The Threat of a Future
Posted Wednesday, 18 October 2017
American author Chuck Palahniuk of Fight Club fame and author of Invisible Monsters remarked “When did the future switch from being a promise to being a threat?” Could it have been about the same time we decided to put highly dependable things on a very undependable network?
I was asked to provide some insight into where IT and IT security, which seems to be dragged along as an afterthought will be ten years in the future. The CREST & IISP Conference was held in London on the 19 April 2017, From April till October my presentation managed to reach a few thousand folks. Truth be told I have been thinking about the future for some time – personal and professional. As a former Intelligence Analyst let me preface my remarks by saying “everything is more complicated than you think it is.” This is the best way to say in a sense the future is less then certain, but we certainly will have a future. It’s perhaps time to start thinking about that future and attempting to shape it in a positive direction. Again, as a military intelligence analyst if you were right in your hypothesis it usually meant bad things were going to happen.
What we make of the future of IT is precisely what my presentation was about – the intention was to start a debate and engage the professionals, hobbyists and enthusiasts to avoid the dystopian Hollywood tropes we see portrayed in film and television. The biggest problem of continuing to be non-critical of the dystopian future trope is we forget that that trope is what we may end up living in – if we are not careful and if we are not committed to action, right now.
Lailah Gifty Akita, author of Think Great suggests “The present defines the future. The future builds on the foundation of the past.” Applying this to the present state of the Internet may prevent anyone from reading this article further. Our current online existence may be found in metaphor. The online experience for humans at work or play on the internet is like skating across a cold, deep, dark lake putting faith in the idea the ice surface is thick enough to support our weight.
The current state of the online world, is in a word “sickly”. The foundational protocols: DNS, BGP, NTP and others were never designed with security in mind. Thus, trying to place secure services on an unsecure foundation does not take an architect –network or otherwise – to see the flaw here. That was all fine and good when the worst that could happen was inconvenience or crippling financial loss. Now the sprint towards connecting Artificial Intelligence (AI), Robotic and Internet of Things (IoT) devices releases the possibility of kinetic, permanent harm from malicious actors armed with exploit code or mistakes.
It’s not comforting to anyone in the IT profession or for that matter anyone living today that some of the most influential and forward thinking individuals such as Shane Legg, state flatly, “I think human extinction will probably occur, and technology will likely play a part in this.” As an IT security professional, I don’t think being anti-extinction is an unreasonable position to take. Suggesting this without a solution the problem is not responsible, I hope Shane was taken out of context or just trying to be impressive with the ladies.
There have been many in the IT security community talking about cyber war, what it is and if we are already in a cyber war. Looking back as far as 2001 we see incidents that appear “war-like” but it’s certainly not unreasonable to think if these incidents (that we know of) were inflicted on a country or region simultaneously or in quick succession real damage could occur. Certainly, combining cyber events with a kinetic event, natural or man-made could complicate the recovery and enhance casualties.
- 2001 Maroochy Shire Council Sewage Spill, Queensland, Australia
- 2008 the rumored BTC Pipeline Explosion
- 2012 and 2016 Shamoon & Shamoon2 Saudi Amoco Cyber Attacks
- 2013 Haifa, Israel Tunnel Lights Cyber
- 2016 Hollywood Presbyterian Medical Center Ransomware Attack
- 2015 Blast furnace at a German steel mill Explosion
In my mind, cyber war looks like all these attacks and others happening over a long weekend. The holiday family outing may be interrupted as the drawbridge is raised and lowered (allegedly, this attack took place by a Dutch hacker in 2008 armed with a Palm Pilot. https://www.youtube.com/watch?v=lIMwFhsLQ-o .
Another possible “cyber war-esk” attack may manifest itself using a cyber weapon of mass destruction such as BrickerBot, a worm that searches out, exploits and then destroys insecure IoT devices https://techcrunch.com/2017/04/25/brickerbot-is-a-vigilante-worm-that-destroys-insecure-iot-devices/ . Adapting and then unleashing this capability on hospital devices globally or with exploit capabilities like Double Pulsar https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/ may when armed with a destructive payload could destroy 100’s of thousands of connected devices. If that device is connected to you, or you need the device for life safety we have the potential to see tragic effects in the physical world.
