Could Virgin Galactic’s IPO indicate an interstellar step change for cyber security?

The largely unknown but somewhat predictable future of cyber threats is both fascinating and terrifying perhaps in equal measure. With Industry 4.0 on the horizon and all the new technology that's going to come with it, a brand new state of affairs is likely to greet cyber security practitioners.

There's technology emerging right now that will eventually lend its hand to the dark side of cyber; deepfake technology may well join ransomware campaigns and 5G is still scaring the pants off networking professionals. Ten years down the line, however, we can indeed expect previously fantastical ideas of cyber security threats to become reality. With Virgin Galactic planning its first trips to the surface of space next year, you can bet good money that hackers are also going to want to head to the stratosphere and beyond. So, what do the next ten years of cyber security really look like?

The space tourism opportunity

Cyber attacks will soon expand their targets to include systems located in space and the increasingly automated maritime sector, according to a according to Tony Cole, (ISC)2 board member and cyber security expert.

Virgin Galactic's recent landmark IPO may have roused the interest of every stockbroker across the pond, but it could indicate a step change in the cyber security landscape, particularly where hackers direct their nefarious attentions in years to come.

"Ten years from now, we may have somebody on Mars," said Cole to IT Pro, and thanks to the low Earth orbit technology being pioneered by Virgin Galactic, internet services are going to be beamed to those who take part in space tourism. Where there's internet, there's the possibility to hack something.

Thinking further in the future, "somebody may be FaceTiming their kids and live streaming to YouTube from Mars," said Cole. NASA TV already broadcasts numerous livestreams and interviews from the International Space Station back to Earth via the internet, so Cole thinks "we're going to see a lot of expansion in that area". He added that he thought the main opportunity for space-based cyber attacks involves disruption of services.

However, as we start to send more humans space-bound with new technology, other innovations arise to accompany it. Laser-based quantum communication, which is inherently secure, has been proven possible for years now and it's one area of research which could aim to prevent nefarious hackers from intercepting, altering or deleting data transmitted from Earth to space.

For now, speculating about the possibility of space-based cyber attacks is just that speculation. There's too much left to learn about what that world will look like to make any accurate predictions, but it's undeniably a logical next-step for hackers looking to make their CV stand out from the crowd.

Less 'up in the air'

We can better predict other methods of cyber attacks that will proliferate over the coming years and one area of concern is the maritime sector, which is digitising at a rapid rate, such as the addition of sensors to shipping containers. As the digitisation process matures, it will naturally invite unwanted attention from hackers.

"You're going to see the impact in maritime where we have crews that are much, much smaller because almost everything's going to be automated, all the containers are going to be centralised that's going to be very, very interesting," said Cole.

"Going to back to the space piece, you're going to have blanket satellites around the globe that are also able to track other ships ... then you're going to see jamming for some of these satellites, potentially." Hacking ships, the containers they carry and the databases that control where they go can result in sabotaged shipments, resulting in the downfall in the shipping company through reputational damage.

No consensus

Of course, when you ask different experts about the same questions, you're almost definitely going to get different answers, especially when it's guesswork. That's no different here and after speaking to such experts recently, IT Pro has predictably received different responses.

One of the more compelling answers relates to AI-driven malware and AI-driven defences, technology that's still far away from widespread deployment, but one of the more likely answers to the question.

For example, British universities are currently testing the idea of creating an AI that can think differently to human hackers and find new exploits in systems using methods that wouldn't come naturally to the way we think about things.

At the moment, AI-driven attacks and defences are embryonic and experimental at best "just have a conversation with Alexa, Siri or Google and [you'll see] it's not that advanced yet [and] there are billions poured in just those three," said Cole.

He also said that it's possible these kinds of attacks are currently only being used by nation-states and are in the early stages of development. But, it's "only a matter of time" before the code starts to leak underground and businesses start to feel to the wrath of malware designed to outfox AI-driven defences.

We also heard earlier this week at (ISC)2 Security Congress that IoT botnets are on the rise and are showing no signs of slowing down. This is partly due to manufacturers competing in races to get new features to market before competitors, usually at the cost of security provisions.

Others even go far as to say that politicians may start commissioning hackers to develop deepfake ransomware to tarnish the reputation of the opposition campaigners. Whatever the future of cyber security looks like, it's probably going to be a lot wilder than it is currently.