According to Motherboard, the catastrophic consequences of the “Internet of Things†are often very serious, and cars, power grids, dams, and tunnel ventilation systems can all be targets of hackers. The science fiction novel, recently published in The New York Magazine, details the scenes of attacks on cars, water systems, hospitals, elevators, and power grids in New York. Thousands of people have lost their lives in these disasters, and chaos has followed. Some assumptions may be overstated, but the threats faced by individuals are real, and traditional computer and network security are not enough to deal with the "Internet of Things" disaster.
Traditional information security is mainly composed of three parts, namely confidentiality, integrity and availability. You can simply refer to it as “CIAâ€, which is very important for national security. Basically, hackers can take advantage of your data in three ways, stealing (for confidentiality), modifying (for completeness), preventing you from getting and using data (availability).
The next president of the United States may be forced to deal with a large-scale network disaster that has caused countless deaths. So far, cyber threats have been largely targeted at confidentiality. These disasters are serious and expensive. A survey estimated that the average loss per data leak was approximately $3.8 million. At the same time, these disasters are also embarrassing, such as the hackers stealing Apple iCloud celebrity photos in 2014 or the 2015 affair dating site Ashley Madison user information was exposed.
In addition, these cyber attacks are also very devastating. The North Korean government reportedly stole thousands of internal documents from Sony Corporation of the United States in 2014 and stole 83 million user accounts from US investment bank JP Morgan Chase. They can even affect national security, such as the hacker-attack data leak in the Office of American Affairs in 2015.
But in the "Internet of Things" space, the threat of data integrity and availability goes far beyond the threat of confidentiality. For example, if your smart door lock can be eavesdropped, criminals can know who is at home. If the thief can open the smart door or prevent you from opening the door, it will have more serious consequences. Hackers can even prevent you from controlling your car or taking over control of your car, which is far more dangerous than eavesdropping on your conversation or tracking your car's position.
But with the emergence of the "Internet of Things" and network physical systems, we will give the Internet the ability to directly influence the physical world. Attacks on data and information by hackers may evolve into joint attacks on humans, steel, and concrete. Today's threats include hacking into the computer network and causing the plane to crash. You can remotely pick up the car and let them turn off or accelerate on the highway. We are worried that the electronic voting machine will be manipulated, the water pipe will be frozen by intruding into the thermostat, and the remote murder will be created by invading medical equipment. The "Internet of Things" has led to a myriad of disasters that will give hackers the ability to attack.
With the development of the "Internet of Things", the threats faced by the three areas are increasing, namely system software control, interconnection between systems, and automatic systems. Let's focus on these three aspects:
1. Software control. The “Internet of Things†is the inevitable result of all daily necessities. While giving us more convenience, it also poses a security threat. Because the more items are controlled by software, the more vulnerable they are to hackers. But because these items are usually inexpensive and require long-term continuous use, patches and upgrades commonly used on computers and smartphones may be less useful. Now, the only way to avoid the growing threat of home routers is to abandon the old purchases. The way to secure your computer and mobile phone every few years is not universal in terms of refrigerators and thermostats. On average, people have to replace the refrigerator for 15 years, and the thermostat almost never needs to be replaced. According to a recent survey by Princeton University, there are 500,000 unsafe devices on the Internet, and this number will explode.
2. System interconnection. As the connections between these systems become more and more tight, the attack on one system can cause other systems to be attacked. We can already see that the Samsung smart refrigerator has been attacked and the Gmail account will be attacked. The medical equipment loopholes can invade the hospital IT network, and the HVAC system can invade Target CorporaTIon. These systems are full of externalities that can affect other systems, causing unforeseen and potential damage.
In addition, some specially designed systems can have harmful results when combined with other systems. A system vulnerability may penetrate into other systems, and as a result, this vulnerability is not noticed and no one is responsible for repairing it. The "Internet of Things" will make this system vulnerability more common. This is a simple math problem. If 100 systems are interconnected, they can perform 5000 interconnections and generate 5,000 vulnerabilities. If 300 systems are interconnected, 45,000 interconnections can be generated and 1,000 systems can generate 12.5 million interconnections. Most interconnections are benign or harmless, but there are some consequences.
3. Autonomy. Our computer systems are becoming more automated, they can buy and sell stocks, switch furnaces, regulate current through the grid, and more. In the case of driverless cars, the car's automatic driving system delivers the user directly to the destination. Automation is a great technology no matter where you look. But from a security perspective, this means that hacking attacks can take effect immediately, and such attacks are ubiquitous. The more we remove humans from the loop, the faster hackers will launch attacks and create damage, and the greater the loss of our ability to rely on intelligent systems for error correction.
Governments are intervening. Last year, US National Intelligence Director (DNI) James Clapper and National Security Agency (NSA) director Mike Rogers testified in Congress to warn of these threats. They all think that we are in a state of vulnerability.
DNI emphasized in the 2015 Global Threat Assessment: "Most of the public discussions about cybersecurity focus on information confidentiality and availability, cyber espionage undermines confidentiality, and denial of service and data removal attacks can disrupt usability. In the future, however, we will also see more cyber attacks that will change or manipulate electronic information in order to undermine information integrity, rather than deleting data or disrupting access. If senior government officials, business executives, investors or others Decisions can't trust the information they receive, it will do more harm."
DNI concluded in the 2016 assessment report that “it is almost certain that future cyberattacks will include changing or manipulating data to undermine its integrity and thereby affecting decisions, reducing trust in the system or causing adverse physical impact. The widespread adoption of “Internet of Things†devices and artificial intelligence systems will accelerate the potential impact of these.â€
Security engineers are developing technologies to reduce this risk, but many solutions cannot be deployed without government involvement, which is not a problem that the market can solve. Just like data privacy, for most people and organizations, hazards and solutions are incomprehensible technologies. The company itself is unlikely to hide system insecurity from customers, users and the public. Interconnection is almost inevitable. Data leakage and harmful consequences, the company's interests often do not match the public interest.
The government needs to play a bigger role, including setting standards, regulatory rules, and implementing cross-company and cross-network solutions. The White House Cyber ​​Security National Action Plan has already talked about a lot of the right things, but it's not enough, because many of us are worried about government-led solutions. The next US president may need to deal with a network disaster that can lead to mass casualties. I hope that he/she can tell what the government can do, what the industry can't do, and politics will make it a reality.
Ningbo Autrends International Trade Co.,Ltd. , https://www.mosvapor.com