This article was published in 2018 in the 5th issue (page 13) of Arkakapı (Backdoor) magazine in Turkish. You are now reading the English translation of that.
In the world of technology, everything changes every five years. So predicting the distant future may seem impossible. But in cybersecurity, we can see a clear reflection of events humanity has experienced throughout history.
In ancient times, without security cameras or forensic science, it was very hard to identify criminals. By the 1800s, forensic methods had improved, and detective work became a common profession. Today, identifying criminals is much easier.
Based on this reflection, the cybersecurity world of 2018 is similar to the physical world of the 1800s. If we look at what happened after the 1800s, we can use it to predict how cybersecurity may change in the next 30 to 40 years with a bit of imagination.
In this article, I will discuss three main events that I expect to happen around 2030, 2040, and 2050.
In the early 2000s, web and internet technologies were just beginning to spread around the world. At that time, people did not pay much attention to security. Adventure movies from that period often included hacker themes, but the damage hackers could cause in daily life still seemed like science fiction.
As the years passed, technology became part of every aspect of daily life. As a result, security turned into a critical issue. However, there is still a major shortage of security professionals. Because of this, organizations that make future predictions believe the demand for security experts will continue to grow as digitalization increases.
This reminds me of elevator operators.
When elevators were first invented, they needed a human operator to run them. At that time, someone might have thought that as elevators spread around the world, the demand for operators would also increase. However, when electronic button systems were introduced, operators were no longer needed. An entire profession disappeared.
From the 2000s to today, the security industry has changed a lot. As security became more important, defensive technologies improved too. Companies and governments started investing heavily to protect their assets. Researchers also worked to find and fix vulnerabilities in open-source software.
If we compare 2008 to 2018, we can say that global security improved a lot.
So where will it go next?
In my article “Overlooked Details in the Push for National Cybersecurity Software”, I listed the stages of security software as follows:
The early stage (...–2001)
The usability stage (2001–2009)
The maturity stage (2009–...)
The artificial intelligence stage (...–...)
We do not know exactly when we will move from today’s maturity stage to the artificial intelligence stage. However, there are clear signs that the industry is moving in this direction.
For example, defensive security tools like IDS and SIEM are close to working without human support. On the offensive side, development is still at an early stage. But we can already see AI-powered hacking tools emerging.
Today, these tools are mostly experimental. In the future, they will become more stable and more affordable. They may cost less than a human employee and work more efficiently.
Based on current trends, I believe we will enter this period by 2030.
So what will happen when that time comes?
A large part of both defensive and offensive security will become automated. Human roles may be limited to supervision and solving problems when they appear. In cyber warfare, governments will likely still need human personnel. However, the private sector will probably prefer automation in this area.
By 2030, mid-level and junior security professionals who have not developed skills in other areas may face unemployment.
It is now a known fact that companies like Facebook and Google track people’s behavior through cookies and other methods. Today, this personal data is mainly used by these companies or sometimes by the US government. But I believe this may change in the future.
One of the main reasons cybercrime cannot be fully stopped is that criminals’ real identities are hard to find. User profiles owned by companies like Google can sometimes help identify criminals, but they are not a complete solution. Services like TOR also allow people to hide their real IP addresses.
TOR and other VPN services continue to work because the internet is open to everyone. For example, a person living in Indonesia can access turkiye.gov.tr. If they discover a security weakness, they may be able to hack the site.
The administrators of turkiye.gov.tr may think, “Someone living in Indonesia does not need to access this website.” They may decide to block that country. They might even block all countries except Turkey. But then how will Turkish citizens living abroad access the site?
Blocking countries cannot be a permanent solution. In my opinion, a more lasting solution in the future could be a virtual passport system.
Now imagine a company called “Evilcorp.” Its goal is to stop cybercrime by making it impossible for people to browse the internet anonymously.
People can buy Evilcorp’s product, an “electronic passport,” by using their real identity information. After receiving this electronic passport, its details will be included in every internet request they make.
Websites connected to Evilcorp will be able to check visitors’ virtual passports. For example, they may fully block citizens of certain countries. However, they might allow access to specific people from those countries, such as students or academics.
The major cloud companies of that time may also partner with Evilcorp. As a result, it may become impossible to access much of the internet without a virtual passport.
Throughout history, humanity has faced many types of crime and criminal groups. At the same time, it has developed ways to fight them. Piracy is one example.
The history of piracy began in the 14th century BC and continued until the 1800s. In many cultures, hackers are compared to pirates. For example, the Turkish Language Association translates “hacker” as “computer pirate/corsair”
This comparison makes sense. We can think of the internet as the ocean, computers as ships, and hackers as pirates.
So how did this centuries-old tradition of piracy end in the 1800s? From what I have read, two factors were important.
First, the British navy greatly increased its patrols at sea. These patrols were also more powerful than the pirate ships.
Second, governments closed the ports where pirates traded. When their sources of income were cut off and pressure increased, pirates had to abandon this ancient criminal activity. Piracy, once believed to be endless, became history.
Of course, money is not the only motivation for hackers. So even if their income sources are cut off like those of pirates, hacking will not completely disappear.
Still, there are two main reasons why hacking may come to an end in the future.
The first is the virtual passports discussed in the previous section. With these passports, every internet user’s actions will be recorded. As a result, hacking will become a crime that requires great courage.
Today, it is very difficult to kill someone and avoid being caught. In the future, hacking will be just as difficult.
When we look at the period from the 2000s to today, we see that defensive security technologies have become much stronger. This trend will probably continue. In the future, breaking into a system may be possible only for very powerful actors.
As a result, hacking may be limited to military and intelligence operations. Individual hacking could become history.
Hacker culture will probably not disappear quickly. However, if these activities no longer affect individuals, it will be hard for this culture to survive for long.
Two hundred years from now, historians may describe hackers as people who were active between 1980 and 2050. Young people of that future era may attend costume parties wearing black hoodies with hacker symbols.