THREATCASTING as an Emerging Cybersecurity Challenge


Harriet Downs had it all: a great job, a loving husband, and two beautiful children. She was an up-and-coming programmer at Goldman Sachs for the company’s AI trading bots, on the fast track to management. She, her husband, Steve and the kids had just moved into a beautiful new house in Sevenoaks. Life was good.

Then one day, on the train to London, a man with the lion tattoo on his neck stopped her and showed her a video. She recognized the people on the screen. One of them was her. She remembered the terrible mistake she had made that night. Too much to drink. Too much stress at work. It was never going to happen again. But somehow the man had gotten the video, knew everything about her life, her habits, her family, her work.

And he wanted something. It was just a simple piece of code that needed to be inserted into the bots at work. No one would know or understand why the AI was selling millions of shares all at once. Yes, the markets would collapse. But just for a split second – long enough for the man’s ‘friends’ to make billions by shorting the stocks. Standing on the train, Harriet had a decision to make. If she said no, she would have no family, no job – nothing.

There is, of course, no Harriet Downs, this is a scenario made by Brian David Johnson and Natalie Vanatta. However, these sorts of near-future scenarios can be a powerful tool that might help us prepare for uncertain tomorrows.


The device used in the above scenario is called a science-fiction prototype, one of a range of tools used in threatcasting.

Many of us are familiar with the concept of scenario analysis, which deliberates future events by considering alternative possible outcomes. On the other hand, threatcasting is aimed at the identification of specific actions, indicators and concrete steps that can be taken today to disrupt, mitigate and recover from future threats.

Threatcasting, also referred to as ‘futurecasting’, is a conceptual framework, emerged in 2007 and used to help multidisciplinary groups envision future scenarios. It emerged when its creator Brian David Johnson as a futurist tried to imagine what we could expect from the technology products in the future.

Threatcasting is defined as a continuous, multiple-step process with inputs from social science, technical research, cultural history, economics, trends, expert interviews, and science fiction storytelling. These inputs inform the exploration of potential visions of the future.

This method is used for systematic planning against threats ten years in the future. It is done by utilising the threatcasting process for exploring possible future threats and to learn how to possible transform the desired future into reality while avoiding perceived threats.

It is believed by the threatcasting proponents that imagining future narratives – in which organised criminals, terrorist networks, or state-sponsored adversaries could deploy technology, people and organisations – to better plan for how to counter the risks they pose.

The deepfake technology, which we have depicted in one of our recent posts, is also seriously considered when performing threatcasting analysis. Appropriate deepfakes would be able to mislead the national security mechanism. Actually, there are already many ways in which reality is manipulated even without going into full-blown deepfakes.

Cyberwar scenario

The US Army Cyber Institute at West Point has produced an illustrative novel ‘Invisible Force’, which suggests that advanced technology such as doctored videos and artificial intelligence could be weaponised by foreign adversaries in the near future.

The story takes place in the year 2030, when a foreign adversary, in this case, the fictional nation of Donovia, uses artificial intelligence to undermine the United Nations’ response to a refugee crisis. Refugees fled from Africa to another fictional European nation of Atropia where they are held in a camp, which soon becomes the epicentre of a new strain of a virus.

Donovia works to break down trust between each stakeholder in the story: the public, refugees, military and government – until the truth is so distorted that no party has a clear idea of what is real and what is not.

Furthermore, Donovia spreads the misinformation that the virus vaccines are poisoned, which is not true, but the nation did hack into the refrigerated vans holding the vaccines and raised the temperature, thus spoiling the vaccines – and making the disinformation about the poison seem true.

In its cyber-attacks, Donovia manages to create unrest in Atropia. The deepfake videos, such as one showing a bomb in Atropia’s capital, spread on social media and prompted public outcries against the government and its allies.

Back to our reality and assessing the current global situation: it does not require a great effort to conclude that many things, the ideas and the themes, which are portrayed in the ‘Invisible force’ novel, are happening right now – and can easily worsen in the future.

A logical question would be: how do we defend against this? The answer is not straightforward and is already causing huge concern among those cybersecurity professionals trying to protect the national interest.

However, one thing is clear: if these concerns are not cogitated and addressed now, they will soon become international cybersecurity nightmares.

International policy implications

The scenarios described in this article provoke a question of how do we protect against highly sophisticated cyber-attacks that can cause national and international disasters. How do we prevent cyber Armageddon?

Should we try to individually protect our countries as it is largely the case in the present time? Should we all introduce a law relating to cybersecurity defence by retaliation. Such a law, called the ‘Active Cyber Defense Certainty Act’, was recently considered by the US Congress. Such a regulation would allow not just the states but also the corporate boards and executives to decide on utilising an active cyber defence by hacking back.

As we argued in a couple of our articles, such an approach will just cause more retaliation and fuelling international conflicts, which will only serve warmongers and terrorists.

Many genuinely concerned people firmly believe that this is the moment to call for serious international cooperation for building a sense of a wider community so that we are not going to be as vulnerable.

The current and future cyber warmongering and cyber-terror efforts art threatening – and will continue to threaten – the very survival of our species and should be our primary concern. We believe that until we find the will and the way to genially cooperate internationally, we are destined to suffer incalculable consequences.

The international cooperation in the cyber defence should be included in the threatcasting analysis and response. The threatcasting analysts should consider the common approach to how governments should behave in cyberspace. Such an approach is, for example, developed by the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security and presented to the UN in 2015.

The improved cyber risk management of the G20 by encouraging the development of a harmonised cybersecurity baseline framework is another example of the proposed international cooperation in the cyberspace.

The development of a concept for a global interoperable information-sharing platform under OECD guidance, and a process leading to norms for responsible state behaviour would certainly be more appropriate than a single country’s retaliating response.

We are here reaffirming what we recently suggested: cooperation in the areas such as sharing of information and best practices relating to cybersecurity and effective coordination against cybercrime, cyberwars and cyber-terrorism – are the ways to make more secure cyberspace. The development of international norms, principles and standards should be an urgent job of international organisations such as the UN, International Telecommunication Union, European Union, OECD, BRICS as well as various military alliances.

The choice is ours. We can cooperate in preventing the above-described scenarios or to indifferently march to the cyberwar or cyber terrorism provoked oblivion.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s