IntheRSAConferenceMulti-Eventapp…Step1:GotoSessionandEventDetailsStep2:Searchfor“Futures”Step3:GotoPolls(2)

SESSIONID:

#RSAC

SteveWeber

FutureofCybersecurityScenarios:AnticipatingtheCybersecurityChallengesoftheFuture

CSFP-W10

DirectorUCBerkeley’sCenterforLong-TermCybersecurity

DawnThomasAssociateDirectorCNA’sInstituteforPublicResearch

PartI:AnIntroduction

Theprojectandthe2025scenarioworlds

#RSAC

4

WHO:ProjectLeads

Steven WebberCenter for Long-Term

Cybersecurity

Dawn ThomasCNA’s Institute for Public Research

Alan CohnSteptoe and

Johnson

#RSAC

WHAT:KeyPropositionsfortheProject

5

Cybersecurity, broadly defined, is the master problem of the Internet eraThe problem set is evolving more quickly than is our understanding of it (and certainly our ability to ‘solve’)Differentcountriesandsocietieswillgrapplewiththechallengesthosetwopropositionspresent,indifferentways

Gaining foresight into those differences now will better situate us to tilt the digital world in a direction that is more secure and beneficial to people and societies…

#RSAC

6

WHY:BridgingtheGap

between policy, research and strategy

between people and technology

between short term and long term

#RSAC

7

HOW:UsingScenarios

Simplify ExaggerateAdd

Complexity Back

#RSAC

8

Andnow…Movingawayfromtheofficialfuture…

QuantumLeap

Quantumcapabilitiesareavailabletosome,andcontaining‘proliferation’isnot

asimplematterofcarrotsandsticks.

NewWiggleRoom

Perfectinformationmakessocietiesperfectlymiserable– andtheescapeis

multipleidentities.

Barlow’sRevenge

Inthedigitalworld,thestateisnoweitherfullyinorfullyout– andnotallcountriesmakethe‘obvious’choice

TrustUs

Thestakesofdecidingbetweenanunsafe-yet-openinternetandasafebutclosedandsurveilledSafetyNetareclear,

butnotwhatweexpected.

#RSAC

9

NewWiggleRoom

NewWiggleRoom

Perfectinformationmakessocietiesperfectlymiserable– andtheescapeis

multipleidentities.WhatistheidealoutcomeoflivingintheNewWiggleRoom

world?

#RSAC

10

#RSAC

11

QuantumLeap

AlthoughIknowit’srelativelyunlikely,___________isthescariestpossibilityintheQuantumLeadworld.

QuantumLeap

Quantumcapabilitiesareavailabletosome,andcontaining‘proliferation’isnot

asimplematterofcarrotsandsticks.

#RSAC

12

#RSAC

13

TrustUs

IntheworldofTrustUs,________isthethingthatwill

keepmeupatnight.

TrustUs

Thestakesofdecidingbetweenanunsafe-yet-openinternetandasafebutclosedandsurveilledSafetyNetareclear,

butnotwhatweexpected.

#RSAC

14

PartII:MarchMadness

Awholenewtakeonbracketology

#RSAC

Today’sactivity

16

Step1:Workthroughtheleftsideofthebracket

(mostlikely,mostpositiveoutcomes)

Step2.Decideonyourpick Step3:Usethelivepollingapplicationtoregisteryourpick

RinseandRepeatforthemostworrisomenegativebyproduct

#RSAC

Pollingresultsanddiscussion

17

Aretheseresultssurprising?Howdoweaddressthemostworrisomebyproduct?Howdowefostertheenvironmentforthemostpositivebyproduct?

Q1results

Q2results

PartIII:Preliminaryfindings

#RSAC

OverarchingObservations

19

AnationalizeddiscussionDisillusionmentwithcybernormsKeepingholdoftheupside

#RSAC

Re-FramingtheLandscape

20

1. The‘goldenmean’oflight-touchregulationandpermission-lessinnovationwillnotendure,becauseitisnotaneffectiveroutetoimproveddigitalsecurity

2. Digitalgeopoliticsisnotsimplyanotherlayeronconventionalgeopolitics.Alliances,traderelationships,andwarsmaybere-configuredarounddigitalasaprimarydriver.

3. Digitally-inducedjobdisplacementandinequalityismorethanastressor.Itissettobeadriveroffundamentalbreakdowninmarketsandstates,andcouldbeaprimarycauseoftransnationalre-alignments.

4. Platformfirmsaredifferent.Theycan’tcontinuetofree-rideonsocialorder,andnotjustbecauseofmarketpower.It’salsoanissueofmanagingtruthanddiscourse.Competitionpolicyandcybersecuritypolicyareconverging.

5. Thegreatestsecuritychallengesarenotaboutprotectingnetworksanddatafrom(sovereignandcriminal)thieves.Itisaboutprotectionfrommanipulation— themaintenanceofdataintegrityandtrust.

PartIV:Applicationsoftoday’spresentation

#RSAC

HowtoapplyCybersecurity2025:Whenyouleavetoday

22

Gointothewebsite(www.cyberfutures2025.org),watchthebonusvideoandengagewiththetool– Providesuswithdata– Providesyouwithsometimetothinkstrategically

Readthereport

Encourageyourcolleaguesinothersessionstogotothewebsiteandengagewiththetool– Themoredatathebetter!

#RSAC

HowtoapplyCybersecurity2025:Inthenext3months

23

HoldafuturessessionwithyourleadershipShowthemthevideos(www.cyberfutures2025.org)andpresentthereportfindingsProvidetheshortreportwewillgeneratewiththedatathatcomesfromthissession(helpssetpriorities)Engageindiscussionaimedat:– Preventingthoseoutcomesthataremostdetrimentaltoyourbusiness– Investinginthoseoutcomesthatprovidethebestenvironmentwithinwhichyourbusinesscansucceed