ArchiveCyberOODA OriginalTechnology

OODA Trends 2019

Now that we are fully settled into 2019, here is our eccentric take on emerging technology trends for 2019. We’d love to get your feedback on this list and what you think we got right or wrong.

Rapid adoption of facial recognition

Some of the greatest machine learning achievements of 2018 were focused on image analytics.  We believe that 2019 represents a tipping point for facial recognition technology based upon the following factors:

  • Cameras are increasing in resolution and computational power, enabling edge analytics that can contribute to facial recognition technologies.
  • Network bandwidth speeds are increasing, allowing for advanced cloud-based analytics to be run against images in real time.
  • Edge computing devices are also increasing in performance, including devices like Amazon’s Snowball Edge, which can provide the computational power of an Amazon instance and image processing power to any location.
  • New approaches that couple infrared mapping of faces with traditional camera imaging will increase the speed and accuracy for recognition purposes.  These technologies are already being used in mobile phones as in Apple’s FaceID and several start-ups (like Alcatraz.ai)are using these approaches for building access control and as a more secure replacement for traditional access cards.
  • Social media companies are already sitting on a treasure trove of facial recognition data as are companies like Amazon and others.  How long until that data is integrated with home security camera systems like the Ring doorbell that will be able to identify that the person on your front porch is a friend from social media or was identified by another Ring owner in your neighborhood as suspicious?
  • Social stigma associated with facial recognition is quickly diminishing.  The White House has announced a facial recognition program and the technology is increasingly being introduced for access to venue like concerts and sporting events.  Even Taylor Swift is using facial recognition for threat detection.

All of this contributes to a perfect storm of market opportunity for facial recognition technologies in 2019 and beyond.

Geopolitical AI

We’ve seen adoption of AI in business processes, but we’ll start seeing the emergence of AI in geopolitics and also greater geopolitical influence on AI.  Increasingly, machine learning is being used to support geopolitical analysis as sources of data have grown to the point where human analytical analysis at scale is no longer achievable.  Given the controversy surrounding Google’s departure from USG programs like Project Maven, this an area that is ripe for disruption and innovation from emerging companies. Hopefully, government acquisition programs can keep up.

We are also entering into an era of increased geopolitical influence on the algorithms that drive business processes, especially those in the investment sector.  Don’t think geopolitics can influence algorithms, take a close look to how the stock market reacted to the arrest of a Huawei Technologies Co Ltd’s chief financial officer, Meng Wanzhou or the economic impact of trade and IP enforcement issues between China and the US.  This is a topic we will be covering in much greater detail on OODALoop.com.

Red teaming is dead. Long live red teaming.

Several folks contacted us asking if the OODA Ventures investment in the red teaming automation platform Scythe is an indication that human-based red teaming will be on the decline?

In a word, no.  Cyber red teaming will certainly take advantage of the automation and machine learning technologies that are rapidly penetrating other industries.  This will be hugely beneficial to the cyber security posture of those enterprises deploying these technologies. It will also make more advanced red teaming capabilities available to a wider population of businesses and develop a market for tactics and techniques to propagate between commercial peers and even across industry sectors.

This will also help raise the floor for our most capable human red teamers, allowing them to focus on emulating the tools, techniques, and procedures of the most advanced adversaries.  In a discipline where the term “low hanging fruit” is used in corporate briefings, these new technologies will provide much value.

In addition, cyber red teams only see one particular piece of the puzzle.  We still need humans to see the blended risk that includes elements like physical, business process, and external influences like geopolitical factors that keep organizational threat models dynamic.  As a result, these automated red teaming tools will advance and grow the market for advanced red teaming, not canabilize it.

Endpoint security software market compression

If you combine the market cap of all the next generation endpoint players it seems grossly misaligned with the actual endpoint market size.  Additionally, 53% of companies with over 1000 employees have deployed three different endpoint agents and are having an increasingly hard time differentiating them.  This will lead to some natural consolidation, at least for the desktop endpoints. Given the acquisition of Cylance by Blackberry and what appears to be an eminent Crowdstrike IPO, 2019 will likely emerge as the start of the endpoint market compression.   We realize there are many different ways to slice the size of a market and multiples can be somewhat dynamic, but the emerging market factors and feedback from our CISO network indicate compression in this market on the horizon. There will be some clear winners and losers and not much opportunity for emerging capabilities to capture the attention of the market unless they are revolutional, not evolutional.  

