Cybersecurity

Tech Strides, Tech Worries and Tech Visions: ECT News Roundtable, Episode 1

If you’re turned off by the mere thought of talking heads vying to speak the loudest or the longest in a TV “discussion” of some pressing issue of the day, read on for a refreshing dose of sanity.

ECT News Network recruited five smart people with plenty to say about the state of technology, and we gave them plenty of time to say it: three rounds of exchanges spanning three weeks. Although our virtual roundtable participants never occupied the same space during their long conversation, each was privy to everything said by the others, save their final comments.

The result is a far-ranging intercourse touching upon the most critical technology-related issues facing individuals, small businesses, enterprises and governments at the dawn of this new decade. In this first installment, our panel discusses the most important technology advances of 2019, the most worrisome tech developments in the past year, and the emerging technologies most likely to wow us in the year to come.

On deck are Laura DiDio, principal at ITIC; Rob Enderle, principal analyst at the Enderle Group; Ed Moyle, partner at SecurityCurve; Denis Pombriant, managing principal at the Beagle Research Group; and Jonathan Terrasi, a tech journalist who focuses on computer security, encryption, open source, politics and current affairs.

WHAT TECH GOT RIGHT IN 2019

The areas of tech advancement that stood out most in 2019, according to our panel, were robotics, artificial intelligence, sustainability, commoditization and quantum computing.

Robot Learning

“The advances in robotics are really astounding,” said Laura DiDio.

“It’s tough to pick just one thing, but if I had to, I’d say it’s that robotics are now becoming capable of much more physical dexterity. They are learning to manipulate objects independently through virtual trial and error,” she said.

“A San Francisco nonprofit organization, OpenAI, has a robot named ‘Dactyl’ that learned to flip a toy building block in its fingers. It sounds simplistic but it’s a giant leap forward for robotic dexterity,” DiDio noted.

“Dactyl uses ‘reinforcement learning’ combined with neural-network software and teaches itself how to hold and turn the toy block in a simulated environment before its hand makes the actual attempt. The software experiments keep trying and then strengthen their neural connections within the network over time until they reach their goal. I think the implications are huge,” she said.

Rob Enderle agreed with DiDio’s assessment, “particularly if you take into account the developments in military robotics like those created by Boston Dynamics.”

He struck a cautionary note, however. “I remain concerned that the drift to military robotics may put the race at risk — particularly if you take into account the robotic weapons being demonstrated by Russia. They look way too much like Terminator for my comfort level.”

On the bright side, “autonomous cars are also intelligent robots, which could save thousands of lives currently lost in traffic accidents,” Enderle pointed out.

AI in the Real World

“I am amazed at the progress we’ve been making in artificial intelligence, machine learning, machine intelligence and related things,” commented Denis Pombriant.

“Many add great value to the Internet of Things,” he added.

IBM’s Watson captures data and uses it to make predictions “that have significant top and bottom line results for major enterprises,” noted Pombriant.

In addition to technological leaps, there have been cultural advances with respect to artificial intelligence, noted Jonathan Terrasi.

“There is now a little more emphasis on addressing the ethics of AI development,” he observed.

“Those — especially nonprofits — charged with advocating in the public interest are really starting to inject the insistence on community input on AI ethics into public consciousness,” Terrasi noted. “I wouldn’t say this is a mainstream concern yet, but the fact that it’s being talked about at all is good start.”

Can Tech Be a Planetary Superhero?

“Technology is a big field and we only tend to focus on computers and software, but that end of technology is aging and commoditizing, and it no longer leads the way it once did,” observed Pombriant.

“Sustainability tech like electric vehicles, renewable energy and carbon absorption have more upside, and will offer greater investment and job creation opportunities going forward,” he said.

The most important positive technology advance of 2019 was “the more aggressive focus on sustainability by the major players,” according to Enderle. “They are now effectively competing and cooperating with each other to see who can use the most discarded plastics, and to design platforms that lend themselves to recycling. In their latest reports — Cisco’s is a good example — they are progressing strongly on renewable energy sources. Even Apple is becoming aggressive here.”

Yet “the solutions to the climate problem are essentially low tech, and all of what we need to fix the problem already exists. There’s no major R&D to be done,” Pombriant pointed out.

Data Here, There and Everywhere

Tech advances in 2019 were “mostly evolutionary and not revolutionary,” in Pombriant’s view.

“We didn’t see something like an iPhone come on the market, but we saw a lot of introductions of additional functionality in established whiz-bang products. That’s where we are, and it boils down to being late in the tech wave that began in the early 1970s by my reckoning,” he said. “We are in the commoditization and economization part of the wave, which happens just before another economic wave started by disruptive innovation takes off.”

