Project 2020 is a study launched by the International Cyber Security Protection Alliance (ICSPA) and led by Europol, and in particular it’s European Cybercrime Centre (EC3). Launched in 2012, the project participants include City of London Police, ENISA and experts from the International Information System Security Certification Consortium (ISC) and the International Association of Public Prosecutors.
Project 2020 recently (September 2013) published a white paper on “Scenarios for the Future of Cybercrime”. The report poses interesting questions for cybersecurity stakeholders, and three fascinating future scenarios. The most prominent themes revolved around data, and most notably its management and ownership in a world that will be increasingly networked to the point of human RFID tagging at birth and connected implants for augmented reality. The scenario narrative for the consumer explores the idea of personal data brokerage and identity management, two progressive ideas that may well be the answer to risk management in a big data future. Further, the notion that a consumer may have multiple online identities (for financial statements and bills) tied to different facets of that individual’s life (business, hobby, social) could enable the distribution of risk.
Another scenario was that of a business enterprise, and the new approaches to data protection with heavy liability being imposed on the organization. The idea is put forward of cyber insurance becoming a compulsory requirement. Most interestingly, a “Universal Security Score” system is envisaged that would assess the trustworthiness of organizations and individual citizens on a combination of factors: the number of scams to which they have fallen victim, the extent to which they propagated malware or how they securely they store personal or customer data. Similarly to how car insurance or credit rating works, premiums for cyber insurance could be calculated on such a score. This idea of digital hygiene is one that we are undoubtedly moving towards, at least initially in terms of reputation. Some of the notions presented in the report seem fantastic, yet they offer a troubling sensation of reality.
The important questions raised by the paper are very much relevant today, whether the scenarios are fully realized by 2020 or not. Individuals, corporations and governments alike should be actively discussing the following issues: the compromise of connected people and intelligent machines, the management of risk, the governance of internet resources, the attribution of liability, and the elaboration of adequate security standards.
The Europol EC3 / ICSPA paper can be read here.