Insecurity The Price Of Ubiquity
The mainstream media seems enamored by the ubiquitous Internet, but it's not doing much to reveal the risks of interconnected computers.
The mainstream media seems enamored by the ubiquitous Internet, but it's not doing much to reveal the risks of interconnected computers.
Three separate incidents have brought ubiquitous Internet to my attention in the past few days. The first was on a podcast I listen to regularly, NPR's On The Media. Featured was an interview with Ray Kurzweil about his predictions about the merging of humans and networks, as well as stories about the impact on human intelligence as the Internet becomes more pervasive.
While I was still processing those stories, I found a reference in one of my mailing lists the Internet-connected coffee pot vulnerabilities discovered last year.
Then a few nights ago, I was watching an episode of CSI: NY, which featured a man dying from an exploding pacemaker. A helpful clue for the team came when they discovered his pacemaker communicated via his cell phone's data connection, his heart status backed up to a database at the manufacturer.
So here we have three unusual Internet connections -- one very real (coffee pot), one available if not widely in use (pacemaker), and one vision of the future that will likely not be too far off from what will happen.
What struck me about all three scenarios is how the products don't really seem to be focused at all on the risks of an Internet connection. The coffee maker contains, among other things, a heating element, electricity, and water. Finding a way to exploit it could result in anything from a nonfunctional machine to a fire. That certainly should warrant a bit of care when thinking about whether you really need to save the five minutes it will take to wait for your espresso as it brews.
The pacemaker connection seems to be focused on allowing a patient to have a doctor remotely monitor his heart activity. Not being a doctor, I can't say how useful this feature really is, but assuming there is truly good to be served, I can only hope that the little thing can't be adjusted by that same doctor because time has proved again and again that the doctor won't be the only one who will be able to make adjustments.
Finally, the merging of humans and the Internet is the stuff of science fiction, of course. And as a fan of science fiction, I know enough to not discount it entirely. Some people certainly feel that more constant communication is better -- the proliferation of the mobile phone, the BlackBerry, and the iPhone attest to that. The case for increased productivity as a result of such devices can be made. My brother often does work with his iPhone when he's on the train between home and office, for example, and he'd be less likely to do that on a laptop.
On the other hand, the more useful they become for business, the bigger the exposure of the business' data. I can only imagine the exposure once employees' brains are online. And I can easily imagine that the inability to separate from work would result in a substantial decrease in productivity. Of course, the big problem is to be useful, such an interface would need to be bidirectional. Then what happens when somebody hacks your CFO's brain -- not to extract current financials -- but to alter the strategic course of your business?
The trend today of considering the Internet a one-solution-fits-all-problems was confirmed by none other than Homer Simpson. In the episode in which the kids get trapped in the school because of a snowstorm, Marge wonders aloud how the kids will get home. Homer's response? "I dunno. The Internet?"
The Internet is truly an incredibly useful tool for business, but it seems to me that many of our toolkits have become hammer-based. That is, we look at problems in business and can only see nails: Internet-based solutions. Perhaps we need to be looking for other tools; some of those nails may have exploding heads.
-- Nathan Spande implemented security in medical systems during the dot-com boom and bust and suffered through federal government security implementations. Special to Dark Reading
About the Author
You May Also Like