This automatically-generated transcript is taken from the IT Pro Podcast episode ‘The 2022 that didn't happen'. We apologise for any errors.
Rory Bathgate
Hi, I'm Rory Bathgate.
Jane McCallion
And I'm Jane McCallion.
Rory
And you're listening to a special festive edition of the IT Pro podcast. Obviously, as you've noticed, Jane is back.
Jane
I am! I am a Christmas present to our listeners. That's not a miracle. I was always hoping to come back. But yeah, it's a Christmas present to our listeners.
Rory
Yes, this was planned, but it's much, much awaited. For any new listeners who may not know who Jane is. Why don't you introduce yourself?
Jane
Sure. So I am one of the original cofounders of the IT Pro Podcast along with the departed Adam Shepherd. And I am also deputy editor at IT Pro.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
Rory
And you've just made your grand return.
Jane
I have, I have. It's good to be back. And good to be back for this special Christmas edition of the IT Pro podcast. It's one of my favourite times of year where we get to look back at what happened over the course of 2022. But we're taking a bit of a different tack this year, aren't we Rory?
Rory
We are. We figured that you've been around for 2022. You know what happened this year? We could rehash some of the big news stories of the year. But we thought it could be more interesting to talk about some of the things that haven't happened this year, maybe things that were predicted to happen, or things that were promised to happen. But that haven't quite turned out that way.
Jane
So why don't we start off with the metaverse. Now, last year when I went away, metaverse — and indeed prior to that. The metaverse was what it was all going to be about, you know, we're all going to be living in some kind of virtual reality. We're going to be doing our business with headsets on our faces, which is somehow going to enhance the sort of remote working experience. And on and on with the sort of more vague parts of what the metaverse is, apart from possibly a fever dream of Mark Zuckerberg. As far as I can tell, I appear to be still living the normal reality unless you believe in simulation theory. So why why are we not doing business and living in a completely different way to how we were this time last year?
Rory
Well Meta, formally Facebook, I mean, they've transformed their entire business model, really, towards this technology. They've poured a lot of money, a lot of money into Reality Labs, which is their division that does all things metaverse tech, whether it's VR or AR or any of the associated systems. They've spent around $15 billion this year alone on metaverse technology, and depending on who you ask between $30 and $100 billion in total, for research and development. And yeah, it feels like at the start of every year for the past few years we've been told "this year you'll really understand the business applications of the metaverse".
Jane
It's like the dragons in Game of Thrones: "They're coming! I promise."
Rory
Exactly, or the winter and then when we finally see it, it's a bit disappointing. We were shown this year we were shown Horizon Worlds. We were shown some demos of Mark Zuckerberg walking around —
Jane
What's a 'horizon world'?
Rory
So Horizon Worlds is Meta's, one of the programs that they're promoting for the metaverse. It's a kind of a virtual meeting place. And it was announced to much fanfare this year, and very quickly ridiculed online. A lot of comparisons were drawn to the Nintendo Wii, the Miis from 2006. And much fun was made, comparisons to Second Life. Detrimental comparisons to Second Life were made.
Jane
I'm not sure there are any good comparisons to Second Life.
Rory
Yeah, I think a lot of people were quite confused about what Meta is so proud of. I think Mark Zuckerberg is clearly very invested, not just financially but also he seems extremely excited about metaverse technology. But aside from maybe, some people who have specific views of what it could be a decade from now, no one seems to really share or understand his vision.
Jane
Yeah he seems to have, like, found his calling outside of just making a whole load of money and connecting you to your racist uncle. But I don't think anybody is also hearing that call like, it's just him and his philosophy. From the sound of the investment metaverse is very much happening over at Meta, at least fiscally. But it just doesn't seem to be, I'm not sure I can see it getting off the ground at all. But our colleague, Bobby Hellard, who is our reviews editor, he recently reviewed the Meta Quest Pro VR headset, which we will drop a link in the show notes, too. And when he got out of that event, we were talking and he seems kind of quite impressed by the metaverse itself. The headset, not so much; the photo of him looks, he looks like a fighter pilot or something or a remake of The Fly where it's a bit more flashy. And yeah, that seems... you're still going to look like a dork with it on your head. But the actual metaverse experience seems to have impressed him. And you know, he's not easily won over by trinkets and so on.