So, the question remains, “is cyber war the worst-case scenario?” the answer is unfortunately no. The “first” cyber war envisioned in my presentation will pale in comparison to the 2nd cyber war; where three future developments will collide in a potentially extremely dangerous way. AI, Robots and Climate Change. The combination of these two technologies and one, it would seem inevitable planetary change paints a combination of some sort of mash up of the Matrix moves with the Mad Max movies. Suddenly, those Y2K bunkers may come back into vogue.
Scientific achievement and the creation of both super-hero and super-villains has, for the most part taken a “let’s see what happens when…” approach. Without descending into an extended debate over climate change I think we can all accept the consequences of more humans on a warmer planet will have a potential impact – and technology, specifically robots may exacerbate that problem considerably – disruption will occur.
Daron Acemoglu and Pascual Restrepo, in a study titled “Robots and Jobs: Evidence from US Labor Markets” analyzed data from data from 2007 to 2015 and concluded, one industrial robot reduces employment by 7 jobs, one industrial robot per thousand workers reduces wages by 1.6% and Industrial robots are expected to increase to 4.5-6 million by 2025. Tasks such as the movement of goods in the transportation and logistics industries, pizza delivery, personal transportation and household cleaning will soon be relegated to robotic servants.
The number of unemployed persons globally in 2017 is forecast to stand at just over 201 million – with an additional rise of 2.7 million expected in 2018 – as the pace of labor force growth outstrips job creation. If 4.5 million industrial robots arrive on the scene in 2018 that could increase the unemployed persons from 2.7 million to 31.5 million. In 2016, a study suggested Hunger may motivate us more than thirst, fear, or anxiety http://www.medicalnewstoday.com/articles/313178.php Hacktivist causes may find a ready supply of recruits.
As one group fights over table scraps another group pushes the technological envelope even further than ever imagined. Since even before 2009 Scientists such as Dharmendra Modha head of the SyNAPSE project has been trying to quantify the human brain’s capabilities in computer terms.
At that time, it was suggested in a 2009 Scientific America article the brain has 38 petaflops of processing power & 3,584 terabytes of memory. Elon Musk wants to connect brains to computers He said a “merger of biological intelligence and machine intelligence” would be necessary for humans to stay economically valuable.” But perhaps not as valuable as those 31.5 million folks consuming online videos on “How to Hack for Jobs/Food.”
In 2013, Markus Diesmann and Abigail Morrison succeeded in creating an artificial neural network of 1.73 billion nerve cells connected by 10.4 trillion synapses. It took 40 minutes of “brain like processing” using the combined resources of 82,944 processors in [a] K [super] computer to get just 1 second of biological brain processing time. While running, the simulation ate up about 1PB of system memory as each synapse was modeled individually.
This leads me to the conclusion and “aha” moment in my presentation that interfacing the human brain directly to the insecure internet (as it exists today), combined with a large, motivated, potentially skilled and groups of hostile hacktivists and a “let’s plug in AI to the internet and see what happens” approach may not be in the best interests of humanity.
So, what can we do about it? As it turns out we are in control of the world’s largest machine – we make the rules (until of course we turn that idea over to AI – bad idea) so in 2011 when Keith Alexander, floated the concept of a “. secure” network for critical services such as banking that would be walled off from the public Web. Maybe we want to extend that secure network to include the devices and artificial intelligence entities we are building.
At the 2017 RSA infosec conference in San Francisco, Olaf Kolkman, the Internet Society’s chief internet technology officer, and Bruce Schneier, IBM Resilient’s CTO found themselves in an unlikely alliance on the matter of IoT security. Essentially, Kolkman has called for strict industry requirements to bring IoT defenses up to scratch. Schneier, an anti-regulation libertarian, agrees, yes, it’s time to draw up rules for internet-connected gadgets. I believe these gentlemen are on the right track, however; we need to look beyond IoT and consider what happens when a corrupted AI program makes a decision we don’t like –that’s an argument the humans can’t afford to lose.