Lulled Into A False Sense of Security
I’ve just got back from a week at TED 2013 with the usual fragments of stimulating, fascinating and downright inspiring ideas ricocheting around my tired brain.
Futurist and author Juan Enriquez likened the social trails we leave on the Web to “digital tattoos” which never fade and theorised that Warhol’s prediction of 15 minutes of fame would become 15 minutes of anonymity.
MIT’s Skylar Tibbets introduced the astounding idea of 4D printing (3D printing is so last week) where the fourth dimension of time means that we’ll be able to print buildings which self-organize their own assembly.
And Neuroscientist Mary Lou Jepsen explained how it’s inevitable that within 5-10 years there will be no difference between ‘seeing’ and ‘imagining’. Ultra high-resolution brain imaging systems will give us direct network access to human thought and we’ll be able to dump the ideas in our brains directly onto digital media.
She showed some rather amazing footage where hi-res MRI scans of human brain activity were already being used to decode and then re-construct a close approximation of the video images someone was actually watching.
There was even a surreal launch of the Inter-Species Internet (the Internet of Things is so last week) where intelligent animals like dolphins, monkeys and elephants get iPads and stuff so they can join everyone and everything else online. (I was a bit surprised that the chimp we saw learning to play keyboards hasn’t yet been hired to join Google X but I’m sure it’s only a matter of time).
To be honest, if Neil “Fab Lab” Gershenfeld and Vint “Granddaddy of TCP/IP” Cerf hadn’t been on stage, plus dolphin language expert Diana Rees and musician Peter Gabriel, I’m not sure this particular idea would’ve been taken quite as seriously.
Anyway, you can read a full download on the conference on the TED blog (and watch the talks as they go up), but the main prompt for this post was a talk by legendary engineer Danny Hillis (a man who, among many other things, registered the third ever domain name: think.com) about the vulnerability of the internet.
Hillis’ point was that the internet is becoming embedded so deeply into every aspect of our economy and society that we no longer understand where it begins and ends. And like the financial system which evolved instruments like derivatives and options that became too complex to keep track of, it’s a crash waiting to happen.
For instance, Pakistan made some router changes to try and censor YouTube a couple of years ago, and inadvertently blocked it for all of Asia. (I remember this well because I happened to visit an old friend who was part of the YouTube engineering team at the time and he hadn’t slept for a week trying to fix the issue).
And remember that this ‘network of networks’ was built on protocols that embody the communal ‘do the right thing’ philosophy of early internet engineers. Given modern geo-political tensions and globalised cyber-crime this is a system potentially too open to exploitation and abuse. For instance last April, an “honest mistake” by China Telecom re-routed a significant proportion of net traffic including military data through China. Not to mention scary nuclear facility hacking episodes like the Stuxnet virus.
Vint Cerf later made a fair counter-point that the very ubiquity of the net also increases resilience as well as potential vulnerability. But no-one would disagree with Hillis’ central point that we need a Plan B to backup the Internet in case of disaster.
What’s all this got to do with the Web of Things? Well, a couple of months ago our CTO Dom Guinard was interviewed for a Forrester report on IoT Security and made a very interesting point about the coming wave of Web-connected physical things. Namely that while most manufacturers have a deep, historical expertise about making physical products, they don’t know that much about the Internet.
The worry is that people might think it’s relatively trivial to connect their products to the Web and harness the connectivity without properly understanding its underlying systems. As a result, a whole new generation of physical things might make their way into the World Wide Web, born with more security holes than Internet Explorer 6.
To Hillis’ point, the bigger and more boundlessly inter-connected the Internet becomes, the harder it gets to fix if things go wrong. And given that all these networked physical objects will probably be using different systems and standards, there won’t be a single company to centrally release new security patches, alongside press statements playing down the issue, even if we wanted one.
Apparently ARPANET once crashed so badly that the sysadmins had to reboot it to get it working again. Yes that’s right, they turned the internet off and then on again. Good luck doing that if something goes wrong today. Let alone for the future Internet of information, people, things and, erm, animals.
PS. I managed to summon the courage to ask Danny Hillis what he thought about Dom’s idea during a coffee break and he agreed completely. Which means it almost certainly must be correct.