Rory
No, he's a discerning reviewer. And I think, as you're saying, he does seem to have been impressed by the sort of audio visual experience of being in a meeting with someone. I know that not to pre-empt the review too much, but he does mention being quite surprised at how quickly his brain adjusted to just accepting that someone else was in the room with him, even though someone wasn't in the room with him, which is one of the main capabilities of metaverse tech that that has always been touted. It's quite an easy one to understand is "Oh instead of video calls, instead of online conferencing, there's a kind of a 3D element now, you can feel like you're in the room with someone". I think the question that has to be asked, though, is, although it's fair to say, oh, "being on a video call is not the same as being in the room with someone", is metaverse tech the same as being in the room with someone? Considering the incredible controlled nature of demos currently, which happen on a campus or on a Meta site, with the technology, with the special rooms for it. Is this something that officers can really implement very easily? Are we going to be sitting at our desks looking, as Bobby did, like some sort of large bee or fighter pilot?
Jane
Yeah, I mean, also there's the question of how much is this going to cost? Like if the headsets cost, you know, ultimately come down to a fairly low price point, where pretty much everyone could use them instead of a video call or a call, then maybe. But if not, if they're just so expensive forever, that's going to prohibit sort of widespread adoption. And that's gonna be, it's gonna be a real question for Meta. I do also feel that it might be a solution looking for a problem, rather than... I'm not sure that anybody outside of hardcore techies actually cares that much. And even then, I don't see like you said, people are kind of mocking it. And these are people who are interested in tech. My mum isn't going to be mocking it, because she's not a techie. Or like my sister, because she's not either. It's only people like us who care, and the care that we have is that we don't like it. It's silly.
Rory
Yeah, I think on that point of it being a solution looking for a problem, the kind of overriding mood that I'm getting this year, not just from from Twitter, but also from speaking to family and friends about the metaverse is that people either speak of it with degrees of derision, with an awareness of how much money has been spent on it, and what they've got to show for it so far, or people aren't really even sure what it is. But they don't have a metaverse-shaped hole in their life. I think I've spoken to people who've made comparisons between the metaverse and web three in that they're both very hyped up keywords that people really don't care or understand what they what those mean. That's sort of seeing headlines saying the metaverse tech could change everything. But that doesn't I don't feel like this year has cemented a specific vision of that in people's minds.
Jane
And like does it make life easier? That's always the question about like new tech, does it make life easier for you? And I think the answer is no, not really. I've seen I've seen somebody get or you've been at a conference where some other VR Tech was demoed. And it's to other tech journalists, who, at least one of them felt really quite unwell.
Rory
Oh no!
Jane
yeah, one of them's fine. Every time I've tried it, I've been fine. But I don't suffer from motion sickness anyway. But yeah, at least one of these journos was just not at all well.
Rory
It's like when Valve made the VR Half Life game, they tried to make a VR Portal game as well. They did tests for VR portal, but everyone who tried it just felt horrible.
Jane
Yeah. Kind of being shot through alternate dimensions or wormholes. Or however it is the portal tech works. I'm not sure it's quite explained. Yeah, you come flying, you build a bit of speed, flying out of a ceiling or whatever? No.
Rory
Yeah it's bad.
So something else that's happened this year, not right from the start of the year, but following Russia's invasion of Ukraine, in February of 2022. In the immediate aftermath of this, there were some very senior security executives who expressed concerns that cyber warfare could play a main role in the in the military campaign, and that this cyber warfare could be a kind of a staging ground, a training ground for future cyber warfare campaigns by the Russian military and by Russian state sponsored threat actors against other European countries. In the immediate weeks following the invasion, there were also concerns for a UK specific cybersecurity experts, the NCSC had put out a put out an advisory on how to keep security experts kind of motivated, there was a... there were worries around burnout, that this cyber warfare could be so intense, that it could wear down the UK as cybersecurity operations, cybersecurity experts and that could leave us vulnerable.
Jane
Do you know what that really reminds me of? It's not something tech related at all. during the Blitz, you know, we kind of remember blitz spirit in this setting the other, but the government thought that the bombs would start dropping on London and other cities and everybody would lose their minds, they would just lose their mind. And, you know, their spirit would just be completely eroded the first time that anything happened. And of course, that's not what happened. You people pull together, there was crime that happened, especially during the blackout, but that pulling together is the exact opposite of what the government thought was going to happen. It's a mistake that people make over and over again, that, you know, when faced with difficult circumstances, every body's just gonna revert to their most basic nature. Like everything will go wrong. And it really reminds me of that, which is, you know, that's never what happens. And evidently, for security professionals, admittedly, as we're about to come on to, they didn't face the attacks that was that was seen. But they appear to have kept cool heads, as far as I can tell, and, you know, GCHQ, MI5 and so on probably have a greater knowledge of any incursions that did try to happen, but to the best of my knowledge. Nobody has kind of completely completely lost it.
