“What keeps me up at night” is a series where top security experts reveal the threats, technologies, and tactics that keep their industry constantly on its toes. As regular citizens, we don’t know the half of what’s going at the highest levels of national and international security (the true volume would probably induce mass panic). These experts can help give us a better idea of the type of threats we face, and how we as a society can protect against them.
King Mallory is the director of the RAND Center for Global Risk and Security and a senior international defense researcher. He’s also the head of RAND International’s Security 2040 Project, a multi-disciplinary research group looking at the trends that will shape the security industry for years to come. Mallory’s experience ranges from coordinating security on political campaigns to analyzing policy at the Stockholm International Peace Research Institute.
Lately, Mallory has been thinking a lot about cyber defense, specifically the proliferation of bots and how they can interfere in upcoming elections. As half of Americans see fake news as a bigger threat to the U.S. than terrorism, Mallory’s approach to enemy tactics are especially pertinent.
What is the most pressing security threat that faces us today?
Short answer: Bots are spreading lies.
In the cyber domain, it is reining in the use of false persona and bots in information operations. This would include educating social media users to become more informed consumers. It would also entail coming up with a more robust strategy by which to deter state actors that interfere in (or are thinking about interfering in) the democratic processes of the U.S. and its allies.
What is the biggest security threat on the horizon that we don’t know about?
Short answer: Quantum computing breaking encryption.
Quantum computers are likely to make the entire Public Key Infrastructure [the systems that ensure data encryption] upon which e-commerce depends obsolete. Quantum computing will allow those keys to be broken and any captured encrypted communications to be broken retroactively.
What can we do to address these security threats right now? How about in the future?
Short answer: Learn the enemies’ tactics.
The U.S. and its allies have to develop a viable strategy by which to deter state actors from engaging in election interference and influence operations designed to disrupt Western democracies. This can range from identifying and shutting down adversary bots and avatars to retaliatory action against opponent computer systems. It also involves educating Western consumers about opponent techniques, tactics, and procedures in order to inoculate them against such campaigns.
It is also important to be thinking about how to develop a parsimonious set of standards that will allow us to start transitioning to post-quantum-computing encryption, as the transition can take up to 20 years.