The age of errorism

In an age of big data, data integrity is critical.  We are entering into a gilded age of errors.

Machine learning and AI are emerging universal technologies.  They will permeate almost every organization and sector in the near future similar to the way the Internet advanced into all facets  of society over the past 20 years. With the adoption of these technologies, we will also be introducing unprecedented risk as algorithms reach unprecedented scale, increasing complexity, and become self learning in ways humans might not comprehend.  

We believe this is such a significant issue, we’ve built a security practice at OODA that we call the Turing Integrity Assessment.  Under this assessment model, we look at what we consider to be the trifecta of AI/ML risks:

  1. Traditional cyber hardening of the computational platforms used to operationalize these technologies
  2. Protection and integrity of the training data and internal and external source data dependencies in the ML process.
  3. Red teaming of AI/ML approaches to ensure algorithmic integrity and reduce the potential for bias or external influence.

One way to think about ML risk is that risks can be compounding like money in an interest bearing account where even a small amount of misaligned data can cause the self-learning process to become greatly corrupted in the future.

In 2019, we’ll continue to hear about systems causing bad decisions to be executed or unintended consequences of narrow AI/ML deployments.  Now is the time to get ahead of the issue and build security into your AI/ML deployment plans.

Automation Will Make Unsurprising But Continuous Impact On The Economy

Former Federal Reserve Chairman Alan Greenspan frequently pointed to the role of information technology in lifting the productivity of American worker and business. In 2000 he said “What differentiates this period from other periods in our history is the extraordinary role played by information and communication technologies.” He also frequently argued that this remarkable wave of technological innovation would be a long running wave.

Now almost 20 years after his observations it is pretty clear he was right! The business world continues to benefit from automation and the resulting productivity gains means business will continually explore new ways to apply automation, including new ways to make sense of data, new ways to control business operations, and new ways to run manufacturing. This is unsurprising of course. The age of continuous automation and IT based optimization is upon us.

However, there are indications that discontinuities are coming. To date, automation has generated a net increase in jobs, and when technologies displaced workers from one type of work, opportunities would be available somewhere else due to the continued growth of the economy and new career paths created by technological advancement. There is a growing concern that this might not continue.

Consider, for example, the impact on hired drivers (including taxis, Uber, Lyft) from the coming self-driving car revolution. Also consider the impact on truck drivers: trucking is one of the largest workforce segments in the United States. At the same time that disruption is hitting this sector, automation in retail and hospitality are cutting positions. And manufacturing plants are becoming increasingly automated, to the point where minimal human involvement is required. In the near term entire manufacturing plants will be able to operate in “lights out” mode with little need for humans to enter factories at all.

Our recommendation for business and governments in 2019 is to consider not just your own ability to automate, but how you can leverage the talents of humans to your advantage. Those firms with good leadership, vision and compelling missions will have a great ability to attract talented people from other sectors or firms that are focused on automating their workforce out of existence. The most successful firms will build plans for continuing their own automation, but also consider ways to create fusion workforces that blend the best of both worlds to maximize results. This will lead you to new ways to compete and win.

Tensions With China Require Your Awareness And Action

China officially joined the World Trade Organization in December 2001. This signified China’s deeper integration into the world economy and China’s stated commitment to trade fairly. It also signified the widely held believe in the West that trade would be good for all parties involved.

Since then many historical things have occured. Notably, the Chinese leadership has been credited with moving more people out of poverty faster than at any other time in human history. However, Chinese trade practices have hardly been fair, in any sector of trade. Intellectual property is stolen and repurposed by Chinese sponsored espionage entities. Business processes are copied and then innovated upon for the Chinese markets. Computer intrusions provide private and proprietary  information that can be used to win competitive bids. Additionally huge barriers are put up to reduce the ability of non-Chinese firms to do business in China including domestic entity ownership requirements.