Rory
Yeah, exactly. I think this is all tied up in sort of early conflict concerns. I guess if you cast your mind back to that period, obviously, things were kind of touch and go for a bit there. There were military experts every day on the news saying things like oh, well, Ukraine can only last X many weeks. And not to undermine at all the the extreme efforts that have gone into keeping Ukraine safe. This isn't just a thing that didn't happen, but something that people put a huge amount of effort into preventing from happening. But as you say, there hasn't been a collapse of UK cybersecurity professionals. There hasn't been a collapse in other regions either. Ukraine has weathered a huge wave of cyberattacks, particularly towards the start of the military operations in Ukraine.
Jane
No, no, no, no, no, no, let's let's call this what it is. Is it a special military operation? It's an invasion.
Rory
Absolutely an invasion, unprovoked invasion of Ukraine, by Russia. There's a group that Microsoft called IRIDIUM, which is a state-sponsored threat group that go by a number of names. They were using wipers, particularly in the early stages of the invasion, such as HermeticWiper, to essentially sow as much chaos as possible. Attacks on critical national infrastructure are kind of the name of the game for Russian state-sponsored threat actors, attacks on the energy, grid attacks on healthcare, on transport, and on government entities. This isn't anything new.
Jane
Ukraine, this isn't their first dance with attacks on critical infrastructure, the Black Energy attacks towards the middle of the last decade, 2015, 2016 was really crippling, but that means, you know, it's kind of obvious what Russia might get up to. So I wouldn't be at all surprised if they were far more prepared for that, especially, you know, in the preceding weeks and months, where there was a lot of sabre rattling and Russian forces building up on the border while denying that they were going to stage an invasion. So I think that's an element of that. And when you look back at the beginning of all this, there was a lot of of doom mongering, like you say, there was the anticipation that Ukraine could only last a few weeks, I think that a lot of people underestimated Zelensky. In general, I think people underestimated the preparedness of Ukraine for these kind of cyber attacks. Rory you're, to give the game away here to our listeners, because you can't see us, and also my youthful appearance. There's quite a big age gap between the two of us. I am you know, I was in school in the 1980s. And you know, when the threat of nuclear war was real, and it looked like it was happening again. And so once that had dissipated, I think just there's been wave after wave of really terrible stuff is gonna happen. And actually, you kind of, we haven't all died in a fiery nuclear holocaust. To the best of my knowledge, unless we are now living in a simulation calling back to our just a moment ago, Ukraine has lasted a lot more than three weeks. There haven't been while there have been attacks. They haven't caused the kind of disruption in Ukraine, or indeed other former Soviet states, because there has been some cyber incursions, let's call them in Poland. And like, say other former Soviet states. So what do we think is possibly the reason why has this not happened? Was it just that we massively overestimated the cyber capabilities of Russia? Or is it something else?
Rory
So I think there's a couple factors at play here. As you're pointing out, this is this isn't so much a, "this was predicted, and the experts were dead wrong" as "we were presented with a kind of a worst case scenario, and thankfully that hasn't turned out to be the case". I think, as you pointed out, Ukraine had really been gearing up for attacks of this nature for quite a while. In addition to that, Ukraine has had a lot of assistance from other nation states, from the UK, the US, but also from private companies. Microsoft has, more or less had a division dedicated to Ukraine, since the invasion first happened. And Microsoft has dedicated a lot of very up-to-date threat intelligence, to stopping threat groups like IRIDIUM. It's worth mentioning that, as you pointed out, cyber attacks are starting to affect nearby nations. There was a recent Microsoft report on what they believe to be a new stage of the campaign that's now beginning where in addition to combining cyber attacks with kinetic attacks so that's, say, launching a cyber attack against a strategic location or just any national infrastructure such as a hospital before then hitting it with a missile strike or hitting surrounding regions with a missile strike. So a devastating new part of the campaign, but that does speak some experts thinks we're kind of a desperation that's growing among the Russian ranks.
