The writer is one of the gurus
* of the cybersecurity biz.
From New York Magazine's Select/All:
With the Internet of Things, we’re building a world-size robot. How are we going to control it?
Last
year, on October 21, your digital video recorder — or at least a DVR
like yours — knocked Twitter off the internet. Someone used your DVR,
along with millions of insecure webcams, routers, and other connected
devices, to launch an attack that started a chain reaction, resulting in
Twitter, Reddit, Netflix, and many sites going off the internet. You
probably didn’t realize that your DVR had that kind of power. But it
does.
All
computers are hackable. This has as much to do with the computer market
as it does with the technologies. We prefer our software full of
features and inexpensive, at the expense of security and reliability.
That your computer can affect the security of Twitter is a market
failure. The industry is filled with market failures that, until now,
have been largely ignorable. As computers continue to permeate our
homes, cars, businesses, these market failures will no longer be
tolerable. Our only solution will be regulation, and that regulation
will be foisted on us by a government desperate to “do something” in the
face of disaster.
In this article I want to outline the problems, both technical and political, and point to some regulatory solutions. Regulation
might be a dirty word in today’s political climate, but security is the
exception to our small-government bias. And as the threats posed by
computers become greater and more catastrophic, regulation will be
inevitable. So now’s the time to start thinking about it.
We
also need to reverse the trend to connect everything to the internet.
And if we risk harm and even death, we need to think twice about what we
connect and what we deliberately leave uncomputerized.
If
we get this wrong, the computer industry will look like the
pharmaceutical industry, or the aircraft industry. But if we get this
right, we can maintain the innovative environment of the internet that
has given us so much.
We no longer have things with computers embedded in them. We have computers with things attached to them.
Your
modern refrigerator is a computer that keeps things cold. Your oven,
similarly, is a computer that makes things hot. An ATM is a computer
with money inside. Your car is no longer a mechanical device with some
computers inside; it’s a computer with four wheels and an engine.
Actually, it’s a distributed system of over 100 computers with four
wheels and an engine. And, of course, your phones became full-power
general-purpose computers in 2007, when the iPhone was introduced.
We
wear computers: fitness trackers and computer-enabled medical devices —
and, of course, we carry our smartphones everywhere. Our homes have
smart thermostats, smart appliances, smart door locks, even smart light
bulbs. At work, many of those same smart devices are networked together
with CCTV cameras, sensors that detect customer movements, and
everything else. Cities are starting to embed smart sensors in roads,
streetlights, and sidewalk squares, also smart energy grids and smart
transportation networks. A nuclear power plant is really just a computer
that produces electricity, and — like everything else we’ve just listed
— it’s on the internet.
The
internet is no longer a web that we connect to. Instead, it’s a
computerized, networked, and interconnected world that we live in. This
is the future, and what we’re calling the Internet of Things.
Broadly
speaking, the Internet of Things has three parts. There are the sensors
that collect data about us and our environment: smart thermostats,
street and highway sensors, and those ubiquitous smartphones with their
motion sensors and GPS location receivers. Then there are the “smarts”
that figure out what the data means and what to do about it. This
includes all the computer processors on these devices and — increasingly
— in the cloud, as well as the memory that stores all of this
information. And finally, there are the actuators that affect our
environment. The point of a smart thermostat isn’t to record the
temperature; it’s to control the furnace and the air conditioner.
Driverless cars collect data about the road and the environment to steer
themselves safely to their destinations.
You
can think of the sensors as the eyes and ears of the internet. You can
think of the actuators as the hands and feet of the internet. And you
can think of the stuff in the middle as the brain. We are building an
internet that senses, thinks, and acts....
MORE
In 2014, security guru Bruce Schneier...
On the September-October 2016 events:
Uh Oh: Internet Security Pro Hit By Botnet Made Of Internet-of-Things Connected Cameras
This is very bad....
Details Emerge On The Big Internet-of-Things Hack: This Is Just Sick
"This Is Probably Why Half the Internet Shut Down Today [Update: It’s Happening Again]"