By Andy Bui
On December 6, the Center for Long-Term Cybersecurity (CLTC), together with the World Economic Forum Centre for Cybersecurity and CNA’s Institute for Public Research, hosted a webinar to discuss the findings of Cybersecurity Futures 2030: New Foundations, a research initiative that aims to inform cybersecurity strategic plans around the globe.
Sponsored by Fortinet, Meta, Okta, and Repsol, Cybersecurity Futures 2030 aims to help decision-makers better understand how technological, political, economic, and environmental changes are impacting the future of cybersecurity for governments and organizations. Developed through discussions from a series of workshops conducted around the world, the report provides insights that are broadly applicable across countries and regions.
“The Center for Long-Term Cybersecurity focuses on the future in order to amplify the upside of the digital revolution,” said Ann Cleaveland, Executive Director of CLTC, in an introduction to the webinar. “Cybersecurity Futures 2030 is one of our flagship research initiatives. It has taken us literally all over the globe this year, and we’re so grateful to everybody who has participated in large and small ways.”
In his remarks, Akshay Joshi, Head of Industry and Partnerships at the World Economic Forum Center for Cybersecurity, reflected on the rapid pace of technological innovation — and the need to look ahead to anticipate change. Joshi noted that the narrative around technology in 2018 was dominated by the hype of cryptocurrencies while the “transformative potential of blockchain” went unnoticed. As the world moved into the pandemic and post-pandemic years, he added, the focus shifted to video conferencing and back-end cloud transformation, as well as the Metaverse and generative AI.
He explained that the World Economic Forum Center for Cybersecurity has “been at the forefront of developing cutting-edge foresight” in part through its annual Global Cybersecurity Outlook. “This report seeks to equip cyber and business leaders with insights to steer decision-making on technology- and cyber-related issues,” Joshi said. “Our collaboration with the team at UC Berkeley for Cybersecurity Futures 2030 is complementary to our existing efforts, as it is aimed at helping leaders imagine how the landscape on cybersecurity could evolve over the medium- to long term.”
A Strategic Roadmap for 2030
The conversation shifted to the Cybersecurity Futures 2030 report, which was co-authored by Ann Cleaveland together with Matt Nagamine, Manager of Strategic Partnerships, Alan Cohn, a non-resident fellow at CLTC, and Alison Vernon, Senior Research Scientist at CNA . Nagamine explained that the work on the report began in November 2022 with a series of preliminary workshops and the development of four cybersecurity scenarios depicting alternative digital features modeled out to the year 2030. These scenarios were used to facilitate discussions with industry, government, academic, and civil leaders in Europe, India, Rwanda, Singapore, the UAE, and the United States.
Nagamine explained that the project identified key challenges: data privacy, talent development, and sustainability. Regarding personal data, almost nobody in the workshops believed that it is “plausible or desirable to fully restrict the flows of personal data,” Nagamine said, noting that “the objective out to 2030 will be for countries and individuals to negotiate a fair ROI on the use of their data.”
Talent development will require investment in cybersecurity training, which should become a priority objective across all regions, Nagamine said. The report identifies three critical dynamics in regard to the talent development challenge: the intensification of competition for global talent, the urgency for broad cyber literacy training “in order to combat disinformation and garden-variety cybercrime,” and investment in local and regional education and skilling programs “to restore supply chains and enable economic development.”
Nagamine also explained that sustainability, climate change, and cybersecurity initiatives are becoming increasingly intertwined. Technological advancements create increases in energy demands, and the construction of green energy infrastructure and smart grid networks expand sources of cyber insecurity — vulnerabilities that may be overshadowed with the advent of artificial intelligence. There is “some optimism that the potential for these new technologies, especially those AI tools” could help with climate and energy challenges, but going forward, the report advises that digital infrastructure should be “built and upgraded with climate and energy resilience in mind,” he explained.
Alan Cohn presented other overarching insights detailed in the report, including the idea of reframing digital security as “the ability of society to match the speed of trust with the speed of technological innovation.” He explained that workshop participants voiced concerns that “the speed of technology and criminal innovation was surpassing humanity’s ability to ensure the trustworthiness of digital products and information.” He also emphasized that the spread of misinformation, disinformation, and malinformation have become core cybersecurity concerns, and that there is broad agreement that public and private partnerships are “imperative to combat sovereign and criminal cyber attacks.”
