After leaving Iraq in shambles, and before getting a slap on the hand for sharing classified information with his mistress biographer, General David Petraeus was the Director of the CIA. According to a 2008 story in Wired, Petraeus was estatic about the abundance of spying opportunities soon to be offered through the burgeoning Internet of Things (IoT). Any home appliance or device would, Petraeus said, “change our notions of secrecy.” Now, those same internet connected devices that spy on you are the devices that can also be attacked and disabled.
The catastrophic dangers of cyber criminals shutting down internet connected systems is the message from cyber security experts who recently testified before Congress about the “growing mass of poorly secured devices on the internet,” as reported by Technologyreview.com.
Testimony included the October 2016 cyber attack on the internet infrastructure provider Dyn, which caused the U.S. East Coast to experience a “large distributed denial of service” (DDoS). This attack was done by hacking into “hundreds of thousands of Internet- connected devices, from Web cameras to routers.” Because no one died, cyber security scholar Bruce Schneier called the event “benign,” but he and others warned of far greater dangers.
Medical records, hospital elevators and ventilation systems either are or will be connected on line, as are transportation systems, power grids, airline systems, water systems, automobiles, “smart” home systems and just about any “thing” coming down the pike will be enlisted in the IoT.
Manufacturers of these “things” have not given much thought to cyber security. Kevin Fu, a computer scientist and engineering professor at the University of Michigan, testified that a separate independent agency needs to tackle this issue. Some pre-marketing testing of devices should be done, Fu says, much like the National Transportation Safety Board, who studies what happens in accidents and then develops prevention measures. Think of a crash test dummy, but one used for an internet device.
Both Fu and Schneier agree that the risk to life and property is “massive and growing.” The article doesn’t specify if they discuseed the Stuxnet virus, which was the subject of Alex Gibney’s award winning documentary “Zero Days.” It is assumed, but not admitted officially, that the U.S. and Israel created this complicated and sophisticated cyber weapon which stealthily destroyed some of Iran’s nuclear subterfuges. Part of the target for Stuxnet was the Siemens S7-417 industrial controller used in many large systems in America. Is a societal collapse just a matter of time with these attacks that aren’t benign?