128 million in
2012.
Trends - Australian 11th April, 2013
• Decline in PC sales – Windows 8 - First-quarter
shipments of PCs fell 14 per cent from the same
time last year, according to International Data
Corp.
• That's the deepest quarterly drop since the firm
started tracking the industry in 1994.

12. 1/05/2013
12
Trends
• Decline in traditional technologies – alternative
technologies – e.g. Chromebook, Ubuntu, Apple.
Unknown security issues?
• Decline in traditional computers and replacement
of alternative devices, e.g. security issues of
Android - two to nine million total downloads of
affected malware apps (bad news) from Google
Play.
IPV6 and the Internet of Things
IPv6 presents significant opportunities for the expansion
of the Internet and services, truly allowing “things” to be
connected. IPv4 has approximately 4.2 billion unique
addresses, but once IPv6 is fully adopted there will be
approximately 1000 IP addresses for every square
metre of the Earth’s surface.
Forensics issues – since in theory every transaction
could have a allocated IP address.
Many new types of IP connected devices.

13. 1/05/2013
13
Other Considerations
• Complexity – the complexity of technologies,
complexity of systems, complexity of security
risks.
• Cyber espionage / Cyber warfare.
• Harder to implement effective information
Security management.
Other Considerations
• Tools needed – as the complexity of security
develops, so does the need to develop new
software tools to manage the complexity.
• Who has responsibility for security – is it
governments, corporations or individuals?

14. 1/05/2013
14
Increased Attack Vectors
• Malware – increased in sophistication of
malware, e.g. Stuxnet;
• Linked to other attack vectors – social
engineering;
• Malware for all devices.
Massive impacts of attacks
• The impacts of attacks will impact millions and
billions of users. Attacks could cause global
impacts.
• We are already seeing this with the impacts of
social networking attacks. Security failures will
have big impacts.

15. 1/05/2013
15
Online Identity
• The importance of our online identity / online
brand.
• Identity theft will become a greater issues.
• Google is preparing for all aspects of the lifecycle
including the afterlife.
Google Afterlife
• Google - ‘Inactive Account’ settings page, which
allows a Google user to clarify what they want
done with their YouTube, Gmail, and Google+
accounts after they die or are otherwise unable to
use their account.
• Google Users can choose to have their data
deleted after three, six, or twelve months of
inactivity or can share their data with friends or
relatives.

16. 1/05/2013
16
Google Afterlife
Complexity of attacks
• How to deal with complex security attacks?
• Social aspects of attacks – extension of phishing
attacks.
• How to plan for complex attacks – will security
risk analysis have a future?
• The role of government in protecting against
attacks?

17. 1/05/2013
17
Hacktivsm
• In the broadest term it is the use of technology as
a means of protest to promote political ends. The
aims of the protest would depend upon the group;
• Small groups have the power to cause major
impacts (real and media reported) based upon
their activities.
Anonymous

18. 1/05/2013
18
Ethical issues - Data Ownership
• Data Owner: responsible for the security and
use of a particular set of information.
• Data Custodian: responsible for storage,
maintenance, and protection of information .
• Data Users: end users who work with
information to perform their daily jobs
supporting the mission of the organisation.
35
Auscert Survey (2012)
• Responses indicated that 65% of participating
organisations had IT security staff with tertiary
level IT qualifications.
• More than 50% of participating organisations had
IT security staff with some type of vendor based
IT certifications.
• Almost 35% of participating organisations had IT
security staff with no formal training, although
most of these staff had more than five years
working in the IT security industry.
36

19. 1/05/2013
19
Auscert Survey (2012)
• These findings indicate that some organisations
may need to improve the skill set of their IT
security staff.
• This was supported by the additional finding that
55% of respondents thought their organisation
needs to do more to ensure their IT security staff
have an appropriate level of qualification, training,
experience and awareness.
37
Professional Aspects
• Greater focus on quality security qualifications /
academic and professional.
• International aspects of Security Professional
development, accreditation.
• Security qualifications in all aspects of security.

20. 1/05/2013
20
Professional Aspects
• The professional nature / needs an development
of security professionals.
• A greater global demand for security
professionals and a greater demand for all roles
to have a security component.
Human Elements
• Cyber Safety – becomes important for entire
populations.
• The professional nature of security needs the
development of IT and business professionals.

21. 1/05/2013
21
Current Views of Cyber Security
• Official Government Viewpoint.
http://www.youtube.com/watch?v=UIIY9AQSqbY
• Governments are taken Cyber Security seriously
now, what will happen in the future?
Conclusion
• What have we learned from the past?
• What will the future bring from a security
perspective?
• The world will become smaller as technology
transform society. Security will become an even
greater issue.

22. 1/05/2013
22
Thank You
For Your Time