OODA Loop

Understand tomorrow, today.

Defending The Metaverse From Threats Old and New

Archive, Decision Intelligence, OODA Original / by

The Metaverse is the third wave of Internet technologies.

The First Wave was based on Interoperable computers and servers. This brought us widespread adoption of email, web pages, web browsers, ecommerce and web apps. It was primarily based on fixed-line communications.

The Second Wave brought more mobility, including smartphones, laptops, tablets, and data while mobile including streaming media, photos and videos. Comms with the second wave were augmented by WiFi and cellular data.


OODA Loop Sponsor

The Third Wave of Internet technologies, the Metaverse, is coming soon. It includes shared interoperable virtual worlds with trust layer for store of value, user persistence, accessibility. It has been described as having an ability to not just interact with the Internet but be in it.

There is some good news and some bad news with the coming Metaverse. The good news is the incredible use cases this third wave of Internet capabilities will bring. It will have its own thriving economy for business. Estimates are that the Metaverse economy will be a $Trillion dollars within 3 years and a Twenty $Trillion dollars within a decade. It will be a primary means of educating our youth and delivering knowledge through life, and will be a leading form of social interaction, advice and assistance on a range of issues. And of course there will be incredible new forms of entertainment.

Now the bad news. There are serious threats and security issues to consider with the Metaverse.

Think of it this way, is there any reason to believe that the coming Metaverse will be as secure as our current Internet technologies? Of course not. In fact, our analysis indicates the threats will be even more serious. They include:

New Privacy Threats: Surveillance by corporations, criminal groups, hostile nations, fraudsters. You have a digital life online already whether you realize it or not. Now imagine being watched 24/7/365 and what that will reveal.

Mass Languor: Dangers of today’s social media apparent. Imagine enticing pull of super-realistic simulations with maximum dopamine, endorphin and oxycontin triggers. Contributes to mental weakness.

Oneirophrenia: The state when one loses the ability to determine what is real and what is not. Makes misinformation/disinformation more impactful

New Fraud Vectors: Companies and communities want to build and maintain trust. Good people will too, even when anonymous. Bad people will want to take advantage of that. Digital value must be protected.

Unleashing Demons: Imagine the worst of human nature and cyber bullying coming at us all with persistence.

There are no simple solutions to these threats. But we humans created the metaverse so we can absolutely muster the brainpower to mitigate these. Our recommendation is to leverage a framework of entities responsible for action.  This framework starts with you, the individual. All of us can and should play a role in mitigating threats in the Metaverse. But action is required by a full spectrum of entities, individuals, communities, companies, governments and academia. Here are our recommendations for action by each:

Individuals:

As individuals we should all inform ourselves enough about the coming Metaverse that we can decided what we want from it, especially regarding privacy and security. Our individual requirements should be turned into expectations for communities, companies and governments. Those entities that do not support our privacy and security requirements should be avoided or even penalized. Deciding what we expect and require is important, but individuals should also take action to defend themselves. This includes learning and implementing best practice for home security fundamentals, but also learning how to use and protect information associated with cryptocurrency wallets, since the medium of exchange and trust layer of the Metaverse will be based on cryptocurrency. There are some threats that can only be mitigated with significant self discipline. This trait should be developed by anyone seeking to spend time in the coming Metaverse.

Communities:

People have been banding together in online communities since the birth of the Internet. Over the last decade communities have joined together to form movements that in some domains and cases rival the power of nations (see the Network State). Communities will hold great sway over big portions of the Metaverse. This means they have a big role to play in protecting privacy and mitigating security threats. At the community level, solutions should be put in place to limit bullying, fraud, manipulation, misogyny and other demons of humanity. Processes to mitigate these threats can benefit from strong feedback loops and by establishing means to exchange threat information with other communities and with the government. Standards for interoperability and security of store of value are important. Security and privacy controls for communities should be built in early and tested frequently. Control over key aspects of privacy should be a requirement and privacy should be respected, but communities can also build in privacy respecting ways of spotting and mitigating oneirophrenia.

