Editor’s note: This is the first of a three-part series on Internet security written by Mike Tully for geospatial professionals. Read Part 2 here.
The Internet has lost its innocence. It is a dangerous place! Our antivirus scanners catch less than 5% of current threats to our safety and privacy. The 2016 Presidential election will certainly be remembered for raising the national awareness of how the hacking of our private email can be catastrophic. The wise will put their ears on and take note. This article encourages the reader to adapt the “best of the best” behaviors and tactics that anyone can, and should, use to stay reasonably safe on today’s rapidly changing Internet.
But first, a few unalterable, universal principles. Like the laws of nature, these “laws of computing security” hold us accountable. As much as we wish it otherwise, there are no shortcuts or ways around these laws. They are:
Law #1: Complexity is the enemy of security.
Law #2: Security is hard. Absolute security is impossible.
Law #3: Security is inconvenient.
First, complex things are very hard to secure. More complex things are more difficult to secure. The Internet is the most complex machine ever created by a lot … by a huge margin! Second, absolute security is a worthy goal but can never be achieved. We must learn how to manage our risk and adopt behaviors and an awareness that provides maximum protection in an adverse environment. Last, security is the enemy of convenience. To be more secure means you will be inconvenienced. That’s why we have keys to our cars. It’s a pain to have to carry them around and when we lose them it doubly inconvenient. But we don’t want just anyone to drive our vehicles. Our safe use of computers and the Internet will mean more inconvenience. Get over it!
Technical Illiteracy may be Your Problem
There is a type of growing “illiteracy” today. Many geospatial professionals are competent with advanced technologies like digital cameras, mapping software, and LiDAR systems. We can wield our smart phones like none other. But we may still have a technical illiteracy about Internet security. This illiteracy, much like low English language literacy, puts us at a great disadvantage and at much greater risk. If you are a computer user (and we all are) you first must understand the basic “language” (terms) of computing. If these recommendations or terms in this article seem foreign, confusing, or difficult you may be technically illiterate. It is imperative you assimilate a much larger technical vocabulary and expertise to understand the risks and garner increased protection from others who wish you harm.
The New Internet of Things Era
Every 10-15 years we enter a new era of computing. Each era comes with a new menagerie of threats. As of a few years ago, we left the mobile computing era and have entered the the Internet of Things (aka, IOT) era. The IOT refers to our global network of “smart” devices of all types connected to the Internet and each other. Computers are now so small, inexpensive and powerful that we can embed them inside anything for pennies. Wireless communication between devices using Bluetooth and RFID enable these trillions of connected smart (computerized) devices to talk with each other. These technologies have enabled a new era of computing where we have thermostats, light bulbs, appliances, mobile phones, laptops, Fitbits, GPS dog collars, baby cams, video doorbells, and all manner of gadgets embedded with smart computers and connected to the web.
Bruce Schneier, a computer security expert, says it helps to think about our connected devices differently to appreciate the gravity of this new IOT era. Our connected car is not a car but a computer with wheels and engine to move us around. The video doorbell is not a doorbell but a computer that allows us to see who is at our door from anywhere on the planet. Your cell phones are computers that allow us to talk to other people. ATM machines are computers with money inside. Everything is being connected to everything via the internet. But as our homes, our lives, and our devices are wired to the “Internet of Things” it fosters a growing dependence on it and leaves us vulnerable in ways that very few of us can even begin to comprehend.
“Technological progress is like an axe in the hands of a pathological criminal.”
“Technological progress is like an axe in the hands of a pathological criminal. …Albert Einstein”
Why? Because criminals are early adopters of technology. All of this fast, powerful technology that benefits us so much is complex and “complexity is the enemy of security”. Criminal hackers are experts at finding the vulnerabilities in our devices. They use them to steal our private information and money, and increasingly, cause physical harm in the real world of connected devices. It is generally acknowledged that, on average, there are 20-30 bugs per 1000 lines of code. Our cars today, for the most part are not connected to the Internet and are not part of the IOT, there are 100 million lines of code. Do the math! That works out to be up to 3,000,000 bugs. When your car becomes part of the IOT perhaps as early as this model year and is hacked, it may crash, be stolen or emptied of its contents. As Albert Einstein said long ago “Technological progress is like an ax in the hands of a pathological criminal.” For these reasons, we all must decide today to practice responsible computing … to, digitally speaking, stop leaving the keys in our unlocked cars.
Consider these stats:
• 95% of malware is undetected by antivirus software
• 90% of malware infections come from hacked popular web sites the moment the unsuspecting visitor stops by
• 91% of all targeted cyber-attacks are done by “spear phishing”
• 99% of all mobile malware is targeted against Android phones.
[Full stop! Full disclosure: I’m not an Apple fanboy, but use IOS devices! The Android operating system (OS) is as secure as any. But our cell phone providers use their own flavor of this OS and fail to push out to their users the timely updates to that OS and often stop updates for unsupported models just a couple years old. The effect is that your phone becomes less secure with time and easily exploited by criminal’s intent on your harm. Apple IOS device users don’t share this same attack surface (if they regularly apply the OS updates) because all 1 billion Apple devices use the same core OS and updates are regularly and frequently pushed out to every single device. This makes a HUGE difference in reducing your security vulnerabilities.]