Microsoft has renewed calls on governments worldwide to harmonize IT security laws, improve risk management and information sharing and develop cybersecurity norms in a major new report designed to help policymakers planning for the next decade.
Cyberspace 2025: Today’s Decisions, Tomorrow’s Terrain, looks ahead to a point in just over a decade’s time where there are 4.7 billion people online, 75% of whom come from emerging economies.
In 2025, Microsoft says, there will be around 50 billion connected devices on the planet, with 80% of internet connections coming from mobile devices and most data either stored in or passing through the cloud.
However, there’ll also be severe strains on a developed world experiencing not only a rapidly ageing population with declining birth rates, but also one producing little more than three million STEM graduates annually – five times fewer than emerging countries.
“The Cyber 2025 Model illustrates that the failure to prepare for these expected demographic shifts, particularly aging populations, can have serious consequences for unprepared countries, including unmanageable public debt increases, high youth unemployment, and social instability,” said Microsoft Security VP Matt Thomlinson.
“It even affects cybersecurity as many more ICT systems are deployed to scale services that countries may lack the technical expertise to manage.”
Redmond is predicting three possible scenarios for 2025.
The first, dubbed “Peak”, is an ideal world in which there is strong collaboration between governments.
The second, “Plateau”, is characterized by more protectionist policies and standards and a focus on compliance over security.
“This results in regular and pervasive data breaches in developed countries, for example, which in turn leads to reactive regulatory attempts to improve data protection,” the report claims.
The third scenario, “Canyon”, is one of deep isolation where governments set out to control ICT systems, fail to protect IP and where cybersecurity policies are “nationalistic”.
“Cyber attacks plague governments that in turn invest resources in offensive cyber technologies, instead of managing risk to support economic growth,” the report says.
To reach the Peak scenario by 2025, Microsoft lays out several major recommendations for policymakers. These include committing to an open, free internet where “consistent and clear” security and privacy guidelines are created for service providers.
It also calls for “a strong emphasis on advancing the discipline of risk management to match the evolving threat landscape of cyberspace” – including better incident response and information sharing across borders.
Harmonization of global ICT laws and standards will help promote “understanding and predictability” and establish a more secure internet.
Microsoft also recommends governments invest more in R&D projects to spur innovation and remove barriers to hiring talent from abroad, in order to fill any STEM graduate gaps.
Finally, the report calls for the development of cybersecurity norms to ensure “stability and security” online.
“Key areas to explore should include confidence-building measures, responses to security incidents, assessment and mitigation of risk to critical ICT infrastructure, management of cyberrisk, supply chain security, protecting core encryption, and trust mechanisms of the Internet,” it concludes.
Microsoft’s vision of the future may be primarily intended for policymakers, but it calls to mind a similar project: 2020 by Trend Micro.
This series of nine web videos took a slightly different angle, dramatizing events in a fictional country at the end of the decade in a bid to spark a debate about how cybercrime might evolve.
The idea was to get everyone from policymakers to IT leaders, researchers and other thought leaders thinking about the potential challenges posed by new technology including wearable tech, the Internet of Things and increasingly pervasive cloud-based services.