The In Information Disruption In Industry ry and the Operational Environment of f the Future By Vincent H. O’Neil
Outline • Executive Summary • Introduction • The Expanding Information Disruption Industry • Ramifications for the Operational Environment • What to Do — First Steps • Summary
Executive Summary ry Use of everyday technology to collect personal data is increasing, and as these efforts become more intrusive, popular resentment is likely to grow. If that irritation reaches a tipping point, existing privacy protection services will expand enormously — creating an Information Disruption Industry (IDI) dedicated to thwarting the collection, storage, and sale of personal data. The expanded IDI’s efforts will do direct and indirect damage to a wide range of systems — even systems unrelated to personal data collection. This likely scenario has the potential to seriously impact the information landscape in 2035, if not sooner.
Collection of f Personal Data People are already concerned about this collection: • Mentioning a product in an electronic communication often causes the appearance of online ads about that product • Cases such as the Cambridge Analytica scandal show large- scale collection of personal data goes on without public consent • News stories and/or personal notifications about corporate data breaches feed the belief that no collected information is safe
Popular Resentment Resentment: Bitter indignation at being treated unfairly The targets of the data collection dislike the invasion of their privacy already. That feeling is multiplied by the realization: • They’re paying for the devices (phones and cars) commonly used to track their behavior, habits, and movements • The tracking and collection is often concealed from them • Their personal devices could potentially be accessed as part of legal proceedings
The Tip ipping Point Public opinion could be shifted to outright resistance by news stories showing data collection can cause actual harm: • Domestic violence victims hiding from their tormentors who were uncovered by technological tracking • Conviction of innocent people through the use of circumstantial evidence gained through personal data collection • Social media analysis by employers and/or universities that rejected qualified candidates
Expansion of f th the Dis isruption In Industry Entities offering services designed to thwart the collection and sharing of personal data already exist. Once people see data collection and technological tracking as a real threat, they’ll pay to protect themselves. That funding will generate the expanded IDI. The IDI’s techniques will range from stealthy alteration of data to the crashing of entire systems. Brute force & Skill & ignorance daring PRECISION
Precise Dis isruption • Target specific information as directed by the client (movements, purchases, personal communications) • Leave other information intact (high credit score, records of education & employment) • Key goal is to do this without detection • Attracts staff from the collection industry — better pay and more socially acceptable • Will still do damage to systems: • Disruption of normal system functions • Unintended consequences • Numerous, uncoordinated actors
Im Imprecise Dis isruption • Monkey wrench-in-the-gears approach • Low-end, low-margin business • Not concerned with stealth • May crash entire systems • Cover for hackers — identifying a Trojan Horse is difficult when it arrives in the middle of a stampede • May give a significant boost to privacy protection overall: • Cast doubt on the reliability of collection efforts • Reduce the value of purchased data
Le Legal Acceptance • Numerous court cases (lawsuits and criminal actions) are likely to arise from this conflict • Supreme Court rulings that connect the IDI — or its clients — with the defense of individual rights will make the IDI even more socially acceptable and give it legal protection • Even if the collectors pledge to stop gathering personal information, the public is unlikely to believe it • The more precise operators could also offer a service where they monitor clients’ personal information and repair it when it’s damaged by the IDI
Continuous and Wid idespread Dis isruption The IDI will attack the collection, storage, and dissemination of personal data at every level and at every step in those processes. This will create a kaleidoscopic information landscape populated with data that requires frequent verification and systems that malfunction randomly. All of this will generate second-order effects that will be as harmful as they are unpredictable.
Second-Order Effects The increasingly interconnected nature of the technological world will magnify the impact of any disruptions and generate problems in unexpected areas. Hooking everything from household appliances to hospital information systems to the internet creates a myriad of opportunities for intentional — and unintentional — disruption.
Second-Order Effects - Example Tracking technology that utilizes the GPS system will be a particularly important target for the IDI. Disrupters seeking to prevent the collection of information regarding a client’s movements could attack the system itself or leverage systems that connect to it. The argument that barriers are in place to prevent this is not sufficient, because the tech is constantly changing. Seemingly minor adjustments to code, hardware, and protocols can create unexpected vulnerabilities.
Ramif ific ications for the Operational l Envir ironment The expanded IDI has the potential to seriously impact the operational environment in 2035 — if not sooner. Most US military technology is created by civilian businesses, and modified versions can be sold in non-military markets. That intersection alone has the potential to render many military systems vulnerable. Former military personnel will also join the ranks of disrupter organizations, bringing valuable knowledge about the setup, operation, and weaknesses of those systems. Additionally, the confused nature of the information landscape will assist actual enemy actors in their attempts to attack government and military systems.
Non-Military ry Targets These attacks won’t necessarily need to be directed at military targets: Disruptions of civilian communication systems will have a negative impact on deployed troops who have gotten used to being able to contact their loved ones. Other disruptions such as compromised credit scores and frozen bank accounts cannot help but distract deployed soldiers from their missions and focus their attention back home.
GPS Dis isruption Revisiting the previous example regarding the GPS system, any disruption of satellite location functionality could have enormous consequences for the operational environment. Lost units, misdirected supplies, and errant ordnance are just a few of the potential ramifications. No matter how advanced the technology becomes, it’s only going to be as accurate as the information it uses and as secure as the other systems it accesses.
Support Systems Use of civilian technology for maintenance and logistical functions leaves these vital areas open to the effects of any disruptions that occur in those systems worldwide. Patches and updates for these products are usually mandatory and, while they may be designed to address a problem or shortcoming in the existing system, they could also carry code or information from disrupter organizations.
What to Do — First Steps Operating in this future environment calls for a broad approach designed to prepare for and manage the wide- ranging impact of the expanded IDI. A supervisory authority should be tasked to direct this effort, and every level of the national defense apparatus has a role.
Verify fy th the Data Establish a mechanism to continuously verify information and generate alerts: The national defense apparatus uses many technological systems, frequently with overlapping capabilities. That overlap could be leveraged to verify information used across these systems and provide warning when data is inaccurate or a function has been disrupted. The systems don’t need to interface to create these verification capabilities — on the contrary, connection would make them vulnerable to the same threats. As an example, this mechanism could provide ongoing checks that geographical location A is actually situated at geographical location A — and raise a red flag when one system says it is not.
Ask, “What If?” Conduct wargaming at all levels: The operational environment includes a multitude of systems that could be impacted by the IDI. The supervisory authority mentioned earlier should require the owners/operators of each system to identify every system that connects to it and every entity that uses it. Each of those systems and entities will undergo similar analysis, creating a continuously updated nodal diagram showing how these separate factors influence each other. That will be the start point for wargaming the possible results of disruptions anywhere across those nodes.
Recommend
More recommend