Group items tagged

Our medical systems have terrible Internet security… MRI machines you can connect to with USB that still have “admin:password” to gain root access. That’s horrifying, sure, but that’s not an attack at scale. More frightening: we’re busily uploading all our medical records to the cloud. Take down that cloud, and no patients can be treated, because nobody will know what they have, what meds they are on. Software swallows your insulin pumps and your pacemakers. To kill people, all you need is to hack that database, or simply erase it or block access to it. After all, we don’t tend to realize that in an Internet of Things, humans are just Things too. As this software monster has encroached on stuff like election systems, the common reaction has been to go back to paper. So let’s consider a less obvious example. We should be going back to paper for our libraries too! We’ve outsourced so much of our knowledge to digital that the amount of knowledge available in analog has dropped notably. There are less librarians in the fewer libraries with smaller collections than there used to be. If the net goes down, how much reference material is simply not accessible that was thirty years ago? Google Search is “critical cultural infrastructure.” How much redundancy do we actually have? Could a disconnected town actually educate its children? How critical is Google as a whole? If Google went down for a month, I am pretty sure we would see worldwide economic collapse. How much of the world economy passes through Google hosting? How much of it is in GMail? How much is dependent on Google Search, Google Images, Google Docs? The answer is a LOT. And because financial systems are now also JIT, ten thousand corporate blips where real estate agencies and local car washes and a huge pile of software companies and a gaggle of universities and so on are suddenly 100% unable to function digitally (no payroll! no insurance verification!) would absolutely have ripple effects into their suppliers and their customers, and thence to the worldwide economic market. Because interconnection without redundancy increases odds of cascades.

But just as critically, governments and state actors seem to be the source of so many of the problems precisely because the Internet is now too many forms of critical infrastructure, and therefore too juicy a target. If software eats everything, then the ability to kill software is the ability to kill anything. Net connectivity becomes the single point of failure for every system connected to it. Even if the Net itself is designed to route around damage, that doesn’t help if it is the single vector of attack that can take down any given target. It’s too juicy a target for the military, too juicy a target for terror, too juicy a target for criminal ransom. The old adage goes “when they came for this, I said nothing. When they came for that…” — we all know it. Consider that the more we hand gleefully over to the cloud because we want convenience, big data, personalization, and on, we’re creating a single thing that can be taken from us in an instant. We’ve decided to subscribe to everything, instead of owning it. When they came for your MP3s, your DVDs, fine,. not “critical infrastructure.” When they came for your resumes, OK, getting closer.

As we rush towards putting more and more things “in the cloud,” as we rush towards an Internet of Things with no governance beyond profit motive and anarchy, what we’re effectively doing is creating a massive single point of failure for every system we put in it.