The Huge Task Of Building Safety Into The Metaverse

News Room

Executive Chairman of the Tortora Brayda Institute and Co-Founder of the National AI & Cybersecurity ISAO.

The metaverse is only emerging, but don’t limit your vision of it as just being a platform for games (Second Life, World of Warcraft, Roblox) as you might experience them today. Think beyond. Dare to imagine. We are building it with our collective imagination.

The metaverse is a new way to interact with friends, family and strangers (natural and artificial). It’s a new way to work, study and play. We can shop, explore, travel, do business, attend concerts, go to social gatherings and engage in virtual sports—all without geolocational constraints. You could virtually join a top NFL team or a soccer team like Barcelona FC and play as a team member in a realistic, immersive VR setting.

The idea is even bigger than that. I believe the metaverse will eventually replace the internet as we know it. Your daily work will one day be done on this new medium. Everything in physical reality can also be experienced in the metaverse, and everything imaginary can be interwoven into the fabric of your VR world.

The Metaverse And Its Cybersecurity Implications

As a user, the metaverse can help you avoid bias or discrimination through blissful anonymity. On the other hand, we are concerned that we may not be able to easily verify another person’s true identity or intentions. This could quickly become a cybercriminal’s paradise.

The metaverse, as it is currently envisaged, is a nowhere land in which it is unclear if any laws would or could exist. How do you legislate a virtual world? Should you apply the rules of where the data centers reside? The laws of where the users actually exist? How do you police cybercriminals, perverts, hate speech or bullies in the metaverse?

The dangers and implications of this are immense; the vulnerabilities are deep, fundamental and as human as they are technical. We, as cybersecurity professionals and members of society at large, must think ahead and participate actively in developing standards, and frameworks, and push hard to build cybersecurity into the fabric of the software architecture, from the ground up, and not just wait to apply a Band-Aid when it’s too late.

One of the most significant concerns is identity theft and social engineering. In the metaverse, users can create avatars that look, sound and act like anyone they wish to impersonate. This is already happening over video conferences. This will make it easier for cybercriminals to steal users’ identities by hacking into their accounts, putting metaverse wallets (and your credit cards or bank accounts) at risk. This is one of the biggest problems to solve, as trust is necessary for it to grow.

User data on the metaverse can grow to be extremely rich; an adversary could capture not only behavioral information but also political and societal preferences and biometric data. Malware and ransomware will grow opportunistically in this new vector.

Nonprofit advocacy group SumOfUs described the metaverse as “another cesspool of toxic content” concerning the issue of harassment. The group is right to raise awareness about this issue; we already see so much toxic behavior in regular social media, where people’s shouting is expressed in innocent capital letters. But imagine how that would feel in an immersive, realistic environment. Consider also that metaverse wearables are subject to cyber operational technology threats, meaning that people could hack into your devices and possibly cause physical harm.

What Can Be Done?

User authentication needs to be implemented in the most robust possible manner. We need to couple biometric authentication with multi-factor authentication and blockchain technology. A good example of this emergent approach has been developed by TS2 Space in Poland.

There is a need for a multi-stakeholder approach to the creation, development and implementation of standardization protocols. Currently, these can be seen as still embryonic. IEEE makes a case that standards and interoperability are fundamental to the metaverse becoming a reality.

Operational technology must be secured better than today because the threat of physical harm can not be overstated.

Data encryption will be fundamental to security, and with the threat quantum computing poses on encryption becoming more imminent, we should build the metaverse with post-quantum encryption in mind.

And then cybersecurity awareness must become a pervasive reality, especially among vulnerable groups who may be less tech-savvy. The metaverse will breed new social engineering phishing-variant vectors into play.

Policing The Virtual World

This must be a bilateral effort. Governments and Big Tech must unite and orchestrate a public-private partnership to police this new digital reality.

If a crime occurs in the metaverse, it is unclear which legal system or nation will have jurisdiction over the case. International legislative efforts will be required to handle these complexities.

I am sure that many of us have had first-person incidents on social media and have felt that corporations have let hackers slip through the net and pose as wolves in sheep’s clothing. Research shows this is the norm, and they come in droves to interact with innocent users.

The European Union is considering legislation to regulate the metaverse. Interpol is also becoming active in the domain, and the World Economic Forum has led some great initiatives. We hope to see better orchestration between stakeholders, but all this will take time to accomplish.

Law enforcement officers must work alongside metaverse platform owners and adapt to using VR, learn how to go about emergency response online and get accustomed to being on the virtual “beat.” It is possible that end-user behavior analysis can be adapted to leverage AI to enable the police to identify risky behavior. AI will certainly have a big part to play in future online law enforcement.

It is unclear how all this will turn out; we are talking about building, legislating and policing a parallel world—a massive human ingenuity achievement. However, it is essential to start thinking about these issues now and to forge new international partnerships, as we need everyone’s contribution toward this herculean challenge to ensure that the metaverse is a safe, inspiring and effective space for everyone.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Read the full article here

Share this Article
Leave a comment