Pombriant’s observations about commoditization sparked Ed Moyle’s interest.

Ed Moyle, Security Advisor

“What would further commoditization of computation and networking look like? Smart objects? Smart packaging? Smart ‘disposable’ items?” Moyle wondered.

“Use cases that seem frivolous and extravagant to us now might be commonplace,” he said.

“In particular, I wonder about commoditization of storage,” Moyle continued. “What happens when everything in the world is a potential storage repository for data? Does that lead to a decentralization of storage like it did with the transition from mainframe to distributed computing?”

Problem-Solving Might

In the long term, it will be clear that the most significant advances from last year were in quantum computing, Moyle predicted.

It’s “a big deal. When it works and gets more sophisticated, it’ll revolutionize communications, as well as solve problems that are currently computationally infeasible. That’s over the very long term, though,” he said.

“We are still at least five years out from a practical quantum computer, according to IBM,” said Enderle. “We need about five times the qubits we have in test, and each additional qubit isn’t linear but more like logarithmic.”

However, when quantum computing arrives, it “will transform the industry massively,” he acknowledged.

“I agree that in the long term, this will be seen as the year that opened the door to viable quantum computing applications in the real world,” said Terrasi.

“Correspondingly, I predict that next year will be a big one for the post-quantum cryptography community — now that quantum computers have planted a foot firmly in reality, the threat to encryption is no longer theoretical,” he added.

“Cryptographers have been working on post-quantum crypto for a while. In fact, there was a talk at DEF CON this year about creating hybrid ciphers which use a traditional cipher as well as a post-quantum cipher so that communications were safe from any and all cryptanalysis,” Terrasi noted.

Jonathan Terrasi, Tech Journalist

“Now cryptographers have an added incentive to step up their work — or, more accurately, foster greater refinement and incorporation of their existing work — so that 2020 will be the year that crypto was made safe from quantum in actual practice,” he said.

“I’ll hold with my position that while quantum computing will be massively disruptive in ways we don’t yet comprehend, we are still years out from a functional quantum computer,” Enderle reiterated, although “Intel just had a major design breakthrough that should accelerate this.”

WHAT KEPT TECH WATCHERS AWAKE AT NIGHT IN 2019

There were plenty of triggers for high anxiety, if not panic attacks, in the tech industry last year. Chief among those that disturbed our roundtable participants were cybersecurity threats, online disinformation, privacy violations, threats to democracy — and quantum computing.

Hackers Gone Wild

There was a huge spike in ransomware and targeted data breach attacks last year, and the trend shows no signs of abating, said DiDio.

She offered a few stats to illustrate:

  • A new organization will fall victim to ransomware every 14 seconds in 2019, and every 11 seconds by 2021. (Source: Cyber Security Ventures)
  • 1.5 million new phishing sites are created every month. (Source: webroot.com)
  • Ransomware attacks have increased over 97 percent in the past two years. (Source: Phishme)
  • A total of 850.97 million ransomware infections were detected by the Ponemon Institute in 2018.

But wait — there’s more.

  • The Mimecast State of Email Security Report 2019, which polled over one thousand businesses from December 2018 to February 2019, found that 94 percent got hit with phishing attacks in the last year; 88 percent experienced email spoofing of business partners or vendors, and 61 percent believed it was likely or inevitable that they would suffer a negative business impact from an email-borne attack.
  • From January through June, there have been more than three dozen major hacks, including at least two more successful penetrations of Facebook, documented byIdentityForce, a personal information and protection services firm. Additionally, many government agencies, healthcare organizations and stock exchanges like Dow Jones, the Alaska Department of Health and Social Services, Managed Health Services of Indiana, Oklahoma Department of Securities and Dunkin Donuts, among others, have been hit in well publicized attacks.

“Technologies like cloud computing, mobility, Bring Your Own Device, the Internet of Things, machine learning, analytics, virtualization and edge computing foster connectivity and communication among various networks and ecosystems,” DiDio noted.

“Unfortunately, the increased level of connectivity also facilitates and accelerates the speed with which the various types of cyberattacks can infiltrate devices and networks,” she added.

“Organizations also have many more entry points into their networks and many more potential vulnerability points to monitor,” DiDio pointed out.

“Given the fact that many companies still persist in practicing security with 20/20 hindsight, I expect security woes will persist throughout 2020 and for the foreseeable future,” she predicted.

“Laura makes a good point here,” said Enderle.

