“The Next President Will Face an Internet Disaster”
Donald Trump or Hillary Clinton is going to face a massive internet disaster during the next four to eight years.
This isn't some breach of confidentiality - the leak of celebrity photos, the naming of Ashley Madison users, the theft of Sony's documents by North Korea - that cost about $3.8 million on average.
No, we're talking about threats to the integrity and availability of the Internet of Things (IoT).
And people will die.
In late 2015, John Chambers, the former CEO of Cisco Systems Inc. (CSCO) forecast that by 2025, 500 billion (that's "billion," with a "b") devices would be connected to the internet.
Now, Chambers' number is much bigger than most observers' - including BI Intelligence, which expects to see 34 billion by 2020, or tech research firm Gartner, which predicts 21 billion.
Let's take the "conservative" estimate: Even 21 billion is about three times the number of people on Earth. That's still a big number.
The vulnerabilities that come with the number of connections like that are almost literally incalculable.
At the same time, device makers continue to prioritize profits over security. As we reported in December 2015, " ... authentication provider Auth0 found that 85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented."
As security technologist and Resilient Systems Inc. CTO Bruce Schneier explained in a July 25, 2016, article for article for Motherboard, "Classic information security is a triad: confidentiality, integrity, and availability.
You'll see it called "CIA," which admittedly is confusing in the context of national security. But basically, the three things I can do with your data are steal it (confidentiality), modify it (integrity), or prevent you from getting it (availability) ...With the advent of the Internet of Things and cyber-physical systems in general, we've given the internet hands and feet: the ability to directly affect the physical world. What used to be attacks against data and information have become attacks against flesh, steel, and concrete ...
"The Internet of Things will allow for attacks we can't even imagine."
It's true that we're creating more powerful and more useful systems. And it's equally true that the dangers inherent in such systems are more and more acute.
Here's how Director of National Intelligence James Clapper described the threat in the DNI's 2015 Worldwide Threat Assessment:
Most of the public discussion regarding cyber threats has focused on the confidentiality and availability of information; cyber espionage undermines confidentiality, whereas denial-of-service operations and data-deletion attacks undermine availability. In the future, however, we might also see more cyber operations that will change or manipulate electronic information in order to compromise its integrity (i.e. accuracy and reliability) instead of deleting it or disrupting access to it. Decision-making by senior government officials (civilian and military), corporate executives, investors, or others will be impaired if they cannot trust the information they are receiving.
The 2016 assessment included the following update:
Future cyber operations will almost certainly include an increased emphasis on changing or manipulating data to compromise its integrity (i.e., accuracy and reliability) to affect decision making, reduce trust in systems, or cause adverse physical effects. Broader adoption of IoT devices and AI - in settings such as public utilities and health care - will only exacerbate these potential effects.
Hackers will seek to exploit vulnerabilities in three areas: software control, interconnections, and autonomy.
Your computer is vulnerable to hackers and so is your thermostat and touchscreen universal remote once they come under software control.
That holds for your automobile, which can be hacked while it's parked in your driveway or while you're moving down the road at a healthy clip ... until you're not.
More devices mean more interconnections, and vulnerabilities in one device lead to attacks against others.
A recent hack of a Samsung Electronics Co. Ltd. smart refrigerator exposed Gmail login credentials.
Hospital IT networks have been compromised due to weaknesses in medical devices.
And Target Corp. (TGT) was attacked via a vulnerability in its HVAC system.
The number of vulnerabilities increases geometrically with the addition of each new connected device.
Now think about how fast we're taking humans out of so many equations: computer programs that control your thermostat, buy and sell stocks, drive a car, or control the electric grid.
Those autonomous systems can be compromised "immediately, automatically, and ubiquitously."
Will we notice something's wrong ... before it's too late?
It's hard to say at this point if policymakers will summon the wisdom and the will to act on the myriad potential threats represented by the IoT.
And cyber-criminals have an uncanny ability to stay under the radar for long periods, thanks to things like "leave-no-trace" malware that allows them to avoid exposure and remain undetected on networks for months at a time.
The criminal infrastructure they employ is highly transient, and they're extremely sophisticated in their use of IP addresses and internet service providers. They also use "bulletproof hosters," or providers located in non-cooperative countries, which allows them to remain online long enough to switch to different providers and remain stealthy.
All of that makes cybersecurity more and more difficult.
It's an ever-evolving undertaking. And the needs are constant. So from an investor's perspective, we prefer the diversification of PureFunds ISE Cybersecurity ETF (HACK).
The Internet of Things really is a matter of life and death.
© David Dittman