Jane
I mean, tactically not to not to big up the Russian forces at all here, but tactically that's quite clever. You don't have to, as we think the Russians have diminishing supplies of traditional kinetic weapons. by which we mean missiles, bombs and so on. Which is what's thought and yet perhaps there wasn't what we thought there anyway and they can't resupply, it makes sense to use a less resource intensive attack. So say a cyber attack to disable a hospital, so that you can't then treat either soldiers or civilians who are injured in in the following attack. Tactically, it's sound tactics in my mind, although I am not a military expert or a cyber expert.
Rory
Right. So it's exactly it's, and it does speak to a, as I say, a kind of a desperation. Obviously, there will be, well, hopefully after the fact, there's going to be some very frank discussions and very frank investigations into the exact nature of these attacks. And you know, that there is talk of these kind of war crimes being committed. But it's clear that that cyber operations continue to play a very key role in these continued attacks on Ukrainian civilians on Ukrainian targets. And as part of this new campaign, Microsoft have identified a kind of a growing wave of attacks on supply chains that support Ukraine. So as you pointed out, Poland recently weathered an attack with a ransomware variant called Prestige. And, it's believed by Microsoft, that states that are supporting Ukraine will likely see increased ransomware wiper activity over the coming months, and also potentially disinformation campaigns which is not always, doesn't always crossover with threat actors. But often it does. Yeah, bot accounts on Twitter are a good example of sowing mistrust in one's government or sowing lies, and disinformation that can obscure the truth around what's going on, for example, calling an invasion, a special military operation.
Jane
Yeah and I think, you know, kind of from that point of view, for us, we're not able to best my knowledge Rory neither of us speak Ukrainian, neither of us speak Russian or Polish. So we're not gonna see, some of these or indeed Estonian or, or some of the other countries that are being targeted by disinformation campaigns. So it's gonna go largely over our heads because we're not the target. We're not, doesn't kind of matter to them.
Rory
Exactly. And I think to kind of round it off, it's worth acknowledging at this stage, that we're talking here about the very specific predictions that happened at the start of the year. The worst case scenarios that were presented at the time. And the real concerns, founded in very real possibilities, that thankfully have not come to pass as a mixture of different factors and also as a testament to the extreme efforts of those in Ukraine and those aiding Ukraine. And in that regard, it's a kind of a thing that we're thankful hasn't come to pass in 2022.
Jane
Indeed. Yeah, not to make light of it, unlike indeed our piece on Meta. And moving onto, moving onto our government here, the 'bonfire of regulations'. Now, every bonfire of regulations or red tape or whatever, for the past several years in the UK has been rained off. Every single one of them has been rained off for whatever reason. And what we were promised in 2022, was a bonfire of EU regulation that has been adopted into UK law. Now, this ranged from everything from the curvature of your bananas, through to how many children a child-minder can look at at any one time, you know, anything and everything that might at any time have been touched by the EU is in the bin. And for our listeners, probably the most relevant one of these is GDPR, which was fully targeted. And then once again, to the best of my knowledge, the bonfire has not set light to.
Rory
Exactly we've had, well, two distinct pledges to either greatly alter or bin GDPR altogether this year. The first was in June, the first solid one anyway, we had the Data Reform Bill kind of formally unveiled, and to much fanfare. We covered it at the time, and at the time, it was cited as the definitive way of getting rid of 'red tape' and the 'pointless paperwork' of GDPR, and also for kind of accelerating scientific research in the UK by lowering the bar of data protection necessary for scientific studies. Obviously, it was touted as a way of ripping up GDPR. In reality, we would have kept some existing protections, while others would have been scrapped or altered. So for example, it would have meant that there were conditions in which some businesses wouldn't have to appoint a data protection officer. Or they wouldn't have to conduct data protection impact assessments. And at the time, government claimed that this would save businesses a billion pounds a year
Jane
I think it's 98-99% of businesses operating in the UK are small and medium businesses. And of that 99%, the vast majority of those are micro-businesses, which is to say, your sole traders through to a handful of staff. I'm not sure that they have a turnover, that is big enough. I suppose it's not £1 billion per business, is it, which is what I had in mind at first, but still just thinking about the profile of UK businesses and thinking "I'm not sure, I'm not sure how real that is". Or indeed, the other way of looking at it is how much of an impact that is going to actually have on the majority of our businesses, because also the GDPR obligations are governed by the size of your business. If you are three people then there are some dispensations made, like you don't need a data protection officer, because you are already all writing the same tune and singing the same tune.
