The Nest Learning Thermostat is on display following a news conference Wednesday, June 17, 2015, in San Francisco.

The Nest Learning Thermostat is on display following a news conference Wednesday, June 17, 2015, in San Francisco. Eric Risberg/AP

Insights & Reports
Centralizing Mission-Critical Data With Cloudera
Presented By Cloudera
Download Now
HP Managed Solutions for Government
Presented By HP
Download Now
Science & Tech

How Will Terrorists Use the Internet of Things? The Justice Department Is Trying to Figure That Out

As the business of connected devices explodes, DOJ joins other agencies in evaluating the national-security risks.

Patrick Tucker

|
Patrick Tucker
By Patrick Tucker
Science & Technology Editor

By 2020, there will be anywhere from 20 billion to 50 billion internet-connected devices, including about one in five cars and or trucks, according to industry forecasts. That’s big business for outfits that sell data or streaming services. For the Justice Department, it’s 50 billion potential problems.

“In our division, we’ve just started a group looking at nothing but the Internet of Things.” John P. Carlin, the U.S. Assistant Attorney General for National Security, told the Intelligence and National Security Alliance on Thursday at the group’s annual Summit.

“There isn’t a set number of participants for the team and we are going to pursue this initiative within our existing appropriation and budget,” Justice Department spokesperson Marc Raimondi told Defense One.

Carlin framed the issue as directly related to next-generation terrorism. “Look at the terrorist attack in Nice,” he said. “If our trucks are running in an automated fashion -- great efficiencies, great safety, on the one hand -- but if we don’t think about how terrorists could exploit that on the front end, and not after they take a truck and run it through a crowd of civilians, we’ll regret it.”

“We made that mistake once when we moved all of our data, when we digitally connected it,  and didn’t focus on how … terrorists and spies could exploit it,” he said, referring broadly to the growing abilities of state and non-state actors to steal data and put it to nefarious use. “We’re playing catch-up,” he said. “We can’t do that again when it comes to the Internet of Things, actual missiles, trucks and cars.”

But there are already thousands of vulnerable vehicles on today’s roads. Computer researchers Chris Valazek and Charlie Miller have been demonstrating how to hack various car models for years, including a famous 2013 Today Show segment, and a 2015 demonstration in which they took control of a Jeep traveling along a highway at 70 mph with WIRED writer Andy Greenberg inside. Miller has calculated that as many as 471,000 existing vehicles have some exploitable computer vulnerability.

Of course, Justice isn’t the only government agency sweating over the Internet of Things. In 2012, the Defense Advanced Research Projects Agency, or DARPA, launched a program called the High Assurance Cyber Military Systems, or HACMS, to fix vulnerabilities that could pervade future Internet of Things devices. Two years later, Dawn Meyerriecks, the deputy director of the Central Intelligence Agency’s directorate of science and technology, noted that “smart refrigerators have been used in distributed denial of service attacks,” and cited smart fluorescent LEDs that “are communicating that they need to be replaced but are also being hijacked for other things.”

The NSA, too, is looking to the Internet of Things...for completely different reasons. When Defense One sat down with Rick Ledgett, the Deputy Director of the NSA back in June and asked him if the Internet of Things presented “a security nightmare or a signals intelligence bonanza,” he answered simply, “Both.”

NEXT STORY: One of America's Spy Agencies Will Test Sentiment Analysis to Help Sniff Out Insider Threats