Internet of Things
Will the “Internet of Things” Help You or Hurt You?
Dr. Dan Geer’s keynote at the Internet of Things Forum held in Cambridge, Mass, was discussed in a recent CSO On Line article. Dr. Geer, who is Chief Information Security Officer at venture capital firm In-Q-Tel, warns that the Internet of Things (“IoT”) heightens the likelihood of “cascading” failures of connected devices. The takeaway from Dr. Geer’s speech is that the failure of these devices could inflict damage and personal injury. He lists four contributing factors:
1. The embedded system attack surface is significantly increased, which means there is more opportunity for compromise and injury spanning a larger universe of devices.
2. The “computer monoculture” aspect of embedded systems makes them especially prone to cascading failure. This monoculture leaves an increasing number of interconnected device or service with a common attack or control exploit.
3. Dr. Geer states that the third problem is a lack of a remote management interface. In other words, no one (computer or person) is “in charge” (quotes mine) of the management of these devices, which are by and large left alone after they are put into operation. They are described by Dr. Geer, as “long-lived and “unreachable.” Such devices are virtually “immortal,” but, as Dr. Geer queries, is this immortality “demonic” or “angelic?”
4. The fourth issue is one of increasing human dependence on what Dr. Geer describes as society’s “expectation of a stable system state.” What this means is that society expects that its connectivity, and the computer functions associated with that connectivity will continue without significant interruption. Think, for example, of electronic health care services, banking services (almost all of which are electronic), as well as traffic, utilities, and other infrastructure controls.
The four factors outlined by Dr. Geer have serious implications for computer security and, by extension, for potential personal injury. First, an attacker need only have one target (instead of many) for malware to cause a failure. Second, poorly designed programs used in such embedded devices need only have one point of weakness, or failure, to cause significant damage or injury.
What this all boils down to is that our dependence on devices and programs that let us conduct our every day life is increasing as we become increasingly interconnected. Serious or catastrophic damage or injury may result if either our interconnectivity or services associated with that increasing interconnectivity fail. The Technology Litigation team at the Abbott Law Group investigates such failures, and where appropriate, will commence litigation to obtain compensation for those who have suffered injury or damage as a result.