NCC Group’s global look ahead to 2022 with Ollie Whitehouse

We’ve interviewed industry leaders from our four key geographies – the UK, the Asia and-Pacific (APAC) region, North America and Europe – to understand the key developments in each region over the last twelve months, and what we might expect from the year ahead and beyond.

UK with Ollie Whitehouse, Global CTO

Next up, our Global CTO Ollie Whitehouse draws on his 25 years’ experience in cyber security, and insight as an advisor to several government departments, to provide his thoughts on what we need to know about the year just gone and the years ahead for the UK.

What are the three key developments you saw in the UK in 2021?

Two major pieces of legislation were introduced this year, marking a shift towards more interventionist cyber policies in the UK. The Telecoms (Security) Act 2021, which sets a path for much stronger cyber security requirements for telecoms operators of all sizes, is the first of its kind, and will likely be replicated across other sectors and jurisdictions in the years to come. We also saw the introduction of the National Security and Investment Act 2021, significantly strengthening the UK Government’s powers to scrutinise – and potentially block – foreign acquisitions and investments in critical sectors which could impact on national security.

The application of technology in biological settings continues to attract huge amount of attention and R&D investment. From the use of brain computer interfaces to treat spinal cord injuries and even enable telepathy to the mass processing of genetic material, the potential opportunities are immense. But so too are the risks. Imagine a hostile actor hacking into a body monitor to make the victim believe they have a heart defect. Or synthetic biology being done in the bedrooms of interested civilians. Thanks to the technological breakthroughs we’ve seen over the last twelve months, these are very real possibilities.

We’ve also seen decentralised finance (DeFi) – the blockchain-based form of finance that does not rely on central financial intermediaries – grow on an unprecedented scale, with over $70 billion dollars now existing in DeFi. This largely unregulated, agile and fast evolving sector has the ability to democratise finance and provide tremendous societal and economic value. However, it is also an enabler of criminal activity, bypassing many of the controls placed on illicit finance and providing malicious actors with the ability to steal assets remotely on a scale never seen before, particularly given the relative immaturity of DeFi cyber resilience. The UK – with its rule of law, cultural norms, science and technology capabilities, national resilience, governance and global outlook – has the opportunity to lead the charge and become an elite global trading and settlement hub for digitally traded assets, but only if it acts quickly.

What are the three key developments we can expect to see in the UK in 2022?

Expect to see a far more interventionist and offensive approach to cyber security and software resilience from the UK government. The Telecoms (Security) Act 2021 is the first sector-specific UK law to recognise the failure of the free market in delivering the government’s aims for a cyber resilient economy and establish a prescriptive framework by which operators will need to comply. As it wrestles with ransomware, supply chain security and the protection of the UK’s critical infrastructure, the government will likely continue in the same vein. We’ll also see the UK’s new National Cyber Force, the new home of offensive cyber operations, become fully operational. My prediction for 2022 is that the Force will undertake the first UK government-led offensive operation against ransomware. Watch this space.

Edge computing is on the cusp of revolutionising the industrials and utilities sectors, enabling massively decentralised computing, at scale, reducing energy consumption and increasing processing speeds. From a security point of view, edge computing presents significant risks. It offers malicious attackers many more points in a network that they can compromise, dwell and use/exploit/exfiltrate the data shared across the entire network. Operators and policymakers will need to add this to their increasingly long list of challenges as they look to build resilient networks fit for the future.

Another area where there will be continued significant advancements in 2022 is quantum computing. Quantum sensing, the use of quantum capabilities to build next-generation sensors, will come to market, fast-tracking developments in a range of fields from IoT to autonomous vehicles. I also predict we’ll see the world’s first quantum cloud machine.

Wildcard prediction for 2022 and beyond

Could we see a significant destabilisation of China in the next five years? For example, as a result of a change of leadership, a leadership vacuum, rising internal discontent or, indeed, all of the above. From a UK-perspective, like most western countries, despite fledging efforts to reduce reliance on Chinese supply chains and investment, we remain tied to the region. So, any destabilisation will have notable economic knock-on effects. In cyber terms, we cannot assume that there will be any respite in the Chinese cyber attacks we’ve become accustomed to. Any gap left by a reduction in Chinese state-backed attacks, assuming that an alternative regime does not pick up the baton, will quickly be filled by state-backed attacks from other hostile nations.