Welcome to 2020, network defenders!

With the arrival of the new year comes the inevitable surfeit of predictions for 2020. As noted in many journals and articles, we humans are notoriously poor at making accurate predictions. The nature of complex systems coupled with our tendency to break problems into component parts makes it all but inevitable that most of our predictions will fail to materialize. As Calvin Coolidge noted, “If you see ten troubles coming down the road, you can be sure that nine will run into the ditch before they reach you.” With that in mind, I will endeavor to make some predictions that I feel certain will come true.

First, we will overcome challenges we’ve not yet foreseen. The amazing, almost fantastic, history of human civilization is that of overcoming shockingly bad situations. Civilization survived global pandemics and eras of almost non-stop war, sometimes combined as in World War I and the Influenza pandemic. We can survive the next network-borne tempest, as so many network defenders do on a routine basis. Remember when multi-gigabit DDoS was going to be the end of the Internet? Such attacks continue today, and have been largely mitigated by the innovations and efforts of the doughty and unknown network defenders. Those same folks will continue to man the ramparts, unheralded and unbowed.

Second, we will – with the benefit of hindsight – realize that some of what we found most horrifying in 2020 wasn’t so very bad after all. Conficker remains my favorite example: A spam platform gone horribly awry and maintained by the perps, because it kept so many network defenders almost exclusively focused on it for a time. I’ve seen a growing number of folks caution against rash judgments while seeking data and confirmation; I hope that we continue this trend, and I think we will. Hype will be ever with us. If there is a top target against which we must guard in 2020, it is hype.

Third, privacy discourse will continue, and it will result in changes. We’ve seen trends such as the move to encryption and GDPR as a result of those discussions. We can combine this point with my two points above: There is angst around DNS-over-HTTPS (DOH), for example, due to the loss of visibility for network defenders. Yet we managed in the times before passive DNS, and we will find other methods by which to detect bad folk and bad traffic. We’re an innovative lot, and the tools change with the times; I doubt many of us have an adze in our small, household toolboxes these days.

What is my hope for 2020? Continued great collaboration and teamwork! There are many collaborative forums and gatherings, and they are all key to our successes. Our own Underground Economy conference and Regional Internet Security Events are examples of places we can gather together, share problems, and co-develop answers. The bad folk collaborate across space and ideology; we must continue to do the same. This is a team sport.

I hope you and yours have a successful 2020 full of blessings and growth!

Be well,

Rabbi Rob.