Continuing the rigorous prediction discipline into 2002. Specific predictions, with probabilities and deadlines, scored at the deadline.
Threat-landscape predictions
1. At least one auto-propagating worm of comparable or greater scale than Nimda. The substrate is established; the toolkits exist; the variant authors are productive. Probability: 85%. Deadline: 31 December 2002.
2. A worm propagating primarily through SMB rather than HTTP. NetBIOS exposure is large; the technique is overdue. Probability: 70%. Deadline: 31 December 2002.
3. Mass-mailing worm volume continues, with at least one auto-execution variant. Klez is the template. Probability: 90%. Deadline: 31 December 2002.
4. A significant DDoS attack against major commercial infrastructure. Toolkits continue to mature. Probability: 70%. Deadline: 31 December 2002.
5. A widely-deployed wireless attack tool that works against WPA-style protocols. Probably not; WPA is still in development. Probability: 25%. Deadline: 31 December 2002.
6. The first major chain-compromise incident where one worm's persistent backdoor enables subsequent compromise on a wide scale, similar to Nimda using Code Red II but more sophisticated. Probability: 65%. Deadline: 31 December 2002.
Defensive-response predictions
7. Microsoft's Trustworthy Computing memo is published and is substantive. Probability: 75%. Deadline: 31 March 2002.
8. Microsoft pauses Windows development for security review. Multiple-week pause across at least one major product team. Probability: 70%. Deadline: 31 December 2002.
9. Significant reduction in IIS deployment. Operators migrate to alternative web platforms in measurable numbers. Probability: 60%. Deadline: 31 December 2002.
10. WPA / 802.11i progress. Standard ratification or substantial deployment commitment. Probability: 65%. Deadline: 31 December 2002.
11. The Honeynet Project's cross-operator paper is published. Substantial cumulative analysis with multiple operators contributing. Probability: 85%. Deadline: 30 June 2002.
12. Snort 2.0 development branch active. Architectural redesign discussed publicly with code progress. Probability: 75%. Deadline: 31 December 2002.
13. Linux 2.6 development begins. Successor kernel work visibly under way. Probability: 70%. Deadline: 31 December 2002.
Structural-shift predictions
14. Specific high-profile data breach with regulatory consequences. ICO/FTC/EU action against an organisation. Probability: 60%. Deadline: 31 December 2002.
15. Two-factor authentication for online banking ships at a major UK bank. Token, one-time code, or similar. Probability: 45%. Deadline: 31 December 2002. (Higher probability over 2-3 years.)
16. Honeyd-style deception deployment becomes mainstream advice. For non-trivial deployments. Probability: 55%. Deadline: 31 December 2002.
17. Network segmentation becomes default expectation in industry guidance. Industry-standard advice for all but the smallest deployments. Probability: 75%. Deadline: 31 December 2002.
18. The cybercrime-as-commercial-enterprise framing becomes mainstream. Press, industry, and policy treat cybercrime as primarily economic activity rather than hobbyist mischief. Probability: 80%. Deadline: 31 December 2002.
Personal predictions
19. Six conferences attended in 2002. Probability: 75%. Deadline: 31 December 2002.
20. Two conference talks given. Probability: 70%. Deadline: 31 December 2002.
21. Honeypot range expanded with high-interaction hosts behind multiple personas. Probability: 65%. Deadline: 30 June 2002.
22. Substantial contribution to a Honeynet Project paper. Sanitised honeypot data and analysis. Probability: 70%. Deadline: 31 December 2002.
23. The notebook continues at weekly cadence through 2002. Probability: 95%. Deadline: 31 December 2002.
24. I write something genuinely difficult — a piece I would not normally attempt. Topic uncertain. The discipline is to push myself beyond what I currently find comfortable. Probability: 60%. Deadline: 31 December 2002.
Calibration notes
From my 2001 review:
- I was under-confident on threat-side predictions. Several at 55-65% should have been 75-85%.
- I was approximately right on defensive-response predictions.
- I was slightly over-confident on personal commitments.
The 2002 list reflects these adjustments. Threat-side predictions are higher; personal-commitment predictions are slightly lower.
Closing note
The end-of-year notebook post is next week. The new-year first post is the week after.
The calibrated humility discipline continues. The discipline of writing predictions and scoring them is producing meaningful improvement in my forecasting accuracy. The cumulative record across multiple years is starting to be useful.
More in time.