On top of all of this, China is one of the greatest threat to the privacy of global citizens.

China’s practices in the global markets have attracted attention from nation’s around the world to the threat, initiating a trade war that may last for generations. Now is the time to consider what a long running trade war with China may look like.

Regarding your business, we recommend:

  • Take steps to protect your intellectual property and the data on your business processes. You can make it much harder for Chinese cyber spies to target your infrastructure by following some of the simple best practices we’ve provided at OODAloop.com
  • Evaluate the vulnerabilities of your supply chain, especially if any parts of your supply chain have operations under the control of, or dependent on,  Chinese entities.
  • If your firm does business in China, be aware that any devices you bring into the country will be intruded upon and the contents used by your competitors and the government.
  • Be aware that any short term gains you have in doing business in China may be very short lived, since the system there will enable Chinese firms to replicate everything you are doing and then compete with you in the future.
  • If your business builds product, consider investing in new infrastructure that automates manufacturing and does so in nation’s that respect the rule of law around intellectual property protection (especially the U.S.).
  • Monitor threat intelligence and U.S. State Department warnings with regards to travel to China to avoid inadvertently being used as a “pawn” in Chinese/U.S. relations.

We capture these and many other critical factors on China in the OODA Loop special report on the Chinese Threat, which is available to all OODA Network members.

Cybersecurity and AI Regulatory Changes Coming

Cybersecurity practitioners are fond of pointing out that compliance with regulations never equals security. HIPAA compliance does not keep ransomware from shutting down hospitals. PCI compliance does not prevent hackers from stealing credit card numbers. FFIEC compliance does not keep the hackers out of banks and credit unions.

That said, compliance is an important part of the business environment and is one of many ways society can compel executives to engage on security issues.

One of the biggest compliance moves of the last several years was the EU’s GDPR, which levied new regulations on any business that operates in the EU or has data on EU citizens. The GDPR gives citizens the right to know what data is being held on them and the right to have that deleted, among other things. It also mandates breach notification and more advanced cybersecurity protections with substantial financial penalties for non-compliance and negligence.  

Another key regulatory topic is the power that AI is giving to tech giants, ecommerce firms, retail establishments, the medical community and the data brokers who sell data. AI is giving these organizations more power than any imagined just a few years ago and humanity will need to consider how to regulate and moderate this power. A key question will be how to regulate in ways that ensure privacy and fairness without stifling innovation.

We recommend all businesses continue to ensure compliance with regulations, of course, and stand by for the very likely strengthening of the regulatory environment regarding cybersecurity and privacy protection in the U.S.. That said, do so in a way that ensures you are being more secure instead of just compliant. In general this means architecting to meet a very dynamic threat using best practices, and continuously checking your defenses using external security experts as a level-set for your current security posture.

We should also add that government will see a role for itself in the Age of Errorism, mentioned above.

Quantum Computing: Already more real than you would think

A new consensual hallucination has formed. It is widely regarded that China will soon have a working quantum computer able to implement Shor’s algorithm, the famous math proof that shows how a quantum computer can break all asymmetric encryption. When working quantum computers exist, information protected with asymmetric encryption, like your emails and web browsing – and many other forms of communications – will be readable by those with this quantum capability.  

Quantum computing is coming and it is clear that China is investing heavily in this capability and the threat is highlighted by the fact that they have been and are collecting encrypted communications to store to break later.  But what we don’t know is when China will have this capability. It may well be that our fear is driving us to a worse-case scenario, but we recommend businesses consider enhancing encryption methods now to be quantum resistant, but do so in a measured way, as there is no indication that 2019 will be the year China has a functioning quantum computer.  That said, your risk planning should anticipate that today’s secrets are not tomorrow’s and evaluate the potential impacts of current or older secrets being disclosed in the near-term.

Quantum resistant encryption includes well designed symmetric key systems. There are also solutions available today that generate quantum resistant keys using quantum effects with very high entropy. And some can use quantum effects to generate “one time pad” encryption, which is impossible to break without the key. Explore and move towards these solutions at a measured pace in 2019.  