Rory
Exactly. And these were criticisms that were made at the time, quite quickly pointed out that of course, there's a huge swathe of businesses that it doesn't really affect. And at the same time, the larger businesses were unlikely to see the kind of shredding of legislation that the government was promising, given that if you're trading outside of the UK, if you're trading in the EU, you have to be GDPR compliant anyway. And at the time there was criticism that this was actually just going to muddy the waters, that this would potentially lead to increased costs for businesses, because they're kind of having to spin two plates now on data protection instead of one. There was some praise for the scientific community, there was a specific focus of the bill that would make it so that say you were running a study into artificial intelligence, you would only have to seek consent for collecting data on that basis. You wouldn't have to break it down into each specific arm of the study, which currently is the law. But anyway, this didn't come to pass.
Jane
Where is now? Is it stuffed down the back of a filing cabinet somewhere? Did it get kicked out at the Lord's? Did they ever make it into kind of the parliamentary process? What happened to this thing?
Rory
So this was going through the parliamentary process when the cabinet toppled,
Jane
Oh.
Rory
Johnson resigned. There was a huge cabinet reshuffle, we were plunged into a long leadership contest. And it was sort of shelved at this point. And when Liz Truss took control replaced it entirely.
Jane
Remember that?
Rory
In the short period of Liz Truss that we experienced, her cabinet decided to scrap the Data Reform Bill entirely, in favour of a new system that they said would replace GDPR and it was described as a "bespoke British system".
Jane
If I hear the word "bespoke" once more. Just like in any context I'm just gonna, I don't know, explode. Lie down for a bit in a darkened room, because it's just become one of those words, that means absolutely nothing.
Rory
Well, as you point out, very little details given for this solution. If the, to use your analogy from earlier, if the Data Reform Bill was a bonfire that had been set up, but was rained off, then the new bespoke British system was still sourcing kindling at the point that Truss fell. At the time, we were told that it was going to be written in collaboration with businesses. So they hadn't actually, hadn't got to writing any of it yet, but they also gave an example of a DCMS survey, which is the Department for Digital Culture, Media and Sport, indicated that 50% of businesses were worried about the excessive caution that GDPR causes. Obviously 50% isn't necessarily indicative of a burning desire to reform GDPR in the industry, but it doesn't matter anyway because this has been sort of quietly forgotten about, shelved, moved on from. Certainly, the GDPR legislation remains unsinged, I'd say it's, it's in pretty good shape. There's been no bonfire as of yet.
Jane
Yeah. And I've not really heard word further about it. Where do we sit at the moment as Rishi Sunak who, as we record is the Prime Minister, but we are currently in the year of the three prime ministers. So who knows by the time this goes out? Has he put his eyes on this at all? Is it, is GDPR being targeted? Or has just even talk of reforming it been quietly shelved?
Rory
So Sunak came in with a promise in his campaign to shred GDPR legislation. He he's not a fan of the bonfire analogy. But he was very much in favour of using the shredding analogy. In the past, he's voiced support for altering or scrapping GDPR. I think it's a very common talking point among government ministers. As for specific legislation, there isn't much in the way of this right now. The government has, since taking power, made again reference to overhauling in general laws imposed by the EU. But for lack of a solid replacement, I think a lot of businesses have decided to kind of ignore what the government is saying right now. Until something firm is put on the table that can actually be discussed, debated, pushed through the houses.
Jane
Well, I think with our rained-off bonfires and broken shredders and all the rest of our metaphors, I think we're going to leave the news that never was of 2022. It's been great to look back over everything Rory, thank you for your input and bringing me up to date with fiction.
Rory
Thank you for joining me on this journey of the 2022 that never was. As always, you can find links to all of the topics we've spoken about today in the show notes and even more on our website at it pro.co.uk.
Jane
You can also follow us on social media as well as subscribe to our daily newsletter.
Rory
Don't forget to subscribe to the IT Pro podcast wherever you find podcasts. And if you're enjoying the show, why not leave us a rating and a review.
Jane
We'll be back next week with a look forward to 2023, but it's not a prediction show. We'll see you then, Happy Christmas.
Rory
Happy Christmas.
ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.
For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.