Welcome to the SecAware blog

I spy with my beady eye ...

21 May 2019

NBlog May 21 - real-world physical impacts

At the moment, as currently scoped, June's NoticeBored awareness module primarily concerns physical security measures protecting information, data and IT systems, including health and safety protection for workers ... but there's another aspect that potentially falls in scope: IT incidents with physical real-world impacts.

Thus far, fortunately, such incidents have been very rare, mostly proof-of-concept demonstrations that hacking, say, the IT systems controlling an electricity generator could indeed cause it to liberate the smoke. The potential is very real and scary however once you appreciate just how much of modern life is controlled by vulnerable computers, often Internetworked, with design flaws and bugs mostly tucked out of sight, lurking in the extreme technical complexities under the hood. There be dragons, as the Iranians discovered.

The proliferation and interconnectedness of IT systems has reached epic proportions lately with Internet-connected lightbulbs, air conditioners, bicycles and nuclear fuel reprocessors. Wirelessly-configurable smart pacemakers may only directly and mortally concern a tiny, vulnerable proportion of the population, but those and a million other IoT and IIoT crazies are the canaries in the coal mine. Humankind is building itself a house of cards at an alarming rate, recklessly in fact. It'll end in tears.

I'm far from the only person genuinely concerned at the prospect of driverless vehicles for instance, even taking into account the extraordinary efforts being made to develop, improve and prove the technology with the overt aim of making driverless vehicles safer than those driven by competent, careful drivers.  

Not 'secure from hackers and malware', notice, but 'safer than competent, careful drivers'. 

Spot the difference.

Even competent, careful drivers can be hacked in the sense of being duped by fake road signs then pulled over by fake cops, or led astray by optical illusions and cognitive issues, some brought on by alcohol and other drugs, or stress or tiredness. Bottom line: the bar is not even remotely high enough for my liking. I won't even mention pilotless planes and autonomous weapons (oh look, I just did).

Well, OK, I'm scaring myself now, plummeting into uncharted territory. It's a fascinating if dark area well worth exploring again, but not in June. I'll continue pondering and researching this for a future awareness topic, though. For now, it's perched delicately on the edge of a shelf in the IsecT office labeled "Dragons".

PS  After drafting this blog piece, I enjoyed watching Robocop again: no shortage of very physical impacts there!

No comments:

Post a Comment