In the month that the latest film in the blockbuster Terminator sci-fi series was released, I’m afraid I just couldn’t resist using the above title for this article.
It was triggered by my participation at an event set up by TechUK: http://www.techuk.org/about which went by the catchy title of
‘Securing the IoT: Overcoming the risks associated with a connected world’… I am sure you get the idea.
The Internet of Things
For those unsure about what Internet of Things (IoT) is (and you are not alone) here is a thumb-nail description: An aggregation of endpoints — or "things" — that are uniquely identifiable and that communicate over a network without human interaction
using some form of automated connectivity, be it locally or globally [Source: IDC, IDC's Worldwide Internet of Things Taxonomy, 2015]
For what might have seemed like a hugely specialist topic it was actually very interesting, bang on the money and also highly entertaining. TechUk had mustered three very interesting and engaging speakers (Duncan Brown @ IDC, Sian Jones @ Symantec and David
Rodgers – representing the Department of Culture, Media & Sport – or “The Ministry of Fun!” as it is fast becoming re-labelled) each of whom brought their own, different perspective to this issue.
Now I am intrigued by the IoT and can see that in many ways it is like the early Internet:
- it’s obviously a significant thing (most observers agree on that)
- some of its applications are clear but as yet many are not
- most organisations, sectors and businesses just haven’t gotten around to working out how it might (will) impact them and their customers;
- it will inevitably end up being used by consumers in ways that we in the Tech industries haven’t even dreamt of or thought likely or possible.
But equally and to use a much over used Rumsfeldism, because “we don’t know what we don’t know” yet about IoT it will also (by default) have a potentially Dark Side as well as the good.
A Dark Side?
There was much chuckling from the rest of the audience when I raised the subject of Rogue Machines, in fact I’d half expected to be talked-down or brushed aside by the panellists, however it appears that I am not alone in my dystopian concerns … all three
panellists launched into very serious responses.
Yes, Rogue Machines are a potential threat, but we are not necessarily talking about genocidal Terminator style titanium-alloy androids, controlled by an omnipresent paranoid Artificial Intelligence built by the military.
The threat is much more likely to come at us from one of the many millions, in fact billions, of tiny only barely sentient independent electronic devices that surround us in our daily lives.
These are not even our ‘clever’ electronic devices such as our smart phones or tablets, laptops or Kindles and it is not to say that suddenly these small devices, such as remote soil temperature monitoring devices or automatic lighting sensors or the chips
in our lifts that control service schedules will all go rogue, rise up and attack us.
No, it is just that these small devices, which in many cases have a power supply only just barely big enough to allow them to take their readings and to publish them into the IoT are potentially a massive hole in our collective cyber-security networks.
So why does it matter that a hacker can gain access easily to a dumb soil temperature monitor in a remote field in Eastern Europe?
Well, once into the IoT network via that device that same hacker could do untold damage to millions of domestic consumers or businesses.
Envisage the scene. A call is put through to a senior Executive of a major global insurance company … the caller states that unless a blackmail payment is made within a specified period every single household insured by that insurer will experience a significant
domestic water leak event.
Water leak claims are a major cost to insurers, representing as much as 75% of all household insurance claims already, but this potential event would be financially devastating. But how can the hacker achieve this? Well it might be as simple an action as
having established which households the insurer covers (via their database) and which of those households have certain IoT appliances (via ill-guarded extended warranty database perhaps) the hacker then goes about setting up a program to remotely override
the door opening mechanism on all the washing machines in homes insured by that insurer, whilst they are in mid-rinse cycle?
This is hardly the kind of crime worthy of a James Bond style Super Villain but it would certainly be very disruptive and potentially very lucrative to a cyber-blackmailer. I am sure we can all dream up many more similar scenarios and criminals will no doubt
dream up far more devious ones than any of us can!
But once into the IoT it is not only the ‘dumb’ devices that represent a network of opportunity to wreak havoc but also old technology that is inadequately protected.
By 2018 all cars built in the EU will require to include a SIM card, however there are cars that are already 10 years old driving our streets which have simple computing technology in them. That technology is relatively old now. It is still operative but
potentially vulnerable and whilst it is currently not deliberately connected into the IoT it has the capability to be drawn in if somebody so desired.
Think of all those other old devices still in use out in the consumer world. Many are ‘stupid’, like our soil temperature device, but at least it is still of interest to somebody somewhere and would be noticed if it went rogue). But there are many thousands
more stupid or dumb devices such as old cell-phones which are redundant but might still be operational not by intent but just by being ignored or by new tech being built in over them and every one of them potentially represents a weakness and a breach in the
Once you get you head around the idea that there will be 30 billion ‘smart’ devices in use by 2020 and that does not include the many more billions of ‘dumb’ devices also out in the general environment or smart-phones & wearables, you can start to grasp
the potential problems that governments, regulators and the technology businesses are going to have to grapple with.
We’ve already seen unwitting issues with pre-set passwords on baby-monitor cctv cameras resulting in infringements of personal privacy, with video streams of sleeping babies published on the web and significant data-protection fines … and that was just a
glimpse of what could happen (no pun intended).
Add to this complexity the issue that just like the early world-wide web, the Internet of Things is very quickly going to become hot consumer property, so now is most certainly the time to put in place protocols, standards and where essential, laws to govern
it, especially about the management, securing and even tracking down & disposal of these potentially ‘rogue’ devices.
The Light Side
Of course the IoT is not just about the digital technology, that is important but so is the physical technology.
A visionary washing-machine manufacturer can easily install a physical restraint mechanism on its doors so that cannot be automatically opened mid-cycle remotely, as most do already to prevent accidental human error, but what this simple example shows is
that IoT is also about an extended business eco-system.
A gas boiler that communicates consumption to an energy supplier and a consumer is one thing, but if it also notices a dramatic drop in water-pressure and communicates with the domestic electronic stop-cock, turning the water off at the mains, and sends
out a signal to the home-owners that there might be a leak – whilst also contacting the homeowners insurer to send round a claims prevention engineer (plumber) to fix the problem, the advantages are clear.
Likewise, if the pilot light in the boiler goes out or CO2 levels build up due to lack of servicing, the smart boiler will text the homeowner with a warning.
The IoT is a whole new step in human interaction with technology. It will be both powerful and liberating, but somebody also needs to consider the dark potential or “Dark Patterns” as David Rodgers called them and how to avoid or defend against them, even
if they are a problem from our own future, but as Arnie says in the film,
“I’ll be back”.
For more information on the IoT I suggest it is worth checking out: