When a technologist looks into his crystal ball, what does he see coming up in the next 5 or 10 years for computer security? Since security technologies and policies have undergone so many changes in the past few years, it's likely that changes will continue to accelerate. We asked some familiar faces at UC Davis to give it their best guess and here's what they said:
Greg Loge, Computing Resource Manager for the College of Agricultural and Environmental Sciences; Chair of the Technology Infrastructure Forum Subcommittee on Security
"Campus computer security will only improve through a concerted effort that appreciates the distributed nature of our university computing systems. No single central solution will ever be effective on its own. Departments, campus units, central IET, students, staff, and faculty will have to work together to confront the issue head on. I am optimistic that we will reach a substantially more secure environment on campus in the future. I just hope it doesn't take a significant loss to serve as a wake up call for us to reach that goal."
Dr. John Bruno, Vice Provost for Information and Educational Technology
"As we continue to explore ways of improving administrative, paper-based processes and making them available via the Web, we will need to take all appropriate measures to protect the privacy and integrity of this digital information. For instance, just as instructors already make student grades and class materials available electronically, there are now discussions of using Web-based technologies to simplify the submission and administration of such critical data as faculty portfolios, academic research and grant proposals, and various other campus records. As we make this information available online, it will be critical for us to ensure that the systems have been developed with information security in mind."
Dr. Matt Bishop, Associate Professor of Computer Science, Co-Direct or of the Computer Security Laboratory, author of Computer Security: Art and Science
"Computer security can evolve in two different directions in the next twenty years. In the first possible direction, we could continue with the current cycle of vulnerabilities being exploited and patched. We'd improve some things, weaken other things, and somehow manage to stay afloat. In the second possible direction, we could develop new protocols and systems by challenging common perceptions and creating designs with security as an integral part. In this scenario, we could break the cycle of always being one step behind the attackers.
Which will it be??
Robert Ono, IT Security Coordinator
"It's hard to say whether security problems of the future will take the form of massive doomsday-style exploits (that sabotage electricity, fuel, and food) or just more frequently-occurring minor nuisances like we have now. Either way, I suspect that the public's tolerance for security flaws will diminish. For instance, when Wells Fargo recently learned that thousands of customer names and account numbers were stored on a computer that was stolen, it made headlines everywhere. People are also taking this frustration to the courts. Recently, class action suits have been filed or threatened against Apple Computer for alleged quality issues with iPod batteries and the iBook logic boards. It should be interesting to see how courts determine liability for a virus-induced computer crashes or attacks. Is it the user's fault for not patching soon enough or the software vendor's fault for releasing an imperfect product in the first place--or perhaps an organization that failed to mitigate a recognized vulnerability? Could the information technology industry follow the same path as the automobile industry in which the government had to eventually step in and create regulations and standards for use and safety? Would such measures threaten the advancement of information technology? Imagine if Computing Licenses were required just like Drivers' Licenses! Indeed, the history of other industries may tell us something about the future of this one."
Christopher Derr, Programmer and Technical Support Coordinator, Department of Chemical Engineering and Materials Science
"Here's two possible scenarios that could take place in the future:
"#1: A gentle tap on your shoulder is the first sign you've realized someone's entered your cubicle. "Don't turn around," a hushed voice says, and a CD is jammed in your shirt pocket (specially widened for just this purpose). The lights dim briefly, and you sense the gentle breeze of The Network's departure, your read-only email safe in hand.
"#2: Physical network keys come into play. Optical networks are everywhere, of course. In your port is an oscillating light field which "plays" a wave function specific to your machine or network. Any incoming traffic not encapsulated with that specific wave function is simply absorbed."