“Malware is not only growing out of control, it is now state funded. Companies — any companies — simply don’t have the level of resources a militarized malware effort can garner. We are currently outmatched,” he continued.

“The U.S.’ goal to network current air-gapped systems used for nuclear power generation will likely result in a catastrophic outcome,” Enderle added.

Madly, Deeply – but Not Truly

In addition to ransomware, hacking and other security threats, DiDio finds the threat of “Deep State Fakes,” aka deepfakes, extremely worrying.

Laura DiDio, High Tech Analyst

Extremely advanced and sophisticated technologies can manipulate and fabricate audio and video to create deepfakes, depicting individuals or groups of people saying and doing things they’ve never actually said or done.

Deepfakes are “being wielded as a weapon by governments and individuals against women via X-rated videos. This includes everything from revenge porn scenarios by ex-boyfriends to governments and special interest groups that seek to discredit professional women, including reporters, lawyers, investigators and politicians,” DiDio noted.

Deepfakes are “made all the more dangerous by the speed and ubiquity of the Internet and social media,” she continued.

“Deep State Fake X-rated audio and videos can go viral, racking up thousands and millions of hits globally within 24 hours. The Deep State Fakes can cause irreparable damage to a group or an individual’s reputation or life,” DiDio said. “Even if and when the content is proved false, it’s difficult to get them taken down. Like much of the information on the Internet, it often lives on seemingly in perpetuity. There is unfortunately, no ‘silver bullet’ or technology fix.”

Moyle offered a different take on the deepfake threat, however.

“There’s a lot of concern about this out there, but I think this is one of those places where the practicality of an attack — and expense — relative to the tradeoff makes it less compelling from an attacker point of view, excepting a few very targeted attacks,” he suggested.

“Can you create some really nasty spearphishing examples with a deepfake? Sure — but why invest the time and energy when a BEC (business email compromise) works just as well — arguably better, since you can attack multiple targets at once? Can you impersonate a public figure to move stock prices with a deepfake? Sure — but a hacked Twitter account will do the same thing in a tenth of the time. Just ask the AP,” Moyle said.

“I think deepfake stuff is mostly hype. A practical attack using this isn’t as easy as it looks. Detection methods can repudiate most deepfake videos,” he pointed out.

Deepfakery is “not needed to attack an authN system (e.g. biometrics),” Moyle continued. “The one use case that does work well is in politics — for example, getting people to think a politician said something they didn’t (the ‘fake news’ use case.) But is that a deepfake issue or a bigger problem? I think the latter.”

Still, remedies are available to thwart deepfakes to an extent, and DiDio favors multipronged initiatives toward that end.

“These include things like closing legal loopholes in existing laws; enacting, new, tougher legislation; raising awareness; educating corporations and end users to the dangers of the Deep State Fake; and installing the appropriate security and software packages to identify and thwart hacks,” she said.

“I think that Laura is more or less on the mark about the injuriousness of deep fakes,” Terrasi chimed in, “and suffering the consequences of this technology may be the galvanizing jolt that people need to take privacy more seriously.”

The End of Privacy?

Though none of our panel members appeared sanguine about the state of privacy, opinions ran the gamut from deep concern to equanimity to a virtual shrug.

“Yeah, it seems we’re all in agreement that privacy did not fare too well this year. This is especially disheartening because I think privacy advocates really hoped that protections would incrementally accumulate as the lessons from the Snowden disclosures slowly sank in,” Terrasi observed.

“However, we find that just the opposite has happened: As time marched on, those lessons faded from the public consciousness. More consequentially, the desire for privacy has in practice been eclipsed by an embrace of pragmatism and a more deep-seated desire for security — or, at least, perceived security,” he continued.

“We owe it to ourselves to cajole legislators to catch digital communication regulation up to the realities of the 21st century, but we cannot wait for that to happen. At the end of the day, people need to be more judicious about the information they reveal about themselves — or the communication channels by which they reveal it — to private entities like social networks, if they don’t want that information to be used for nefarious ends,” Terrasi urged.

“The thing is, though, that I’m not sure privacy is any worse than it was five years ago — just maybe people are waking up to it now? Ultimately, this might be a good sign,” Moyle suggested.

“Historically, there have been numerous privacy legislation attempts that didn’t make it into law in the U.S. — for example, the recent CONSENT Act. People have tended to vote with their dollars, and frankly just ‘voted’ on the side of not wanting privacy regulation — I think in large part because of not realizing the potential for misuse,” he pointed out.

