John Naughton 

A networked future? Let’s try joined-up thinking first

As attacks on car computer systems show, a world connected to the internet is full of new security threats
  
  

A Jeep production line. Manufacturers' efforts to put electronic systems inside their vehicles seem
A Jeep production line. Manufacturers’ efforts to put electronic systems inside their vehicles seem to have made them ever more vulnerable to attack. Photograph: Bill Pugliano/Getty Images Photograph: Bill Pugliano/Getty Images

‘‘Jeep Cherokee hacked in demo; Chrysler owners urged to download patch”, was the heading on an interesting story last week. “Just imagine,” burbled the report, “one moment you’re listening to some pleasant pop hits on the radio, and the next moment the hip-hop station is blasting at full volume – and you can’t change it back! This is just one of the exploits of Charlie Miller and Chris Valasek … when they hacked into a Jeep Cherokee. They were able to change the temperature of the air conditioning, turn on the windshield wipers and blast the wiper fluid to blur the glass, and even disable the brakes, turn off the transmission, take control of the steering, and display their faces onto the dashboard’s screen.”

In some ways, this was an old story: cars have been largely governed by electronics since the 1980s, and anyone who controls the electronics controls the car. But up to now, the electronics have not been connected to the internet. What makes the Jeep Cherokee story interesting is that its electronics were hacked via the internet. And that was possible because internet connectivity now comes as a consumer option – Uconnect – from Chrysler.

If at this point you experience a sinking feeling, then join the club. So let us return to first principles for a moment. The first rule is that there is no such thing as a perfectly secure networked device. If it’s networked, then it’s vulnerable to hacking. A second basic principle is that every successful industry has some core competencies, but little expertise outside of those. Car companies know how to make cars, which means that over the years they had to acquire serious expertise in the embedded electronics that run engine-management software for emission-control purposes. But these units were all standalone systems. The moment Chrysler and co decided to hook their cars to the net they took a fateful leap into the unknown.

Why? Because network security is not one of their core competencies. In that respect, they’re in the same position as thousands of other industries and governments – as the incessant reports of hackings, personal-data heists, denial-of-service attacks and online blackmail confirm. Chrysler and the other carmakers have simply joined the rush to oblivion, like the Gadarene swine of the Bible.

In the biblical tale, the pigs in question were infested by demons, which made them rush into the lake and drown. The contemporary equivalent of those evil spirits is the belief that the world will automatically be a better place if everything – and everyone – is networked. This seems to be an article of faith for everyone in the information technology business, from the chairman of Google (who apparently believes that there will never be another genocide, and that authoritarian governments will wither away once we get to a comprehensively networked world) to the lowliest programmer in Bangalore. But it also penetrates the higher reaches of nearly every western government, and seems to be absolutely rampant in the European commission.

In fact networking mania is just dogma masquerading as progressivism. In that sense it’s very like the ideological madness that brought about the euro. And in the networking case it’s peddled mostly by Silicon Valley corporations and venture capitalists, which see it as the next bonanza opportunity and don’t give a toss about the societal implications.

In many cases, networking is indeed wonderful: it increases efficiency, enables new and good things to happen, makes the world a better place. In other cases, it’s pointless, wasteful, disempowering and exposes society to grave risks. And sometimes it’s both. So-called “smart meters” for gas and electricity, for example, have all kinds of potential upsides for consumers, utility companies and the environment (by enabling us to get by with a smaller electricity grid, for example); but because they are networked devices they also expose us to a new kind of risk – of a determined hacking attack, which could shut off the electricity supply to millions of homes at a stroke.

What’s strange at the moment is our passive acceptance of the networking dogma: our societies are like rabbits transfixed in the glare of the oncoming (self-driving?) car. But in fact all we need is common sense, impartial technological advice and the will to ask sensible questions about any proposed networking technology. Questions like: what are the costs and benefits? Who wins? Who loses? What foreseeable risks does it pose? What’s the worst-case scenario? What are the opportunity costs of not adopting it? Where does the public interest lie?

As I said: no rocket science required – just common sense and informed scepticism. In other words, exactly what saved us from the euro.

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*