The 14th May edition of New Scientist carried an interesting article called The internet of unprotected things. It’s an interview with John Matherly, the man who invented Shodan, a highly specialised search engine.
Shodan enables users to identify devices that are connected to the internet – printers, webcams, TV sets, mobile phones, even industrial control systems! Yes. You read that right. Matherly found turbines, car washes, crematoria, even a nuclear power plant hooked up and also accessible via cyberspace. Moreover Matherly was able to determine whether or not the devices or systems were secure or could be hacked e.g. because the owners had not bothered to change default usernames and passwords or because they lacked strong authentication capabilities.
Matherly attaches a chilling little table in which he provides
Conservative estimates of insecure industrial control systems
Here are the numbers:
USA: 54, 501
France: 4, 408
Let’s hope not many of the above are nuclear power plants, national electricity grids, banking systems or major transportation networks.
I’m guessing that by now you have worked out where I am going with this.
Baby monitors have been hacked. Smart TVs have been or will be. Ditto for connected Barbie dolls and motor cars. As the list of connected or connectable items grows the need for properly thought out security standards is becoming ever more obvious and urgent, particularly in respect of items that will be heavily used by or in close proximity to children. Here I am talking not just about basic or fundamental privacy considerations but also matters which may present much more immediate threats to a child’s physical safety and wider well-being.
Meet the PETRAS Hub
Privacy, ethics, trust, reliability, acceptability and security, otherwise known as Petras, is a £23 million academic-led network with an impressive collection of industrial partners and an ambitious agenda.
Key to the Petras work programme is not only constructing real-life, experimental test beds to see how different arrays of connected objects perform functionally – do they or do they not deliver the benefits envisaged and if not how can we make sure they do? – but also ensuring that the right security features are built-in before any resulting applications are brought to market or to a broader public arena.
Buccaneering start-ups, such as Facebook once was, may have boasted that their guiding principle was move fast and break things – sometimes expressed as get it out there and let’s see what happens or it’s easier to apologise than seek permission. However, you cannot or should not adopt that approach if you’re messing with nuclear power plants, driverless vehicles and baby monitors. A major mishap by a single company or category of objects could destroy public confidence in the whole shooting match. The internet of things is going to test to the limit the idea of permissionless innovation, a notion that has been central to the evolution of the internet up until now.
Ethics as oil, not grit
Step forward Dr Mariarosario Taddeo who gave a brilliant presentation at a Petras workshop held in London on 12th May at the Institute of Electrical Engineers. Taddeo emphasised the importance of ethics as an enabler of research and scientific and technological progress. It should not always, or ever, be viewed as an annoyance or an obstacle. Ethical errors might invite regulatory intervention which could strangle or divert, possibly even completely halt, different lines of enquiry. That’s the way the world is, and I for one am glad about it. It’s why ethicists should be part of any sizeable project that is sniffing around the edges of science and technology. They are guarantors of continued progress. They keep the men and women in white coats in touch with us mortals.