Throughout 2025, CLTC will be celebrating our 10th anniversary by celebrating some of our successful programs. In this post, we look at Cybersecurity Futures, a series of scenarios-based initiatives focused on thinking broadly about how the future may unfold.
Since its inception, the Center for Long-Term Cybersecurity has been focused on looking over the horizon and anticipating tomorrow’s digital security challenges. But how did this concept come about in the first place — and how did “long-term” become part of the center’s name?
It all started in September 2014, when a team of researchers from UC Berkeley — led by Steve Weber, a professor of political science who had recently joined the School of Information — submitted a proposal to the Hewlett Foundation’s newly launched Cybersecurity Initiative, an ambitious program that aimed to apply the power of philanthropy to tackle the growing challenge of digital security. Hewlett’s initiative set out to “cultivate a field that develops thoughtful, multidisciplinary solutions to complex cyber challenges and catalyzes better policy outcomes for the benefit of societies around the world.”
In the proposal, Weber made the case for the establishment of the “Center for Long-Term Cybersecurity,” an interdisciplinary research center with an aim to take a long-view approach to the relatively nascent field of digital security. The goal was to move past the reactive nature of cybersecurity, which tended to focus narrowly on “putting out fires” and responding to yesterday’s cyberattack, and to develop a research agenda centered on getting ahead of the problem by thinking broadly about how the cybersecurity landscape could evolve in the future.
To tackle this challenge, Weber (who has since moved to the private sector, though he retains Emeritus Professor status at UC Berkeley) leveraged his expertise in scenario planning, a methodology that has been used for decades by governments and corporations as a way to develop robust, flexible strategic plans. Scenario planning is based on identifying key drivers of change and thinking broadly about different ways the future might unfold, with an eye toward helping today’s decision-makers ensure they are prepared for a variety of eventualities.
“This may be one of the first attempts to use scenarios in an academic context to help shape a policy-relevant research agenda,” Weber wrote in the proposal. “Developing these scenarios will involve thinking expansively about the terms of ‘security’ and what it could mean, and to whom. This will involve collaborative work between legal scholars, data scientists, computer security specialists, social scientists, policy scholars, and national security experts, and it will require contributions from the leading industry, civil society, and public sector actors in this space. It will of necessity also involve participants from multiple countries.”
Cybersecurity Futures 2020
Weber’s proposal to the Hewlett Foundation was successful, and after receiving a generous seed grant, the Center for Long-Term Cybersecurity set out to develop an initial set of scenarios by convening a two-day conference at the Marconi Center, in Tomales Bay, California. The workshop brought together dozens of experts from different domains — including industry, government, and academia — who worked together to brainstorm key drivers of change that could impact the future of cybersecurity, and to develop a range of plausible scenarios that addressed distinct emerging challenges.
Based on outputs from this conference, Weber worked with a team of graduate students to flesh out a set of scenarios focused on broad questions such as, how might individuals adapt to a world in which all online activity is assumed to be accessible by hackers? How could the proliferation of networked appliances, vehicles, and devices transform human society? And what would be the consequences of powerful algorithms capable of predicting human behavior at a granular scale?
On April 28, 2016, CLTC released Cybersecurity Futures 2020, a comprehensive report detailing the scenarios and analysis. The report was presented in conjunction with an event held at the National Press Club, in Washington DC, in partnership with the Christian Science Monitor‘s Passcode (watch a video of the presentation). The CF2020 scenarios were also used to identify key areas of research for CLTC to support through its inaugural research grants.
“The test of scenario thinking is not whether it predicts or portrays the future accurately,” the report explained. “The measure of a successful set of scenarios is this: enabling people and organizations to gain insight into possible futures in which ‘cybersecurity’ means something different than it does today, involves a broader set of actors, has meaningfully greater stakes, sits on different technological foundations, and engages core human values in a novel way.”
Cybersecurity Futures 2025
In 2017, CLTC partnered with CNA’s Institute for Public Research (CNA) and the World Economic Forum’s Global Centre for Cybersecurity (C4C) to undertake a second scenario-based project, this time focused on exploring key developments that could emerge by the year 2025. Sponsored by HP, Inc. and Qualcomm, with additional support from CyberCube and Symantec, Cybersecurity Futures 2025 aimed to be intellectually and practically robust — and broadly applicable across global geographies. A key goal of the project was to develop scenarios that could be used by companies and policymakers for their own strategic planning.