“There won’t be any appetite for privacy regulation until there’s a major problem that drives the issue. Can there be privacy without regulation? I don’t think so. Self-regulation hasn’t worked very well, and there’s little transparency on the part of tech companies for customers to make an informed decision. Individuals who are aware of companies’ practices can choose to ‘opt out’ — for example, I deleted my Facebook account a while back — but I think that’s the exception,” Moyle said.

Enderle’s assessment was blunt.

“I’m not as concerned about privacy, largely because that horse has left the barn and the barn has burned down,” he said.

“It is too late to put the privacy genie back in the bottle, and we should instead be focused on giving people more access to their information and more protections when their identities are stolen or their data is otherwise compromised,” Enderle suggested.

Democracy on Tenterhooks

“The concerns about technology being used to subvert the will of voters and to manipulate populations is probably one of the biggest threats we are likely to see in our lifetimes,” Enderle said.

“Runaway social media and associated tech pose an existential threat to democracy,” agreed Pombriant, who identified “Mark Zuckerberg’s cozying up to Trump” as the most worrisome development in tech in the past year.

“Zuckerberg and others in Silicon Valley are moving to protect their sinecures rather than protecting their users, which is disturbing. It is also a marker of how late we are in the tech economic wave,” he added.

“Some amount of regulation needs to be implemented. I like to make the comparison to the breakup of the old AT&T system in the 1980s. AT&T was just a monopoly, but social media is more insidious. We’ve demonstrated that if we are going to be successful with social we all need some form of sensitivity training as well as remedial work in truth telling,” Pombriant remarked.

The deepfake threat alone “has immediate and far-reaching ramifications across a wide sphere of operations, including interfering and tampering with the upcoming presidential elections,” noted DiDio.

“Social media and its purveyors have me in knots,” said Pombriant. “Something has to be done to make them safe for civilization. Continuing with this sham First Amendment argument and corrosive business model can’t go on.”

Quantum’s Dark Side

Though generally optimistic about quantum computing’s possibilities, panel members also recognized some potentially dire risks. In fact, Moyle identified quantum computing as both the most important positive tech advance of 2019 and the most worrisome development of the year.

“The positive benefits come with a downside — notably the impact on cryptography. There will probably be a rough period of transition when quantum is in a state where it can undermine traditional security approaches and it’s only accessible to governments,” he explained.

“There is clearly a risk with quantum because it could compromise security on a global basis, and if we don’t get quantum encryption first we are screwed. There is clearly a reason to be concerned here as this is a race, and foreign governments could be ahead of our efforts,” Enderle warned.

Terrasi saw some breaks in the clouds, however.

“While the advent of quantum computing will undeniably set off a seismic shift in information security, there is actually more reason for optimism than that fact would lead one to believe,” he suggested.

“There are already viable post-quantum cryptographic algorithms, which depend on calculations that are hard for both classical and quantum computers to solve. Even more encouragingly, the hurdles to broad adoption of these algorithms are more logistical than technical,” Terrasi pointed out.

“These ciphers are more or less mature, and merely require standards ratification and deployment,” he said.

“I agree, there will be a period in which quantum computers will roil legacy crypto that relies on prime number factorization — anyone who has worked information security can tell you just how much damage is done by people not applying patches promptly — but in the long run, quantum computers will herald new strides in cryptography on the whole,” Terrasi maintained.

WHAT YOU’LL LOVE ABOUT TECH IN 2020

While the thought leaders think up solutions to all the big problems, the innovators will be forging ahead with technology advances that promise to delight. Among the tech trends our panel expects to excite the industry in 2020 are the advent of 5G and Wi-Fi 6; strides in artificial intelligence and machine learning; broader adoption of TLS 1.3; electric vehicle advances; and developments in sustainability.

Denis Pombriant, Author, Analyst and Consultant

A New Chapter in Wireless

The emerging technology likely to see the most impressive advances in the year to come is “wireless connectivity due to the rollout of both 5G and Wi-Fi 6 (802.11ax), predicted Enderle.

DiDio shared that opinion.

“Wireless connectivity is set to take another giant step forward with the release of 5G for corporations and consumers alike. The pent-up demand is there and everyone is eagerly awaiting it,” she said.

“There is significant room and need for 5G to develop further in the coming year, so I hope the major stakeholders will work in concert to drive that development,” said Terrasi.

“One of the alarming realizations that spawned from the Snowden disclosures is the extent to which cellular networks are poorly engineered at the protocol level. Even six years on, researchers are still finding major vulnerabilities — such as those in SS7, which can be used to track any device and honors all requests made to it. With 5G, the industry has the chance to correct past mistakes and move forward on better footing,” he suggested.

