You wouldn’t download a car, but you might hack one. Technology is transforming every part of human life. From how we heat and cool our houses to how we travel; everything is becoming digital. Even aircraft are not immune from ever-increasing automation. Automation has many upsides, AI which optimizes air conditioning can save energy, self-driving cars can deliver their occupants quickly and more safely to their destinations, digital watches can alert people to forgotten meetings. Undoubtedly technology is incredibly beneficial for both individuals and society, but is there a hidden dark side? The answer is, unequivocally, yes. All computer systems are susceptible to hacking, and since computer systems are beginning to run almost every facet of our lives that means that we are entering a world in which almost anything can be hacked.
Hacking a toaster may seem rather pointless at first glance, however, it has far more implications than many would like to think. For instance, malicious actors are increasingly creating spectacularly large botnets with hacked IoT devices. These can be used to disrupt business or even bring down critical infrastructure, such as a power grid. Likewise hacking an A/C unit can give malicious attackers a vector to get at more critical data, such as payment card information or personal health information. In Information Security, we use the term “attack surface” to describe how many devices may be susceptible to hackers. A decade ago a small attack surface might be a company with 100 devices, a big one a company with a few tens of thousands. In a world in which a basic car has 30+ computers, attack surfaces just got a lot bigger.
Hacking toasters and A/C systems is one thing, but bad actors could also target planes and cars. When cars are entirely autonomous that will also mean that malicious actors could take full and complete control of them. This has serious implications. Hackers could cause cars to go haywire while they are on the road, thieves could steal cars without ever actually being near them, even a hostile nation state could exploit an unknown vulnerability and create havoc with tens of thousands of autonomous vehicles. The endless applicability of technology also creates endless opportunities to abuse it. Companies, Manufacturers, Small Businesses, and consumers must get serious about cyber-security. The proliferation and widespread adoption of technology has created a situation in which negligence in cyber-security isn’t just a question of financial loss anymore; it could be a matter of life and death.
The situation is not hopeless. When organizations and consumers take Information Security seriously the risk of serious negative outcomes can be substantially reduced. However, it is going to take a herculean effort to change the public and business perspective of protecting the confidentiality, integrity, and availability of digital systems. To achieve a secure world, cybersecurity must be viewed as a fundamental necessity, a rock on which to build a church, rather than as an extraneous cost to push onto an already overworked IT staff. The problem we face as we enter the third decade of the 21st century is not just protecting critical data and systems; it is more fundamental than that. We need to change the very way people look at security.