Speaking at Infosecurity Europe 2017 today Bruce Schneier, security technologist, talked about automation and its impact on the future of information security.
“Everything is becoming a computer, and that’s the way we need to think about the world,” said Schneier, adding that as we make devices more connected with greater levels of power “computer security becomes everything security” and grows more applicable to the physical world.
“The internet now senses, thinks and acts,” he said. “What’s interesting to me about that is that’s the classic definition of a robot. The correct way to think about the Internet of Things (IoT), and internet in general, is that we are building a world-sized robot, without even realizing it – but it’s a robot not in a classical sense.”
That’s because the ever-connected world we are building on the internet is a distributed robot, Schneier added, which is not centrally controlled and does not have a singular goal or consciousness, and it’s not something that’s deliberately designed.
“Think of it as smart things that affect the world in a direct and physical manner” and this is what’s eating the world, he claimed. The problem is, with the IoT and cyber-physical systems such autonomous cars, medical devices and power stations, the real-world consequences can be far greater when things go wrong than they have been in the past with traditional computer security.
Schneier argued that security problems that have always impacted the internet will relate to the physical world more, and his guess was that “we are not going to solve them anytime soon.
“Until now, we’ve mostly left computer security to the market, and that’s worked mostly OK, not great, and we have been OK with imperfect solutions because the effects of failure just weren’t that great. That’s changing, and that will force us to change.
“We are going to get government intervention here, because the market will not fix these problems by itself. Companies do not do this by themselves; they need government to force them.
“It will just take one disaster before government will do something [with regulation], and they will do the thing they can grab the quickest, and we have to make sure it’s something that is smart,” Schneier concluded.