The resulting report, Cybersecurity Futures 2025: Insights and Findings, focused on a range of technology-related topics, including artificial intelligence, ubiquitous sensors, quantum computing, divergent internet regulations, and other emerging trends. CLTC produced a series of short videos depicting the scenarios, as well as an introductory video featuring Walter Parkes, Hollywood producer and screenwriter of WarGames, Sneakers, and Minority Report, among other films. The website featuring the scenarios (cyberfutures2025.org) included a “decision-making heuristic” designed to help institutional leaders use the scenarios to better prepare their organizations for the future.
Watch the short videos below for depictions of each of the Cybersecurity Futures 2025 scenarios:
Throughout 2018, a project team from CLTC convened a series of workshops in seven international cities to engage experts and decision-makers in dialogue about the challenges and opportunities depicted in the scenarios. CLTC also presented the scenarios at the RSA Conference, in San Francisco, one of the world’s largest cybersecurity industry convenings, and led a workshop in London for risk and underwriting officers from major global insurance companies, using the scenarios to help think broadly about evolving risks. The center’s leaders also convened a workshop for diplomats from over 25 countries organized by the Office of Denmark’s Tech Ambassador, and presented the scenarios to an audience of hundreds at the Internet Economy Summit, in Hong Kong.
The CF2025 scenarios also directly fed into CLTC’s own research; for example, the scenario entitled “Barlow’s Revenge,” which highlighted the potential for divergence in how the internet is governed in different parts of the world, inspired CLTC’s Internet Atlas Project, which aims to to understand how geopolitics shape the internet — and how the internet shapes geopolitics.
Cybersecurity Futures 2030: New Foundations
In 2022, with the COVID pandemic waning, CLTC kicked off its next scenarios project, Cybersecurity Futures 2030: New Foundations, at an event held at Swissnex, in San Francisco. Over the next year, leaders from the center constructed 2030 scenarios and — together with the World Economic Forum’s C4C and CNA — conducted a series of in-person workshops around the world, including in Geneva, Switzerland; Dubai, UAE; Washington, D.C.; Kigali, Rwanda; New Delhi, India; and Singapore, as well as a virtual workshop with participants from multiple European countries and the U.K. This time, the project was co-sponsored by Fortinet, Meta, Okta, and Repsol, and was specifically focused on exploring trade-offs in goals and values that decision-makers will have to contend with in the near future, and on generating insights that could be broadly applicable across countries and regions.
The scenarios depicted in CF2030 were far-reaching in their scope. The report provided a range of key recommendations for decision-makers to address perennial digital security challenges, including data privacy, talent development, and sustainability; it emphasized that the online spread of mis- and disinformation was becoming core cybersecurity concerns. The scenarios also highlighted the importance of improved public-private partnerships to combat cyberattacks and information operations; improved “secure by design” principles; increased investment in cybersecurity talent and training; and improved standards to incentivize interoperability in cyber- and AI security. “Leaders will need to strategically and tactically use regulation to guard against the downsides of AI products as they rise in prominence and take meaningful measures to combat [mis-, dis-, and mal-information] before it further degrades trust and unity,” the report’s authors wrote.
Ann Cleaveland was invited to present an overview of Cybersecurity Futures 2030 at the World Economic Forum’s meeting in Davos, Switzerland. The project also inspired CLTC’s latest initiatives on AI-Enabled Cybercrime and the Cybersecurity of the Clean Energy Transition, and was featured in blogs by Fortinet and Okta, “We have been proud to see CF2030 reflected in the thinking of decision-makers in industry and government, and it will continue to guide our work for the next few years,” said Ann Cleaveland, CLTC’s Executive Director.
Cybersecurity Futures Postmortems
As a key part of the Cybersecurity Futures projects, CLTC conducts “postmortems,” analyses that reflect on our past scenarios to see what we got right, and what we missed. In 2020, Steve Weber wrote a “postmortem” analysis of the 2020 scenarios, and in 2025, Nick Merrill and Steve Weber published an analysis of our 2025 scenarios; an abbreviated version of this write-up was published by the World Economic Forum. These “post-mortems” are a way to refine our analytic process and enrich our understanding of how the cybersecurity landscape is changing over time.
Overall, CLTC’s futures practice remains an important core of our foresight-focused mission. The scenarios have helped us identify key emerging issues — including predictive algorithms, the internet of things, shifting attitudes about privacy, and artificial intelligence — that have increasingly shaped our world. We will continue to use scenarios and other methods to keep peering over the horizon. After all, the future has a way of arriving sooner than we expect.
