Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

10:00 AM
Pieter Danhieux
Pieter Danhieux
Connect Directly
E-Mail vvv

2021 Cybersecurity Predictions: The Intergalactic Battle Begins

There's much in store for the future of cybersecurity, and the most interesting things aren't happening on Earth.

This column was written with Matias Madou, Chief Technology Officer and Co-Founder of Secure Code Warrior.

Cybersecurity predictions are something of a tradition in the security industry, as we look toward the year to come and see what may lie ahead in a field that changes counstantly. Sometimes we're right, and sometimes a once-in-a-generation pandemic comes along and challenges us in ways we could never have expected.

Related Content:

The Race to Hack a Satellite at DEF CON

The Changing Face of Threat Intelligence

Criminals Could Be Coming After Your Coffee

Let's not focus on that, however. This is about 2021, and while we will take some of 2020's adaptations with us, there's a whole lot in store for the future of cybersecurity, and the most interesting things aren't even happening here on Earth.

That's right, we're predicting that 2021 is the year we take a new kind of space race into the mainstream: Keeping our galaxy safe from cyber threats.

NASA Already Employs Cybersecurity People Who Work Outside the Earth
It's should be no shock that NASA employs many security experts, as well as engineers with a deep focus on fortifying NASA's software and operations to withstand the most powerful of cyberattacks.

But what might surprise is the fact that NASA employs a senior satellite engineer — 28-year-old Kenneth F. Harris II — to protect and defend satellites in orbit. Far from an automated process, Harris is a real-life Superman who stands (metaphorically) between NASA's satellites and the numerous deliberate attempts to physically attack them, in addition to helping mitigate the risk of potential cyber threats that could come from anywhere on Earth.

What's at stake if a nation's satellites are damaged? A deliberate collision, or bad actor managing to leverage a software vulnerability could potentially disrupt GPS networks, weather warnings and forecasts, and the communications systems we take for granted every day.

It's a threat that might literally be out of our orbit, but we're confident that security people focused on space asset protection will be a niche area that experiences big demand going forward.

Governments Are Assembling Space Forces, and They're Going to Need Security Experts
In December 2019, the US government introduced a new branch of its military operations — this time, in space. America's Space Force is a technology-centric department with a focus on preserving space as a "global commons," according to US Secretary of Defense Mark Esper: "It's important not just to our security, but to our commerce, our way of life, our understanding of the planet, weather, you name it. So, it's very important that … we now treat it that way and make sure that we're prepared to defend ourselves and preserve space," he said.

In October 2020, it was reported that as many as 130 cyber experts from the US Air Force would be redeployed to the Space Force ranks, with Maj. Gen. Kimberly Crider, Space Force chief technology and innovation officer, identifying space as "the next front of the cyber conflict."

While the USA may have been one of the frontrunners in assembling a Space Force, at a time where it might seem a little over the top and more like a comic book plot than a serious department, space cyber warfare is already a risk area, and it goes without saying that most countries will eventually follow suit with programs of their own.

Tesla Has Already Put a Car in Space While Computers Drive on Our Roads
In 2018, Elon Musk sent a self-driving Tesla vehicle into space. By October 2020, the car piloted by a spacesuit-clad mannequin nicknamed "Starman" has clocked 1.3 billion miles, and has now cruised past Mars.

While this situation isn't a cybersecurity issue, it is curious that we've got a car doing an infinite intergalactic version of a NASCAR race, while our roads here on Earth are slowly, but surely, being populated with cars driven by computers. Anything powered by software carries at least some element of cyber-risk, and automotive software has been compromised before, with the outcome signaling the potential for catastrophe. Tesla has already been tested several times by security researchers, with one exploit resulting in the autonomous, involuntary acceleration of the vehicle from 35 to 85 miles per hour. Yikes! Still, Tesla's comprehensive security programs set a high standard for the industry in terms of testing and compliance.

Autonomous vehicles are the future of our personal travel, but all eyes will be on the software security aspect of their build as more players than the likes of Tesla enter the market, and it's likely we will see this market explode from 2021.

So Much Advancement, Yet We're Still Forgetting the Human Factor
Despite the inherent risks of brand-new tech, we are certainly in a very exciting time. Most industries are innovating with cutting-edge use of software, and we can't wait to see what's next.

However, it seems that the cybersecurity industry as a whole is a little stuck. Everywhere we turn, the most common advice for organizations that want to build more secure software is to keep buying tools, automated scanners, and other solutions that are essentially leaving it all up to robots to solve our security problems. Huge data breaches every other day prove that this approach needs a serious upgrade, and that we aren't utilizing all the options at our disposal.

Gartner's "Hype Cycle for Application Security 2020" report details a wide array of the latest security solutions, in fact, it's hard to think of a technology solution it hasn't outlined as a viable option for secure application development. It seems comprehensive, and it seems like good advice. Sadly, though, there isn't one mention of the human factor at play in secure application development, nor the immensely beneficial role that trained, security-aware developers can play in reducing common software vulnerabilities. It is by far the most economical solution for recurring software bugs, and one which would free up tools and security experts to work out the more complex problems.

Perhaps we need to end with a question, rather than a prediction. Will 2021 be the year that industry analysts keep humans front-of-mind in the race to ramp up secure software development?

Pieter Danhieux is a globally recognised security expert, with over 12 years experience as a security consultant and 8 years as a Principal Instructor for SANS teaching offensive techniques on how to target and assess organisations, systems and individuals for security ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Take me to your BISO 
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-10
JPA Server in HAPI FHIR before 5.4.0 allows a user to deny service (e.g., disable access to the database after the attack stops) via history requests. This occurs because of a SELECT COUNT statement that requires a full index scan, with an accompanying large amount of server resources if there are m...
PUBLISHED: 2021-05-10
Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php".
PUBLISHED: 2021-05-10
An exploitable SQL injection vulnerability exists in ‘manageServiceStocks.jsp’ page of OpenClinic GA 5.173.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
PUBLISHED: 2021-05-10
An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
PUBLISHED: 2021-05-10
OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec. Using `File.createTempFile` in JDK will result in creating and using insecure temporary files that can leave application and system data vu...