Companies:

Companies have been building online experiences for users for decades, including pioneering work that has many aspects of the future Metaverse. Consider, for example, Second Life, which was started by Linden Lab in 2003 and still attracts a large following of users. The announcement in the summer of 2021 that Facebook would be a Metaverse company brought the world’s attention to the role of companies in building the future Metaverse. Facebook’s announcement also brought great concern. Over the last decade Facebook has made significant progress in protecting privacy and improving security of user data, but there are concerns that their monetizing Metaverse experiences will be a big negative for the future. All companies working towards the future Metaverse should understand that individuals and communities expect to have solid protection of privacy and security controls in place. At this point there is not excuse for not building these in from the beginning. Companies should also invest in continuous testing of security controls including red teaming for the Metaverse. Companies are uniquely positioned to help reduce the ability of criminals to operate, and can also put controls and processes in place to reduce threats from cyber bullying.

Governments:

The role of governments in defending the Metaverse is one we should all carefully consider. Opinions on the role of government vary widely. Our planning assumption is that open societies will find a balanced way of ensuring government roles in the Metaverse are not counter productive, but to make this assumption come true individuals should ensure they know what they want from their governments. We should add that clearly there are some things that only governments in open societies can do regarding security in the Metaverse. This includes leveraging the power of collection and analysis to understand what hostile powers and surveillance states are doing in the Metaverse.  Here is a short list for recommended government actions:

  • Establish incentives for companies and communities to build with security and privacy in mind
  • Find ways to track and mitigate hostile intelligence services and hostile misinformation/disinformation campaigns in the metaverse
  • Ensure right role for law enforcement especially in fighting international crime
  • Stay on the side of human rights and privacy
  • Share threat intel with commercial groups and communities

Academia:

The role of academia in security and privacy of the metaverse is critical. Interdisciplinary study that brings in computer science, political science, philosophy and psychology can shed insights that can help shape optimal approaches to defense against threats. Academia can also tech requirements for security and privacy and can train scholars on ways to mitigate threats.

This framework approach to mitigating metaverse threats requires broad action that starts with an understanding of what individuals want from the future then leads to collective action. If approaches like this are taken then the security of the metaverse will be improved and threats to liberty reduced.

For more see:

What To Know And Do About The Coming Metaverse

This post captures insights into this new world in ways meant to help leaders understand what is most relevant to your strategic planning. We provide an operational definition of the Metaverse, a description of the current market of metaverse players, and a list of recommendations for how this information should inform your business strategy.

Did Airman Teixeira Give You Concern? Just Wait For The Metaverse

Spies and leakers all have their own reasons for doing what they do. Some do it for money. Some do it because they are being blackmailed. Some do it because they are narcissists and seek fame. Some have done it for ideological reasons. This one seems to have done it to impress other intellectually and psychologically immature online acquaintances. He damaged national security for the lulz.  Teixeira was active on Discord, even ran his own server there. Discord is a great tool, I use it every day. Discord was not the problem here, but it may have been a contributor in a not so obvious way.

Jahon Jamali On Bitcoin, Ethereum, and the Coming Metaverse

Jahon Jamali is a leading expert on emerging technologies, global risk management and international relations. He began his career as a U.S. Intelligence Officer with the Defense Intelligence Agency. He also has extensive experience in the high tech community creating and growing startups through to successful exits. All this makes him an even more credible authority when it comes to seeking the trends that are moving technology, business and government operations forward.

The Future of the Metaverse: Where is this all going?

This post reviews some of our research into the future of technology, specifically the technology enabled shared reality known as the Metaverse.

Explore OODA Research and Analysis

Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community

 

About Bob Gourley

Bob Gourley is an experienced Chief Technology Officer (CTO), Board Qualified Technical Executive (QTE), author and entrepreneur with extensive past performance in enterprise IT, corporate cybersecurity and data analytics. CTO of OODA LLC, a unique team of international experts which provide board advisory and cybersecurity consulting services. OODA publishes OODALoop.com. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency.