Thursday, October 11, 2018

Interview - Bruce Schneier and the Internet that Wants to Kill Us All!

Is the problem that corporations want to sell the data generated from devices like an e-toothbrush? 
In computer security, we have something called the CIA triad: Confidentiality, Integrity, and Availability. Most of what we worry about with data is confidentiality. That's the Equifax hack, or the Office of Personnel Management hack, or Cambridge Analytica. Someone has my data and they're misusing it in some way.
[Click Here to Kill Everybody] is primarily about integrity and availability, which matter much more when you have physically capable computers. Yes, I'm worried that someone will hack the hospital and see my private medical records, but I'm much more concerned if they change my blood type. That's an integrity attack. I'm afraid that someone will hack my car and turn on the microphone, but I'm much more scared that they'll disable the brakes. That's an availability attack.
And in the hospital they'll eventually have, if they don't already, Internet-connected IVs where a hacker could turn up the morphine?

That's right. When computers can affect the world in a direct physical manner, the integrity and availability threats are much worse than the confidentiality threats because they affect life and property. The obvious examples are always cars and the power grid, but there are many others.