What happens when everything is a computer, connected to everything else? How then can we keep the internet, the greatest benefit of the global communications revolution, from spying on us, or even from harming us? In Click Here to Kill Everybody, Bruce Schneier, a prominent writer on computer security issues, explores how to improve our internet security while maintaining the benefits of an increasingly interconnected world.
In his brisk and urgent book, Schneier points out that in the “Internet of Things” (IoT)—the growing trend to connect everything to a computer network—vulnerabilities are increasing and becoming more serious. IoT now approaches 20 billion devices. Everything is a computer, including our cars, our dishwashers, our toasters. We now even have internet-connected clothing. Schneier calls this trend “Internet+.” It is wonderful and convenient, but also potentially scary. As Schneier memorably puts it, a technology that can give you anything you want, can take away everything you have.
Schneier sees two aspects to the problem. The first is that our personal data is out our control and subject to surveillance or misuse by corporations, the government, or criminals. The public is slowly coming to realize this issue, but legislation to address it in the US lags way behind.
The second problem is perhaps more worrisome: all our devices are too easy to compromise. For example, if everything is a computer or connected to one, then everything can be hacked. And if everything can be hacked, then everything can, in theory, be turned into a weapon against us. Each computer can be repurposed into something potentially harmful, which we now see with “botnets”—computers taken over by hackers to penetrate or crash networks.
Schneier argues the market lacks incentives to produce computers and devices that are more secure. Products are released before any consideration is given to their security. At best, defense against attack is difficult. Part of the problem is that attacks are cheap, and defense is expensive. Hacking tools are often freely distributed, and there is a community of hackers who like the challenge of breaking into secure networks. Primitive hacking techniques such as phishing still work. Many IoT devices cannot be patched or upgraded; they are at the hackers' mercy. Identifying hackers remains a challenge, although Schneier believes this will eventually be solved.
Read Full Article »