Making predictions is a tricky business and in no area more so than in the area of rapidly developing technology. The pace of change continues to accelerate and the nature of innovation is such that entrepreneurs, as well as criminals are continually searching for “the next big thing” to either benefit or to blight our lives. This week as part of National Cyber Security Awareness Month (NCSAM), I will be discussing tomorrow’s Internet.
The way in which we access and consume information and digital resources is no stranger to change. What was first punched cards and ticker tape moved through CRT text only displays to graphical interface flat screens, mouse and keyboard to mobile devices with touch sensitive screens and haptic feedback. Not only that we left the text era, moved through the “browser wars” and then left browsers behind as we fully embraced mobile apps as a means of accessing information. The next great leap here is a perfect storm of a combination of factors. We see wide-scale adoption and integration of “Internet of Things” (IoT) connected devices, the “assistant based economy” comes into its own, and Augmented Reality (AR) and to a lesser extent Virtual Reality (VR) become more widespread as a Human/Machine interface.
Our homes, our transport, our smart cities, factories and healthcare (to name but a few) are steadily growing more interconnected. Innumerable transmitters and receivers from smart lightbulbs and fitness trackers to public transport and medical devices, collect, exchange and process information making autonomous decisions that affect our surroundings. Voice-activated personal assistants replace physical interfaces as we shape the world around us simply by issuing verbal commands. We blur the lines between the digital and the “real” through AR, data and the internet for the first time is no longer something apart, something we go away and consult; instead it is overlaid on our experience of the real world. We experience life through the filter of the web.
It’s an exciting future for sure but, as with everything, it is important to consider the potential “misuse case” as well as the obvious benefits. We are talking about a future where attackers no longer hack a device that you use, but rather hacking your perception of reality.
Data in general is gold dust to attackers, the more of it one can accumulate, the more tailored, credible and successful one’s attacks can become. All too often devices destined to be connected and used online are designed and produced either by traditional organisations who have typically not had to pay attention to digital security during the manufacture and design process or by entrepreneurs who are more interested in getting their first product to market to be slowed down by some nagging security concern.
It is becoming a significant challenge to regulatory bodies and to governments to ensure that safety standards, which have previously focused on the physical risks of a product and its components, accurately and clearly identify digital risks and outline the minimum safety criteria. Perhaps in the near future we can hope for a kind of digital kite-mark, offering at least some assurance that physical goods and their supporting infrastructure have been designed and built to a defined standard of digital security, that security was baked -in, not glossed over and that none of the small parts may cause choking.
The need for this becomes ever more urgent as pretty much every £100+ good becomes connected in some way, in fact Gartner estimated in 2013 that by the year 2020 (have you watched our award-winning web series yet?) there will be more than 30 billion connected devices.
Unless proper authentication of the integrity, provenance and validity of information can be designed into the processes, devices and decision-making of the future, we’re not just opening up a new attack vector, we’re opening up our lives, our enterprises and our homes.