The CIA Fears the Internet of Things

Dragon images via Shutterstock

AA Font size + Print

The battleground of tomorrow is everywhere at once. By Patrick Tucker

The major themes defining geo-security for the coming decades were explored at a forum on “The Future of Warfare” at the Aspen Security Forum on Thursday, moderated by Defense One Executive Editor Kevin Baron.

Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology, said today’s concerns about cyber war don’t address the looming geo-security threats posed by the Internet of Things, the embedding of computers, sensors, and Internet capabilities into more and more physical objects.

“Smart refrigerators have been used in distributed denial of service attacks,” she said. At least one smart fridge played a role in a massive spam attack last year, involving more than 100,000 internet-connected devices and more than 750,000 spam emails. She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.”

“The merger of physical and virtual is really where it’s at. If we don’t grok that then we’ve got huge problems,” she said. Grok, a reference to Robert A. Heinlein’s 1961 novel Stranger in a Strange Land, describes the telepathic communion of thoughts, feelings, and fears.  

Smart clothing, she said, could create security and access problems, specifically for the CIA. The same technologies that could allow millions to better monitor and manage their health could create a transparency and workplace problems that “I don’t want to have to deal with.”

It has a sort of science-fictional flare, but Meyerriecks says there’s no excuse for being caught off-guard by technological events, or “punctuating technological disruptions” that are clearly visible in trends today.

“The merger of biological and cyber, those will be viewed as disruptors although we all know they’ve been invested in for decades at this point. When someone finally figures out how to productize it in a way.” By way of an example, she brought up the cell phone, “When it goes from the brick to something I can’t leave my house without, then it’s disruptive.” 

In many ways that day has already arrived. Dick Cheney, former U.S. Vice President, told 60 Minutes that he had a wireless pacemaker installed in his chest in 2007 that would have allowed his doctor to monitor his heart, online.  He didn’t enable the BlueTooth broadcasting feature for fear of it being hacked. We have a hard enough time securing computers on desks. We may already face the risk of an entire generation of baby boomers becoming vulnerable to lethal cyber attacks because of Internet-enabled medical devices.

Here are some other takeaways from the discussion:  

The Economic War Is Afoot

When asked if the United States was already engaged in an economic war, with intellectual property as the prize,  Meyerriecks  responded that “Absolutely, this the case.” That’s evident in the fact that the U.S. is now suing five members of the Chinese military for what amounts to industrial espionage, stealing trade secrets for personal profit.  It’s a lawsuit against individuals, but the Chinese government, as a whole, took it personally and suspended participation in a joint China-U.S. cyber-security working group.

Quantum Computing Won’t Save You

“On our best day we’re 20 years away,” Meyerriecks said of true quantum computing (defined roughly as computing that everyone in computing science can agree is actually quantum in nature, achieving entanglement.) “When it happens, we have a huge challenge. We are making significant investments and paying a lot of attention,”

Steve Chan, the director of the Network Science Research Center at IBM who joined Meyerriecks on stage in Aspen, said that the search for the quantum Holy Grail was not only confused but largely unnecessary. Quantum is generally referred to as computation that takes advantage of the unique behaviors of quantum bits, or qubits, to represent information in multiple ways, as opposed to ones and zeros. “Nowadays,” he said “we can do custom chip design so we can use binary rules but three digit representations that get basically the same value, with fewer digits, which saves computational cycles.”

Put Your Faith in Big Data

The threats and the opportunities technological acceleration occupy the same space.

When asked about the major investment areas of the future, Lynn Dugle, a vice president at military contractor Raytheon enthusiastically offered up big data and described the “opportunity to know things, through cyber-analytics, through personal analytics.” She cited a common industry forecast that more than 50 billion machine-to-machine connected devices will inhabit the globe by 2020 (according to figures from Cisco), versus approximately 13 billion today.

Calling Big Data a big opportunity has become almost “glib” according to Meyerriecks. But it’s an area where the CIA is also focusing its major investments and building the capability to do the sort of highly-targeted and individual specific data collection that would make today’s NSA activities look positively quant. It’s big data big data that “dwarfs today’s twitter feeds,” she said, and emphasized that is was data specific to an individual, not everyone, “that’s targeted collection. Not random collection.”

Watch the entire discussion here: 

Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.