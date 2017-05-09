At the recent Open Source Leadership Summit (OSLS) well-known security expert and CTO of IBM Resilient, Bruce Schneier, floated an interesting observation: “I contend that we’re building a world-sized robot without even realizing it” he said, referring to the combination of the internet and the billions of devices connected to it.

There are three core elements to this: sensors, prevalent among internet of things (IoT) devices; the ‘smarts’ of processors on these devices, but also those in the cloud; and the actuators that affect our environment, such as smart thermostats changing temperature or – an easier analogy to relate to – a driverless car steering on the road.

Earlier in the year in a blog-post Schneier had elaborated on this idea, stating “you can think of the sensors as the eyes and ears of the internet. You can think of the actuators as the hands and feet of the internet. And you can think of the stuff in the middle as the brain. We are building an internet that senses, thinks, and acts.”

And while there’s no central intelligence at the moment – though we can clearly align developments in AI as filling the gap here – the combination of real-world computing devices interconnected via the internet none the less poses an interesting problem. In his talk at the OSLS Schneier summed it up cleanly with “there’s a fundamental difference between when your spreadsheet crashes, and you lose your data, and when your car crashes and you lose your life.”

Which, of course, we’ve seen already with at least one high-profile example involving Tesla.

And therein lies part of the problem: we place so much trust in the technology we use today, often without thinking about it, on the assumption that if it made it to market it must be safe and reliable. Someone, somewhere, has done all the checks and balances and said it’s good to go.

But as anyone working in ICT knows, this isn’t the case. Software and hardware can be prone to bugs, simply because humans make mistakes. And more importantly, market forces appear to dictate that consumers want ever more features for increasingly less cost. In the process of making such products, security often plays second fiddle.

We’ve already seen plenty of examples of what this looks like, from DDoSing botnets that can knock a small country off the internet through to spying children’s toys, hackable pacemakers, and cars that can be taken over remotely.

But while consumers devices bear the brunt in publicity, it’s important to remember this isn’t just about TVs, DVRs, phones, toys, smart home appliances, driverless cars... it also applies to the coming developments of smart suburbs and eventually smart cities where we’ll see sensors and actuators that can control energy distribution, street lights, building temperatures, and transport. And then, of course, there’s industrial IoT as well: power stations, factories and more – what happens when you lose control of these? At the recent RSA Conference 2017 Ed Skoudis, Faculty Fellow and Penetration Testing Curriculum Lead at SANS, talking on ransomware asked “What would you pay to turn your lights back on? What would you pay to turn your heat back on?... What about what would you pay to turn your factory back on?”

The stakes are massive. Our giant, global, robot is permeating every part of our lives and perhaps can be best summed up by Schneier when he so clearly states: Computer security is now everything security.

It’s going to be an interesting decade, but one thing is sure: any solution will need skilled ICT professionals to play their part – which may include you – as will an increased focus on security in education and in certification. It’s time we took security seriously.

However our global robot turns out, let’s hope it’s more Data than Dalek. In the end, at least.

Ashton Mill has been writing about technology for 20 years and still gets excited about the latest techy gear. He’s also the Outreach Manager for the Australian Computer Society (www.acs.org.au), you can email him on ashton.mills@acs.org.au.