While the term is a relatively new one, mankind has, regrettably, been committing “crime” since our origin. One early Homo sapien would strike another on the head and take his piece of meat. As mankind has evolved, so too has our crime, regrettably. Cybercrime, as you are well aware, is rampant—the conk on the head and the purloined piece of meat have been replaced with a few clicks on a keyboard and the theft of data, intellectual property or funds.
Until this point, the two types of crime have remained distinct—one existing in the physical world, the other in the digital realm. Victims of cybercrime might develop a migraine upon learning that they have been hacked, but no welts develop on their heads.
And this might be changing, regrettably.
As the man/machine interface grows—as we increasingly connect ourselves with our computers—the line between “cyber” and “physical” crime muddies.
This concept is a focus of the recent report “Scenarios for the Future of Cybercrime,” which is a component of Project 2020, a joint initiative of the International Cyber Security Protection Alliance and the European Cyber Crime Centre with the aim of anticipating the future of cybercrime to enable governments, businesses and citizens to prepare themselves for the challenges and opportunities of the coming decade.
And there will be plenty of challenges.
“Targets will range from individuals, small and medium-sized enterprises (SMEs) and corporations to critical infrastructure and defence systems, motivations from sheer amusement …to profit to commercial and technological advantage and national security,” reads the report. “Evolved threats to critical infrastructure and human implants will increasingly blur the distinction between cyber and physical attack, resulting in offline destruction and physical injury.”
So how does cybercrime make the jump from 1s and 0s to flesh and bone? Consider hacks against car-to-car communications, resulting in wrecks. Wireless-enabled medical devices, which keep patients alive, could be remotely disabled. Attacks on information infrastructure could prompt riots, resulting in widespread physical damage. And just as surely as engineers are working on enhancements to wearable technology like Google Glass, so too are nefarious parties working on ways to exploit those using the futuristic eyewear.
Big, intimidating bodyguards were the original security professionals. Today, security pros more commonly work with Big Data and intimidating network problems. If the predictions of the Project 2020 report are correct, we may soon see a hybrid profession that overlaps both sets of skills.
Tony Hayes CGEIT, AFCHSE, CHE, FACS, FCPA, FIIA
International President, ISACA and the IT Governance Institute