There has been a lot of discussion lately about the “Internet Kill Switch” proposal in the US (yes, I know Lieberman doesn’t want us to call it that). Lots of information, counter-information, and discussion. One thing that is missing, at least in what I’ve seen, is the question of why some of the “infrastructure” that causes concern for the administration is even “hooked up” to the Internet.
Why is the U.S. electrical grid connected to the Internet? Why are defense resources connected to the grid? Who decided to connect “critical infrastructure” to the Internet? Why would the Hoover Dam be connected to the Internet (factoid: it’s not)?
Don’t get me wrong, I actually know why: efficiency. Or, in non-economic parlance: convenience. Which, for me, is an awful reason to connect something to the Internet.
What should be connected to the Internet? Non-critical infrastructure. Chat. Businesses. Individuals. LOLCatz. Not the defense department. Not the military (at least not core functions of the military). Not the electrical grid. Not nuclear power plants.
For critical infrastructure (in terms of blowing up the world or flooding lots of people), make your own network. Don’t use VPN over the Internet. Don’t play with encryption strength. Build another, non-public, non-Internet-connected, network.
But in addition to constraining our desire to connect critical infrastructure to the Internet, there are some other things that I would not connect to the Internet. Like my toaster. Or my
This leads me to the point of this post: our search for the all encompassing ability to control all of our lives from our computers (or our smart phones) we are failing to sufficiently consider the security implications of the connections required to make life “easier” or more efficient.
This is exemplified in a story yesterday from the NY Times: “Researchers Show How a Carâ€™s Electronics Can Be Taken Over Remotely.” In the desire to not have to carry around heavy keys, we have opened ourselves to hacking as we drive down the highway (or when we park our cars at work, or at home, or anywhere). This is not a “good thing.”
We (as a society) need to take more time to think about the gains in convenience (efficiency) that follow from attaching a particular thing to the Internet. The question can’t just be: is it cool? Can I impress people with the connection? We should, for example, be listening to the experts, who encourage caution:
Computer security researchers have long argued that wholesale computerization and Internet connectivity of complex systems present new risks that are frequently exploited first by vandals with malicious intent.
As a Torts professor, I’m excited (in a geeky kind of way) about the exam hypotheticals I can make up involving a hacked car causing havoc (amongst other havoc, of course). As a driver and car owner? I’ll have to admit, I’m not so excited about my car being taken over by a hacker.
Maybe I’ll just stick to using the key.