The Threat A Conversation With Ross Anderson : The Edge

#Discussion(Security) [ via IoTForIndiaGroup ]

[ ROSS ANDERSON is professor of security engineering at Cambridge University, and one of the founders of the field of information security economics. He chairs the Foundation for Information Policy Research, is a fellow of the Royal Society and the Royal Academy of Engineering, and is a winner of the Lovelace Medal, the UK’s top award in computing. Ross Anderson’s Edge Bio Page ]

One of the things that we’re thinking about hard now is the Internet of Things. A lot of people think that the security problems of the Internet of Things are just privacy, and there are plenty of those problems.
What’s starting now is that you’re getting software updates in one car after another. Tesla is updating regularly, for example; Ford is starting to update over the air; Toyota says they will by 2019. Within a few years, every car will be updating its software perhaps once a month.
Now this is both good and bad. It’s good because it means that if there’s a safety flaw, you can fix it in the entire car fleet without having to spend billions of dollars recalling them all to the garage. It’s going to be an enormous challenge to the safety regulators because they’re going to have to work at a hundred times the speed—in a time constant of one month rather than a time constant of ten years.
It’s going to bring in enormous complexity in software update because the safety of a car isn’t just one central computer. A car might have a hundred different CPUs in it, and many of the critical subsystems aren’t made by the brand whose badge is on the front of the car. They’re not made by Mr. Mercedes, for example, but by Mr. Bosch or Mr. ZF or whoever. How do you go about managing all that? How do you do the testing? How do you do the integration? How do you see to it that the upgrades get shipped? It’s already hard enough to get upgrades to your mobile phone if it’s a device that’s no longer actively being sold. So we’ve got all these problems.

Why does this matter? If you get a safety flaw in a traditional car—say, the A-Class Mercedes, which would roll if you braked and swerved too hard to avoid an elk, they fixed that—they shipped a service pack and changed the steering geometry. Nobody died, so that’s okay. But if you’ve got a flaw that can be exploited remotely over the Internet—if you can reach out and put malware in ten million different Jeeps—then that’s serious stuff. This happened for the first time in public a couple of years ago when a couple of guys drove a Jeep Cherokee off the road. Then the industry started to sit up and pay attention.
That can also be used as a diplomatic weapon. You want sanctions on Zimbabwe? Just stop all the black Mercedes motor cars that Mr. Mugabe hands out to his henchmen as payment. We raised that with the German government. What would your reaction be to an American demand to do that? Well, it was absolute outrage! So diplomacy comes in here.
Conflict also comes in. If I’m, let’s say, the Chinese government, and I’m involved in a standoff with the American government over some islands in the South China Sea, it’s nice if I’ve got things I can threaten to do short of a nuclear exchange.
If I can threaten to cause millions of cars in America to turn right and accelerate sharply into the nearest building, causing the biggest gridlock you’ve ever seen in every American city simultaneously, maybe only killing a few hundred or a few thousand people but totally bringing traffic to a standstill in all American cities—isn’t that an interesting weapon worth developing if you’re the Chinese Armed Forces R&D lab? There’s no doubt that such weapons can be developed.
All of a sudden you start having all sorts of implications. If you’ve got a vulnerability that can be exploited remotely, it can be exploited at scale. We’ve seen this being done by criminals. We’ve seen 200,000 CCTV cameras being taken over remotely by the Mirai botnet in order to bring down Twitter for a few hours. And that’s one guy doing it in order to impress his girlfriend or boyfriend or whatever. Can you imagine what you can do if a nation-state puts its back into it?
All of a sudden safety becomes front and center. And that, in turn, changes the policy debate. At present, the debate about access to keys that we’ve had with Jim Comey’s grumblings in the USA and with our own Investigatory Powers Act here in Britain has been about whether the FBI or the British Security Service should be able to tap your iPhone—for example, by putting malware on it. People might say, “Well, there’s no real harm if the FBI goes and gets a warrant and taps John Gotti’s phone. I’m not going to lose any sleep over that.” But if the FBI can crash your car? Do you still want to give the FBI a golden backdoor key to all the computers in the world? Even if it’s kept by the NSA, then the next Snowden maybe doesn’t sell the golden key to The Guardian, maybe he sells it to the Russian FSB.

Meanwhile, in society at large, what we have seen over the past fifteen years is that crime has gone online.

From the point of view of the police force, we got policy wrong. The typical police force—our Cambridgeshire constabulary, for example, has one guy spending most of his time on cybercrime. That’s it. When we find that there’s an accommodation scam in Cambridge targeting new students, for example, it’s difficult to get anything done because the scammers are overseas, and those cases have to be referred to police units in London who have other things to do. Nothing joins up and, as a result, we end up with no enforcement on cybercrime, except for a few headline crimes that really annoy ministers.

Read More..