This column was written with Matias Madou, Chief Technology Officer and Co-Founder of Secure Code Warrior.
Cybersecurity predictions are something of a tradition in the security industry, as we look toward the year to come and see what may lie ahead in a field that changes counstantly. Sometimes we’re right, and sometimes a once-in-a-generation pandemic comes along and challenges us in ways we could never have expected.
Let’s not focus on that, however. This is about 2021, and while we will take some of 2020’s adaptations with us, there’s a whole lot in store for the future of cybersecurity, and the most interesting things aren’t even happening here on Earth.
That’s right, we’re predicting that 2021 is the year we take a new kind of space race into the mainstream: Keeping our galaxy safe from cyber threats.
NASA Already Employs Cybersecurity People Who Work Outside the Earth
It’s should be no shock that NASA employs many security experts, as well as engineers with a deep focus on fortifying NASA’s software and operations to withstand the most powerful of cyberattacks.
But what might surprise is the fact that NASA employs a senior satellite engineer — 28-year-old Kenneth F. Harris II — to protect and defend satellites in orbit. Far from an automated process, Harris is a real-life Superman who stands (metaphorically) between NASA’s satellites and the numerous deliberate attempts to physically attack them, in addition to helping mitigate the risk of potential cyber threats that could come from anywhere on Earth.
What’s at stake if a nation’s satellites are damaged? A deliberate collision, or bad actor managing to leverage a software vulnerability could potentially disrupt GPS networks, weather warnings and forecasts, and the communications systems we take for granted every day.
It’s a threat that might literally be out of our orbit, but we’re confident that security people focused on space asset protection will be a niche area that experiences big demand going forward.
Governments Are Assembling Space Forces, and They’re Going to Need Security Experts
In December 2019, the US government introduced a new branch of its military operations — this time, in space. America’s Space Force is a technology-centric department with a focus on preserving space as a “global commons,” according to US Secretary of Defense Mark Esper: “It’s important not just to our security, but to our commerce, our way of life, our understanding of the planet, weather, you name it. So, it’s very important that … we now treat it that way and make sure that we’re prepared to defend ourselves and preserve space,” he said.
In October 2020, it was reported that as many as 130 cyber experts from the US Air Force would be redeployed to the Space Force ranks, with Maj. Gen. Kimberly Crider, Space Force chief technology and innovation officer, identifying space as “the next front of the cyber conflict.”
While the USA may have been one of the frontrunners in assembling a Space Force, at a time where it might seem a little over the top and more like a comic book plot than a serious department, space cyber warfare is already a risk area, and it goes without saying that most countries will eventually follow suit with programs of their own.
Tesla Has Already Put a Car in Space While Computers Drive on Our Roads
In 2018, Elon Musk sent a self-driving Tesla vehicle into space. By October 2020, the car piloted by a spacesuit-clad mannequin nicknamed “Starman” has clocked 1.3 billion miles, and has now cruised past Mars.
While this situation isn’t a cybersecurity issue, it is curious that we’ve got a car doing an infinite intergalactic version of a NASCAR race, while our roads here on Earth are slowly, but surely, being populated with cars driven by computers. Anything powered by software carries at least some element of cyber-risk, and automotive software has been compromised before, with the outcome signaling the potential for catastrophe. Tesla has already been tested several times by security researchers, with one exploit resulting in the autonomous, involuntary acceleration of the vehicle from 35 to 85 miles per hour. Yikes! Still, Tesla’s comprehensive security programs set a high standard for the industry in terms of testing and compliance.
Autonomous vehicles are the future of our personal travel, but all eyes will be on the software security aspect of their build as more players than the likes of Tesla enter the market, and it’s likely we will see this market explode from 2021.
So Much Advancement, Yet We’re Still Forgetting the Human Factor
Despite the inherent risks of brand-new tech, we are certainly in a very exciting time. Most industries are innovating with cutting-edge use of software, and we can’t wait to see what’s next.
However, it seems that the cybersecurity industry as a whole is a little stuck. Everywhere we turn, the most common advice for organizations that want to build more secure software is to keep buying tools, automated scanners, and other solutions that are essentially leaving it all up to robots to solve our security problems. Huge data breaches every other day prove that this approach needs a serious upgrade, and that we aren’t utilizing all the options at our disposal.
Gartner’s “Hype Cycle for Application Security 2020” report details a wide array of the latest security solutions, in fact, it’s hard to think of a technology solution it hasn’t outlined as a viable option for secure application development. It seems comprehensive, and it seems like good advice. Sadly, though, there isn’t one mention of the human factor at play in secure application development, nor the immensely beneficial role that trained, security-aware developers can play in reducing common software vulnerabilities. It is by far the most economical solution for recurring software bugs, and one which would free up tools and security experts to work out the more complex problems.
Perhaps we need to end with a question, rather than a prediction. Will 2021 be the year that industry analysts keep humans front-of-mind in the race to ramp up secure software development?
Pieter Danhieux is a globally recognised security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organisations, systems and individuals for security … View Full Bio