In 2015, WIRED magazine published an article that raised grave concerns among carmakers and car owners around the world. The article’s author allowed computer hackers to break in to and control his Jeep’s functions. These remote hackers were able to kill the engine and the brakes while the vehicle was travelling at 70 mph on the freeway. Their hack wasn’t specific to this particular Jeep, either. They could have done the same thing to any Jeep on the road, to any unsuspecting driver. Chevrolet immediately issued a recall of more than a million vehicles in order to patch the security flaw in the system.
The Internet of Things is the network of physical objects—things like cars, thermostats, watches—that are embedded with the ability to exchange data and interoperate with existing network infrastructure. They transmit data to manufacturers, owners, or other devices, and can be sensed and controlled remotely. Some experts estimate that up to 50 billion objects will be connected by 2020.
The Internet of Things is a huge leap forward for those who want to control their household security via smartphone or track their training runs, among millions of other potential benefits. However, this interconnectedness can also be a tremendous cyber security risk. Each connected device can be a doorway for bad actors. In 2011, the U.S. Chamber of Commerce was breached by a group of Chinese hackers. Even after the breach was discovered and the Chamber fortified its computer systems, it continued to see suspicious activity: a thermostat at one of the offices was found to be communicating with an IP address in China, and a printer used by executives spontaneously started printing pages with Chinese characters. More recently, data breaches have revealed sensitive health information (Anthem), detailed personal data (Office of Personnel Management), and financial information (take your pick). These breaches could have originated from any connected device.
Stolen personal information, intellectual property, and trade secrets are a major concern, but there is also real risk to life and limb. Stopping a car—or a fully-loaded tractor-trailer—in the middle of a busy highway could cause a devastating chain reaction. Shutting down machinery in an assembly line or changing controls on an automated system could easily put workers in harm’s way. In 2010, the Stuxnet worm destroyed a large percentage of Iran’s nuclear centrifuges. Another worm might instruct a nuclear plant to meltdown or an oil refinery to go up in flames.
At the moment, the very best way to control access to your systems is to make sure your people understand the importance of cyber security. Require strong passwords and encrypt computers. Instruct your people on good security: locking computers, not storing passwords or leaving them out, recognizing phishing emails, turning off automatic attachment downloading. Only access the internet over a secure network. This blog has more good tips. Ultimately, your system—and your people—are only as safe as your weakest security hole.