The End of Malware? Cybersecurity Predictions for 2022

Los Angeles, 2019. CREDIT: Warner Bros. Pictures View full size image

This is the fourth story in a multi-part series on the future of digital security.

If you're wondering what online security will look like in the year 2022, analysts have both good news and bad news.

The good news: There will probably be smarter security, international treaties regulating cyberwar and, most significantly, no more malware. The bad news: There will be increased attacks from non-malware vectors, as well as smarter hackers and countries that ignore all treaties regulating cyberwar.

Generational shifts, both in personnel and technology, will help drive these changes. Digital "natives" who've grown up using the Internet will assume the reins of power from baby-boomer politicians and businessmen, but those "natives" will face off against hackers for whom the infamous Conficker worm might as well have infected rotary phones.

Ubiquitous computing will minimize hacking risks by hard-wiring limitations into specialized devices. But ubiquitous computing will also provide new avenues of attack, said Martin Libicki, author of "Cyberdeterrence and Cyberwar" (Rand Publishing, 2009) and a senior policy analyst at the Rand Corporation in Santa Monica, Calif.

"For individuals, I see three vectors [over the next 10 years] — one good, two bad," Libicki told SecurityNewsDaily. "The good one is that people and companies are getting smarter about security than ever before. The bad ones are that hackers are also getting smarter, and the other is that many more users are signing up, which means more targets."

"For policy, right now, the people in power don't understand cyberwar. I think with the new generation, there's hope that will change," Libicki said. "Look how long it took for people to understand that nuclear weapons weren't just bigger [conventional] bombs. It took 20 years — basically between Hiroshima and the Cuban missile crisis."

No more malware ...

The biggest change that Libicki identified was a likely end to malicious software. Citing the lack of viruses and other malware written for iPhones, iPads and other devices that run Apple's iOS platform (and aren't "jailbroken" to get around security restrictions), Libicki touted Apple's rigid app screening as "evidence that it's possible to deliver a product with far fewer malware problems than previously thought possible."

Of course, that doesn't mean the end of hacking. In place of malware, Libicki expects to see a rise in denial of service-style attacks on websites, spear-phishing emails and SQL injections into online databases, among other forms of hacking.

These alternative routes of attack will only increase, he said, as social networking sites, cloud-computing servers and ubiquitous Internet-connected sensors provide avenues for hackers to attack your personal information without interfering with your personal hardware.

Another important change highlighted by Libicki concerns the relationship between policy makers and technology. Soon, the generation that grew up with digital technology will begin replacing politicians who gleefully boast about their inability to use the Internet.

This generational shift will empower policy-makers who understand, say, the value of precisely defining "cyberwar," or of pointing out how intellectual-property law differs in the digital realm from the physical one.

… but the digital arms race will continue

Unfortunately, Libicki also notes that the rapid advance of technology may very well outpace the coming of age of this new generation.

For instance, in 2000, Richard A. Clarke, the former White House cybersecurity adviser, presented Congress with the U.S. government's first-ever plan for cybersecurity. In it, Clarke identified worms and viruses as the main vector for threats against the U.S.

Within a year, changes in operating-system architecture, Internet use and malware design had rendered Clarke's plan almost entirely obsolete, Libicki said.

On a broader front, it's certain that a new generation of bureaucrats will craft well-thought-out international agreements covering topics such as cyberwar and intellectual property. But enforcing the inevitable treaties regulating online activity may prove next to impossible.

After all, countries routinely flout easily verifiable bans on nuclear proliferation when it interests them. Violating a treaty on digital copyrights or cyberespionage would be even easier and less risky, notes Libicki.

So that might be the security environment of 2022: lots of threats, but none worth losing sleep over; high-security software being undone by user error; and governments unable to extend their power into cyberspace. Perhaps another 10 years won't bring that much change after all.

This story was provided by SecurityNewsDaily, a sister site to TechNewsDaily.