Working in IT security my entire career, I’ve seen some amazing things – from hacked insulin pumps to hacked cars to an ATM spitting out money live on stage. But of all those news stories, presentations and discussions, this might be the craziest one:
“A cybersecurity consultant told the FBI he hacked into computer systems aboard airliners up to 20 times and managed to control an aircraft engine during a flight, according to federal court documents.”
Now there’s still debate around whether the consultant actually interfered with the operation of the plane in-flight or simply proved that he could do so in a simulated test, but what’s clear is that the separation between the in-flight passenger entertainment systems and the electronic systems that control the airplane is nowhere near as safe as it needs to be.
Security is like health: We all know it’s important, but we often don’t think about it until something goes wrong. And just like our health, taking small steps to improve it is much easier and more effective than trying to treat the symptoms when it’s already too late. The worst thing we can do is ignore the problem and pretend it doesn’t exist.
The Internet of Things (IoT) has incredible potential to improve all of our lives in ways that we can barely envision. Imagine your fridge knowing when you’re low on eggs and milk and automatically ordering more. Imagine your car automatically taking you where you want to go, choosing the best route based on speed limits, traffic and construction. Imagine carrying a single device and using it to make phone calls, send email, pay for groceries and get into your house.
But the Internet of Things also creates a tremendous new set of security risks. Hackers can and will try to hack anything connected to the internet: computers, phones, cars, houses, and yes, even airplanes. If the prospect of a malicious hacker remotely taking control of an airplane doesn’t illustrate the importance of IoT security, then I’m not sure anything can or will.
When we first built the internet, we could have never imagined its current scale and ubiquity. We could have never imagined that U.S. consumers would spend over $300 billion online or that organized crime would employ professional hackers. We could have never imagined that cybercrime would cost our society nearly half a trillion dollars every single year. The mistakes of the past look obvious in hindsight, but we also need the foresight not to repeat them.
The Internet of Things presents an incredible opportunity for us to do better. As a society, we need to honestly understand and acknowledge the cyberthreats that we face in the modern world. As an industry, we need to design secure electronic devices and connect them to secure networks. As consumers, we need to speak with our wallets and demand that vendors keep us safe and respect our right to privacy. In short, we all need to turn built-in cybersecurity from a nice-to-have to a must-have.