The Senior Manager of aap3’s Service Operations Centre has written this week’s blog on the security problems our digital future could bring. Back in the day, roughly once a week you would receive an email along the lines of “Subject: Very dangerous computer virus” informing you about how this evil programme would drink all your beer and run off with your life partner.
Obviously this is rubbish, though possibly not for long…
In early 2010, a worm (similar to a virus, but it can propagate itself) called Stuxnet appeared. It was different from most other viruses in two ways:
1) It was incredibly well made.
2) It didn’t appear, for something that had obviously required a lot of work, to have a meaningful objective.
Shortly afterwards, researchers worked out that the target was Siemens Step 7 software. More specifically, software that was controlling centrifuges like the ones the Iranians were “allegedly” using to refine nuclear material to make weapons. Stuxnet is thought to have physically destroyed about a fifth of the Iranians centrifuges, and probably have put their weapons program back a couple of years.
Thing is, it (probably) took the NSA to pull this off, so we don’t need to worry, right?
Wrong! In December 2014 a blast furnace in Germany was massively damaged when hackers caused control components to fail – http://www.bbc.co.uk/news/technology-30575104
You’re probably thinking “So what! I don’t own a blast furnace, and I gave up my nuclear weapons development plans last year, so this has nothing to do with me.” While you’d be technically correct, have a think about what’s happening with the current Internet of Things (IoT) trend.
IoT is taking off, and it’s not pie-in-the-sky. I do have a remotely controllable thermostat (Nest), and use a system called Z-Wave to do other cool things around the house.
Within the next couple of years it’s a near certainty that our homes, cars, appliances, and even medical devices like pacemakers and insulin pumps will all be connected to the internet. Suddenly it’s possible to identify when you’re away by your central heating schedule or internal security webcams and even open your front door, while turning off the alarm -all from a laptop.
Most, but by no means all, of the IoT technologies have some reasonable form of security built into them, but it’s down to the vendor to implement it, and the installer and user (that’s you!) to ensure any security is maintained.
The question is, do you trust them all, and are they capable and experienced?