As the technological narrative focuses on artificial intelligence and automation, it will also be important to focus on cybersecurity in fields such as quantum cryptography, as well as advanced and space technologies, Cohn said. He reiterated that decision-makers need to monitor the pace of digitalization “as closely as they do the security specifications of technology,” especially as global alliances begin to reshuffle in the coming years.
Alison Vernon discussed some of the regional variances that emerged through the research, including varying levels of trust between regions — an issue that can be analyzed through four lenses: data privacy, regulation, technology, and adoption with respect to international relations. She noted that there are likely to be growing gaps between regions that are adept at using technology versus others that are left behind. Workshop participants in less developed nations “worry about getting their population access to to technology, but also worry that they don’t have the governance available to regulate the technology and keep control of privacy,” she explained.
The second half of the webinar featured a discussion with industry practitioners, including Derek Manky, Chief Security Strategist and Global VP for Threat Intelligence at Fortinet; Erin Baudo Felter, Vice President of Social Impact and Sustainability at Okta; David Agranovich, Director of Global Threat Disruption and Security Policy at Meta; and Javier Garcia Quintela, Chief Information Security Officer (CISO) at Repsol.
Each panelist weighed in on findings from the Cybersecurity Futures 2030 report that they found striking. Manky highlighted the importance of public-private partnerships, and he noted that incentives need to be put in place for such partnerships to thrive. “That’s definitely an interesting objective to pursue as we look toward 2030,” he said, noting there need to be “bilateral incentives that consider value in different cases for partners, because each partner has different needs.”
Felter stressed the importance of talent development in the cybersecurity field. “We think we’re talking about technology, but we’re really talking about people in many different ways,” she said, adding that she was struck by the report’s call for “transformative investment” in cyber talent and skills training. “The complexity of the threats are growing, and the reality is, there’s just not enough human beings right now on the earth to keep us all safe,” she said. “The figure we use at Okta is that there are 3.4 million unfilled cyber jobs today. You think about what that might look like in 2030 If we don’t start to rapidly close this gap.”
For Garcia Quintela, a key finding from the Cybersecurity Futures 2030 initiative relates to the importance of trust and integrity of information, particularly “promoting and protecting [trust] with the fast-rising impact of artificial intelligence.” He also pointed out that his firm, Repsol, is an energy company, and so the report “reinforces the necessity to protect innovation in the digitalization processes” and to “commit to energy transition objectives.”
David Agranovich was struck by how different regions have different views toward regulation of data privacy and data localization. “It raises really difficult questions of, how do you ensure data privacy for users around the world, while at the same time ensuring that in developing economies, or in new regulatory centers of gravity like Singapore, those same principles aren’t being used in ways that undermine some of the fabric of the global internet?” he said.
Agranovich also stressed the importance of “transitioning from reflexive regulation to proactive regulation…. How do we use regulation early enough in the development cycle of new technologies like AI to start thinking about how to be ahead of some of the threats that we’ve seen emerge in other areas, rather than simply trying to constrain them once they’ve already gotten out of the pack?”
Panelists stressed that the convergence of challenges will require companies and governments to be proactive in the coming years. “It’s really clear that so many of the issues that we’re talking about are interconnected,” Felter said. “Climate risk is connected to inequality, which is connected to education, which is connected to political risk, which is connected to cyber risk…. When we are developing new technologies, we need to be embedding sustainability considerations at the very beginning of the process.”
Felter also emphasized the importance of digital inclusion and narrowing the gap between the “haves and have nots” in technology. “We need to make sure that we are taking into consideration not just who can use the technology when we create it, but who might be left out of the technology as we create it,” she said. “In those ways, philanthropy can be a really great tool…. We should be thinking about investing in product development at the same time as we’re investing in digital skills programs for vulnerable communities. Whether we’re talking about digital inclusion or sustainability, we need to recognize that we cannot solve a problem over here and create a new one over there.”