Trend Micro's cybersecurity futurism initiative, Project 2030, has communicated its findings the way you'd expect: papers, conference talks and other standard forms of industry communication. From that, it's picked up interest from the kinds of standard, cyber futurist industry types who read papers and go to conferences.
But the future of cybersecurity is going to affect more than just the academic-minded amongst the industry. It's going to affect executives and policy makers, all their parents and children and everyone else. That's where "Project 2030: The Web Series" comes in, a narrative fiction work with recognizable actors (like Whit Stillman mainstay Taylor Nichols, recently of "Perry Mason" and "Pen15"). Trend Micro compares the series blend of techno-intrigue and thought exercise to "Black Mirror" — the Netflix series of stand-alone dramas — and hopes this work, based on studied Project 2030 predictions, will get everyone thinking about the future.
Project 2030 is in its second iteration, following Project 2020 a decade ago when Trend Micro first tapped Victoria Baines, formally of Europol and currently an Oxford visiting researcher, and Trend Micro VP Rik Ferguson to forecast the future. They hit on a number of fronts, including the development of the gig and data economies. Project 2030 predicts growing threats from pervasive connectivity through 5G and 6G, evolving threats to edge computing and new digital technologies, harder to disrupt information campaigns created around AI in Metaverse type environments and more.
SC Media spoke to Baines and Ferguson about Project 2030 and the nine-part web series that launched earlier this week.
Project 2030's talk at RSA seemed to go well — we even wrote a story about it. Why not stick to auditoriums? Why do a fiction series?
Rik Ferguson: We were very good with our info security echo chamber. We are really good at talking to each other, sometimes arguing with each other and definitely amplifying each other. And I think where we consistently fail is in engaging people outside of our professional circles. And that's true whether we are talking about info security professionals within the companies that they work for, or info security as a domain in the world, in general. So 2030 research on both sides, whether we're talking about the paper itself, or we talk about the video content that was created based off of the paper, both of those assets were created with the express aim of being able to engage with people who are not info security professionals. That's why we've created a super-accessible, Netflix-style, nine-episodes story. We set the story in the world described by the document with a lot of the elements of the story are enabled by technologies that are described in the document. And that's the main reason. Why would we preach to the choir when there's a whole load of other people that need to hear the message?
Do you get the sense that people do a better job appreciating threats when they can experience them as narrative fiction than they do from news articles and conferences?
Ferguson: I think there are two sides to the coin. "Black Mirror" is a great example. "Black Mirror" is one of those TV shows that did get people having conversations about stuff they never would have had conversations about before. People totally outside of InfoSec. With 2030, we're extrapolating on some of the concepts actually that are in the 2020 and 2030 documents. So I think that's an object lesson that absolutely you can engage more people more effectively and get them to think through more of the ramifications of technological change and abuse.
But when I say it's two sides to the coin, you have to be very careful. And this is something that Vic and I came across in the creation of the document and definitely in the creation of the web series. You have to be very careful not to go full dystopia. I remember sitting in my house, having a few conversations about different things in different scenarios, and going, 'No, we probably shouldn't go quite that far because it ignores all of the positive aspects of a technological change and really just goes after it for the scare factor.'
Of course, we're telling an engaging story in the videos and part of the art of telling an engaging story, particularly in videos that you've got to have a big bang and you've got to have a cliffhanger at the end and all those kinds of things. So of course that's there. But the underlying research, actually primarily when we talk about the scenarios is about the positives of technology, and we want people to engage in that conversation, too.
Victoria Baines: I think it's pretty balanced, actually. There's no getting away from the fact that because of advances in medical technology, there are people being kept alive today that wouldn't have been alive 20 or 30 years ago. There are massive benefits to technological evolution. One of the things that I do in the in the rest of my work, and I'll try not to plug it too much [turning to the bookshelf and holding up a copy of "Rhetoric of InSecurity: The Language of Danger, Fear and Safety in National and International Contexts"] but I write about cyber security rhetoric right now.
What I find in the media outside of the InfoSec media is that we still have this huge dystopian technophobia. We need to be afraid of, you know, X, Y and Z. And of course, that's simply not the case. With new opportunities, we get new responsibilities and new vulnerabilities, which we have to secure against to the best of our capability. We see a lot of threat predictions associated with threats of AI, threats of 5 and 6G, threats virtual reality or augmented reality. These things don't operate in isolation. They enable each other the tools that we use in five or 10 years time. It's actually easier to create a realistic set of predictions by looking at how those things will operate in the world rather than in isolation as separate technologies. So you end up with something that is more accessible, but also is it's more likely is more plausible, because we thought about real use cases, When we're describing the kid who wants a brain implant so that his reactions when he's gaming can get faster, you can see how that would be a plausible use case even though it makes us feel a bit ick right now. You could see how that would transition from medical use cases to consumer use cases.
Human beings aren't always great at urgency. Does experiencing problems through fiction make us better equipped to address problems? Are there other ways to hurry the gears?
Ferguson: A lot of policy and regulation is unavoidably based in the threats of today. Today, influence operations are weaponizing today's social networks that have today's social network functions, we need to do something about that. Sure. But why not have the thing that you're doing have a longer shelf life than the 2021 Facebook functionality? Because the 2021 Facebook functionality will be different in 2022. And it will very differently, be different in 2030. And obviously, Meta is just one manifestation of quite how different it could be in over the next decade.
Baines: I've spent the last few years working on the potential for misuse of extended reality. This is something I've been getting across to stakeholders all over Europe at the minute. We're really, really keen on building people's critical thinking right now so they don't fall for misinformation and become an unwitting tool of hostile nation-states in sowing discord in communities. That's hard enough when we're separated from a screen. We can put down the screen, we can walk away we can have a minute and just decide, 'Hey, I'm not sure if that's that information is entirely true.' It's going to be so much harder when we're in immersive environments.
Ferguson: That's the reason for including the government and nation-state scenarios rather than just focusing on people and businesses. These are the technologies that we are going to be talking about 10 years down the line. They are in development right now. And we need to get ahead on some of the edge cases, like storage of data in synthetic DNA. Just look at what's happening now with vaccines that contain the three letters RNA and how much fear can be engendered in people by misusing the truth about what RNA is, what it means, and how it is used in a vaccine. Think about what could be done with a population being told that data is being stored in DNA. You'd have a massive explanatory exercise to do up front and you have a massive self informing exercise to do upfront to understand yourself as a policymaker.
With 5G and 6G, we'll have a much broader attack surface. Your threat models have to change. You may not have considered your lampost as being a threat because it could dial premium rate numbers. Well, now they can because they're connected via SIM.
The paper report is a nearly 40-page document and it's impossible to detail every possible enterprise implication within the scope of a single conversation, but there is an awful lot. This is very much not just a science fiction, novel or web series. It's also a very serious document that attempts to give enterprises as well as individuals and governments the information they need to devise a much more nuanced longterm strategy instead of remaining in permanent firefighting mode, which is kind of where we are now.