“If Qualcomm and Cisco are correct, 5G will mostly ramp to critical mass by or in Q4,” said Enderle.

“It is already having an impact on data center placement and major initiatives like Windows Virtual PC. It is also apparently driving Microsoft and Amazon into hardware segments with Amazon’s move to Outposts — their own branded hyperconverged hybrid cloud hardware — which is already disrupting the vendor status quo,” he noted.

Moyle tapped the brakes on 5G enthusiasm, however.

“I’m skeptical about how much progress we’ll make this year specifically versus longer term. It will probably get rolled out from providers and new phones will adopt it, but I think we might be a few years away from the really interesting use case, which is the incorporation of cheap 5G into connected devices and IoT,” he said.

“Wi-Fi 6 is also on the horizon,” noted DiDio.

“The U.S. manufacturers are being pushed hard by global competitors like Huawei and Samsung, to name just two. The market is white-hot and shows no signs of cooling down anytime soon. The vendors have done a terrific job of convincing everyone that we need better bandwidth and faster, more reliable download capabilities,” she explained.

Once again, Moyle offered a tempering view. “I’m not sure how transformative 802.11ax will be this year. It’s faster and reduces congestion, but it strikes me as an incremental improvement.”

AI for Everyone

Moyle pointed to artificial intelligence and machine learning as the most likely tech to impress in the next year.

“The most advances come when a technology reaches a maturity inflection point — after they’re out of the research phase and starting to get broad use. It strikes me that AI is right about to hit this point,” he said.

“I would argue that deep learning and symbolic AI may have a bigger impact, given they are beginning to eclipse ML — but all are AI, and we are just talking semantics. However, the real opportunity is general AI, and that is still over 10 years out,” observed Enderle.

Rob Enderle, Tech Analyst

Stronger, Faster Encryption

Moyle pointed to TLS 1.3 as a technology to watch in the coming year, noting that “it’s pretty tactical.”

“It’s at about 35 percent adoption now, but over the next year will start to become the default. It’s kind of a game-changer when it comes to certain types of monitoring. Any kind of transparent proxy used for snooping on traffic pretty much goes away. So I get it that I’m a security guy so naturally gravitate to security stuff, but I do think this will be pretty transformative, and it’s short term,” he said.

“I completely agree with Ed that TLS 1.3 is a big deal, even if most users won’t appreciate why,” said Terrasi.

“The modern Web is rooted in the belief that all users deserve a safe and worthwhile experience — not just those with technical expertise — and TLS 1.3 will go a long way for Web users,” he added.

“Not only does it retire vulnerable cipher suites and harden the handshake process that kicks off encrypted connections, but it serves as an example for how developers should pursue modern, secure software design. Backward compatibility should generally be eschewed, precisely because it is vulnerable to downgrade attacks,” Terrasi explained.

“Moreover, the latest iteration of TLS raises the bar by illustrating that developers should not back down from an overhaul if that is what best serves the users. How much better would the Web — and all technologies — be if more developers were willing to go to those lengths?” he pondered.

The Electric Road

“Electric vehicles from here on will be important economic drivers, and associated supporting tech like charging stations will make the most interesting gains in the next five to 10 years,” offered Pombriant.

“I disagree, due to a lack of infrastructure for charging, and the problems we have with battery technology,” countered Enderle.

“Stopping battery development for decades was a costly mistake and we are paying for it now. Alternative battery technology looks close, but sadly not next year. It seems to be a moving three-to-five year target, he said.

Sustainability Tech Will Score

“Since we’re doing nothing on carbon absorption, anything we attempt will offer an impressive advance,” maintained Pombriant.

“It’s low-tech though,” he noted.

“Also worth considering is geothermal energy production or taking heat from underground to make electricity,” Pombriant said.

“There are projects under way all over the world. The publicly traded company Calpine runs 13 geothermal generating stations in Sonoma valley, generating 750 MW. This industry is well on its way, and a little publicity will make it pop — providing the ‘impressive advances’ we’re all looking for,” he predicted.

“There are actually three things we need on the sustainability front,” said Pombriant.

First, we need “much more renewable power, which can be done,” he continued.

Second is carbon absorption, “which is also very doable,” according to Pombriant.

“The third component is not strictly technology, though a technology assist is needed,” he said. “It’s a combination of making products more repairable and thus reusable, and an open market for selling and redistributing them.”

Mick Brady is managing editor of ECT News Network.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Mick Brady
More in Cybersecurity

Technewsworld Channels