Augmented Reality (AR) and Virtual Reality (VR). AR and VR systems with three-dimensional imagery and audio, user-friendly software, and low price points are already on the market; their adoption will probably accelerate in 2016. AR provides users with additional communications scenarios (e.g. by using virtual avatars) as well as acquisition of new data (e.g. from facial recognition) overlaid onto reality. VR gives users experiences in man-made environments wholly separate from reality.
Protecting Information Resources
Integrity. Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decisionmaking, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI—in settings such as public utilities and health care—will only exacerbate these potential effects. Russian cyber actors, who post disinformation on commercial websites, might seek to alter online media as a means to influence public discourse and create confusion. Chinese military doctrine outlines the use of cyber deception operations to conceal intentions, modify stored data, transmit false data, manipulate the flow of information, or influence public sentiments—all to induce errors and miscalculation in decisionmaking.
Infrastructure. Countries are becoming increasingly aware of both their own weaknesses and the asymmetric offensive opportunities presented by systemic and persistent vulnerabilities in key infrastructure sectors including health care, energy, finance, telecommunications, transportation, and water. For example, the US health care sector is rapidly evolving in ways never before imagined, and the cross-networking of personal data devices, electronic health records, medical devices, and hospital networks might play unanticipated roles in patient outcomes. Such risks are only heightened by largescale theft of health care data and the internationalization of critical US supply chains and service infrastructure.
A major US network equipment manufacturer acknowledged last December that someone repeatedly gained access to its network to change source code in order to make its products’ default encryption breakable. The intruders also introduced a default password to enable undetected access to some target networks worldwide.
Interoperability. Most governments are exploring ways to exert sovereign control over information accessible to and used by their citizens and are placing additional legal requirements on companies as they seek to balance security, privacy, and economic concerns. We assess that many countries will implement new laws and technologies to censor information, decrease online anonymity, and localize data within their national borders. Although these regulations will restrict freedoms online and increase the operating costs for US companies abroad, they will probably not introduce obstacles that threaten the functionality of the Internet.
Identity. Advances in the capabilities of many countries to exploit large data sets almost certainly increase the intelligence value of collecting bulk data and have probably contributed to increased targeting of personally identifiable information. Commercial vendors, who aggregate the bulk of digitized information about persons, will increasingly collect, analyze, and sell it to both foreign and domestic customers. We assess that countries are exploiting personal data to inform a variety of counterintelligence operations.
2
