The Ghost of IoT
Secretive cyber-weapons can backfire or end up in the wrong people’s hands. The Internet of Things compounds the problem.
March 11, 2017
What if we developed a super powerful intelligent combat robot that was effective against any enemy, and then our enemies stole it? That’s the premise of the original Ghost in the Shell media franchise and upcoming film starring Scarlett Johansson, but there are also eerie parallels with what’s going on in secretive cyberwar operations across the world.
Only recently, Wikileaks alleged that the CIA “lost control of the majority of its hacking arsenal,” giving anyone possessing them “the entire hacking capacity of the CIA.” For now, Wikileaks has released a cache of 8700 documents and files, which it says are a fragment of the total.
History Repeats Itself: Powerful Software Attracts Thieves
The CIA leak would not been an isolated incident. In our uber-connected era, the more capable a nation state’s hacking tools are, the harder they seem to be to safeguard.
Only recently, The New York Times exposed a “secret cyberwar against North Korean missiles” that purportedly caused some of those weapons to malfunction. Exposing this sabotage program could lead nations like Russia and China to target U.S. missiles with cyber-weapons of their own, the Times reports. That wouldn’t necessarily be a new development, however. “I promise you, Russia and China have been targeting American missiles with cyberattacks since well before the World Wide Web even existed,” says Kenneth Geers, a senior research scientist at Comodo Group and a NATO Cyber Centre ambassador.
Note: The topic of IoT security is a key item on the agenda at Internet of Things World in Santa Clara this May. Check out the agenda for the world’s biggest IoT event.
In the past several years alone, details have emerged about several powerful and secretive cyber-weapons. In 2010, there was Stuxnet—purportedly a U.S.–Israeli cyber-weapon that caused physical damage to Iranian centrifuges. Iran seems to have responded to that initiative by beefing up its cyber army, launching attacks on U.S. banks and a New York dam. And in 2011, Iran claimed to have stolen a U.S. military drone in mid-air. In 2013, Edward Snowden revealed NSA’s cyber-espionage efforts, claiming the U.S. government could spy on citizens through smartphones and computers. Over the years, we have also learned of a U.S. defense program reportedly code-named Nitro Zeus designed to take down Iran’s air defenses, communication networks, and parts of its power grid.
Ultimately, the Internet is a war zone. NATO made that distinction official last year. “The geography of cyberspace changes all the time, and is subject not only to hostile data packets but human spies, and spectacular Special Forces operations that may achieve with explosives and wire cutters what hackers couldn’t accomplish with a digital denial-of-service,” Geers says.
The IoT as a Global Robot
In the modern age, not only are our computing devices potential attack vectors, so are our smartphones, routers, and smart TVs. “Computers run everything from elections to electricity, and they have always been intimately associated with national security,” Geers explains. “Tanks, planes, and ships today are rolling, flying, and floating computer networks.”
The potential for cyberwarfare only increases with the proliferation of the IoT technology across the industrial and consumer sectors. “Everything is becoming a computer,” Bruce Schneier explained in an RSA session this year. “And computer security is becoming everything security.”
According to one classic definition, to qualify as as a robot, a technology must sense, plan, and act. When you think about it, this is precisely what the Internet of Things aims to do. “I argue that we are creating a world-sized robot, and we don’t even realize it,” Schneier said.
Still, our common conception of a robot is inspired by science fiction—a robot is typically an independent entity housed in a metal shell with computing power within, and sensors and actuators at the surface. “But that’s not what we are building,” Schneier says. With the Internet of Things, we are creating a system that is distributed, potentially imbuing common objects, vehicles, and other devices with computing power. But lacking a central brain, IoT has no central authority or no singular goal or purpose. “And most importantly, it’s not something deliberately designed,” Schneier explains, referring to the totality of Internet connected devices.
But even tools that are carefully developed and safeguarded can end up empowering enemies. “This is also what the new (and old) movie Ghost in the Shell addresses,” Geers explains. “What happens when an adversary steals your powerful soldier-robots?”
About the Author
You May Also Like