Will 2019 Be The Year of the Blockchain Winter?

This is the 10th year of Bitcoin’s existence. This first working cryptocurrency based on blockchain gave rise to many others that can operate with no central authority or banks to manage and process transactions. The blockchain is a distributed ledger that is so tamper resistant it does not need vaults to protect it. Once the blockchain concept was created it gave rise to many other solutions besides crypto currencies.

The blockchain is being used to create new businesses that serve a wide range of use cases, including:

  • Proof of ownership
  • Digital stocks
  • Decentralized prediction platforms
  • Medical records management
  • Anti-counterfeit measures
  • Preserving digital identity
  • Smart contracts
  • Decentralized storage

With the rise and then pull back of major cryptocurrency prices and changes to the regulatory environment around cryptocurrencies, many of the startups in the blockchain space have had their funding sources disrupted. We still believe in the unique capability and potential of blockchain based solutions and will continue to track them, but the slowdown in new startup activity leads us to conclude 2019 may well be a “blockchain winter” where innovation is not nearly as fast as was in prior years. This winter will not last long. There are major players investing in blockchain based solutions like the tokenization of stocks, fiat-stable cryptocurrencies, modernized bank to bank transfers and many other major game-changing solutions. Our recommendation for business is to continue to track blockchain innovations regardless of the price of Bitcoin, and continually look for the disruptions that can serve your business. Position yourself to be ready for the blockchain spring, which is really right around the corner.   

The Rise of Multi-Person Gaming with Mobile Devices Changes The Internet Economy

Smartphone market penetration in developed countries is nearing 100%. We do everything with these devices, including, increasingly, use them for mobile gaming. The games themselves are not new to our mobile devices, they have been there in some form or another since the beginning (who remembers Snake!). But they have evolved in capability and the choices for enjoyment have been growing dramatically. Players can enjoy building in Minecraft, battling in Fortnite, or playing with Virtual Reality or Augmented Reality games. Some of the best are those provided by Niantic. Their Pokemon Go is a very social game which enables teams of people to form groups and interact with each other to capture goals or fight to win all while interacting in the real world as well. Niantic announced 65 million people are playing Pokemon Go every month. Niantic game use was so persistent in the real-world that the Department of Homeland Security issued an advisory about it.  Niantic has a new game coming in 2019 that may well be even more popular, based on Harry Potter. Will a billion people globally want to be a wizard? Who knows.

What we do know is that when people are gaming, whether by themselves or in groups, they are not interacting with websites, conducting traditional ecommerce, conducting Google searches or reading Facebook streams. It will be interesting to watch how the growth of mobile gaming impacts the sites that rely on user interaction to sell advertising revenue.

We recommend businesses consider this big shift as you build your marketing plans. If your business is seeking to reach highly engaged and mobile thinkers, finding ways to embed your messages in a company like Niantic’s offerings may be the way to go.

Improving Your Ability To Keep Up With The Pace Of Change in 2019

Change in the technology landscape, in geopolitics, in business innovation and consumer buying patterns will continue and paces impossible to measure. Fortunately, you don’t have to measure the pace of change. What is required is an ability to spot changes relevant to your business and markets and take appropriate action.

There is a model for doing this. The OODA Loop! The Observe – Orient – Decide – Act process is a framework that can help you spot opportunity and risk in an age of continuously accelerating change.  Applying OODA to your business can help you assess what change means to your employees, suppliers, customers and market.

We’ll continue to track these trends and many others over the course of 2019 and will be hosting special conference calls and private events for our OODA Network members.  If these are issues you want to keep on your radar screen, please consider joining the OODA Network.

Matt Devost & Bob Gourley

January 9, 2019

Matt Devost

Matt Devost

Matthew G. Devost is the CEO & Co-Founder of OODA LLC. Matt is a technologist, entrepreneur, and international security expert specializing in counterterrorism, critical infrastructure protection, intelligence, risk management and cyber-security issues. Matt co-founded the cyber security consultancy FusionX from 2010-2017. Matt was President & CEO of the Terrorism Research Center/Total Intel from 1996-2009. For a full bio, please see www.devost.net