Last month, ARM announced a new security protocol for embedded systems
. They are calling it Platform Security Architecture, and have managed to get an impressive array of tech firms to sign up.
ARM are the biggest maker of chips and firmware for what is now called the “Internet Of Things”: an attempt to connect almost everything in your life to the internet. Though the Internet Of Things (IoT) has not been the success that some people — ARM especially — might have hoped, it is routinely talked about as the “next big thing” in tech circles.
Part of the reason the IoT has not been successful is that it has been dogged by security concerns. It seems that internet-enabled toothbrushes are pretty easy to hack. And while that may not sound like a big deal, the pace with which previously analogue devices are being networked should give us all cause for concern.
Today, I’ll talk about the implications of the IoT for my own specialist field: cyber warfare.
The IoT And Cyber Warfare
I have written here before about the growing number of cyber attacks, and the fact that they are only likely to increase in the coming years. In part, this is due to the rapidly expanding number of targets for hackers.
As Foreign Policy reported at the end of last year, the IoT is “already massive and is expected to more than triple in size by 2020 to nearly 21 billion devices. For a cyber-defender, this means that hackers will not only have three times as many targets — they will also have three times as many vectors from which to attack any given target. This creates vast new challenges for network security and complicates the already murky legal and technical landscape for attributing who is responsible for an attack.”
Looked at from the perspective of cyber warfare, this is terrifying. A cyber attack that targets your fridge may not sound so scary, but what about one that overloads your electrical system, or takes remote control of your car?
No internet-connected device, in short, is ever completely safe. This has long been realized in the security community, and is why critical or dangerous infrastructure (like nuclear missiles and power plants) employ an “air gap”: these systems are separated from wider networks by hardware devices.
This is simply not feasible, of course, for consumer devices. As a result, the only secure way to protect some devices from hacking is to keep them analogue.
Case in Point: “Smart” Guns
Let’s look at one example: guns. “Smart Guns,” which require a fingerprint or other security confirmation in order to fire, have been around for a while now, but now some manufacturers are going further. Internet-enabled rifles are now being produced which claim to offer huge accuracy by making use of GPS tracking devices.
Some have gone further, claiming that tracking the shots fired by hand guns could help stop gun violence in the U.S. If a high number of shots are fired together, or a single shot in the wrong place, guns could be shut down remotely.
Let’s leave aside the constitutional implications of that idea for a moment, and concentrate on the security implications. Any gun that is connected to the internet can be hacked, and if these firearms rely on software to aim and fire, they can be aimed and fired remotely.
The implications of this for cyber warfare are enormous. If the IoT “makes cyberspace real,” it also makes cyber warfare real. Instead of shutting down your bank for a few hours, internet-enabled devices could end up causing real-world harm.
Keep (Some Of) It Analogue
My suggested solution is an unusual one for a “tech guy” to propose: let’s keep some devices off the internet. The easiest way to defeat cyber attacks, after all, is to deny the attacker a route of entry into the system, and there is no greater firewall than an air gap.
The situation is particularly acute with weapons, because we rely on them to defend ourselves. A hack that denies you access to your fridge might mean you go hungry; one that turns your pistol off might be deadly. That’s why cops carry police-issued Glock 19s in traditional holsters, and not “smart guns,” and why you should too.
I don’t mean to suggest that the IoT should be resisted. Undoubtedly, networking more devices will give us more control over them, and help us to work more efficiently. I am merely suggesting that, until we can be sure of the security of such devices, we should not entrust our lives to them.
Sam Bocetta is a defense contractor for the U.S. Navy, a defense analyst, and a freelance journalist. He specializes in finding radical — and often heretical — solutions to "impossible" ballistics problems. Through Lakeview Capital, he also cultivates funding for projects — usually naval, defense, and UAV startups. He writes about naval engineering, mechanical engineering, electrical engineering, marine ops, program management, defense contracting, export control, international commerce, patents, InfoSec, cryptography, cyberwarfare, and cyberdefense. To read more of his reports — Click Here Now.
© 2022 Newsmax. All rights reserved.