Being in the marketing department at a cyber-security research firm, I'm often struck by how little the average person worries about cyber security. Friends and strangers who ask me about my job rarely seem prepared to hear the facts I tell them about our current state of cyber defense. When I proudly boasted to people about our amazing performance in the Cyber Grand Challenge last week, people were surprised that it was even remotely possible for a machine to hack another machine without a human doing the dirty work. Yes, companies that develop safety-critical and security-critical code are generally coming to terms with cyber-security risks, but what about individual people?
Your average citizen might not know what IoT stands for, or that the impact of IoT is so enormous we've had to create subsections, such as the industrial IIoT. And the truth is that at GrammaTech, we're focused on businesses and organizations, not individuals. But when will IoT impact individuals on a personal level? When will we have the human version -- the Human Internet of Things?
Yesterday I was flying back to Ithaca after attending a friend's wedding in Seattle. I was stuck on a layover in Chicago, at a gate with a flight that was perpetually being delayed in increments of 30 minutes, without end in sight. There was an undisclosed "mechanical issue" that needed to be fixed, and my fellow passengers and I had just started to build a disgruntled rapport, when the gate attendant came on the loudspeaker to inform us that the technician was having trouble installing software. She said assertively that they would just have to figure out the software issue and then we'd be good to go (!) so it would really only be 25 more minutes this time.
What an interesting situation, I immediately thought. Mechanical issues, she and the passengers assumed, are complicated and tricky, and could take who-knows-how-long to fix, that we might assess in 30-minute increments. A software issue, on the other hand, was a maximum 25-minute kind of situation.
Needless to say, when in 25 minutes they changed our gate so we could get on an entirely different plane, instead of feeling travel-fatigued and frustrated, I felt oddly vindicated.
"Software is complicated!" I wanted to shout to our terminal of impatient travelers. "Understand your code better with GrammaTech CodeSonar!"
Of course, these people didn't have code, and while it's always tempting to get preachy, it would have fallen on deaf ears. But when the person next to me said, "Oh good, it's just a software thing -- the mechanical issues were starting to make me nervous," I started to think. When do the good people need to be better informed about one of the gravest dangers to our infrastructures, jobs, and lives? If I nod my head, am I implicitly corroborating a falsehood?
That made me curious -- how interested is the common person in cyber security? I google-trended that thought on my laptop as I watched our new plane's passengers de-board, and discovered a steady growth, which felt reassuring:
(I'm assuming the extreme spike in October 2009 was due to Obama's declaration of October as National Cybersecurity Awareness Month)
Trends being trends, though, I needed a comparison. How much are we in the U.S. thinking about cybersecurity as opposed to, say, donuts? The comparison was grim:
But before we get distracted by donuts (the potential is vast), let's take a step back. Do random individuals need to worry about cyber-security? If random passengers on a flight aren't concerned by vulnerable software but the people in charge understand the risks, why worry our pretty little innocent heads?
I think the answer has to do with news stories like these:
- How a quiet Kansas home wound up with 600 million IP addresses
- Mom Learns Daughters' Bedroom Webcam was Hacked
- Linex bug leaves 1.4 billion Android users vulnerable to hijacking attacks
- It's Scarily Easy To Hack A Traffic Light
I think it's only a matter of time before we see a more individualized version of the Internet of Things. If I click a link in a spammy email and instead of infecting my own computer with a virus, it connects YOUR computer with a virus, who is liable for your damages?
If a hacker gets into my home network but then passes my computer by and infiltrates my entire town, accessing one important computer that controls important infrastructure, what happens when a vulnerability is exploited and our town loses power? Do we trace it back to my home network that my sister-in-law's nephew set up because he's "into those things?"
So yes, GrammaTech is a company solving problems for organizations around the world, that are protecting the safety and security of their customers. But what will happen when these organizations aren't the middlemen? When will we all have to take more responsibility in fending for ourselves? When will we arrive at the Human Internet of Things? Seems to me it's only a matter of time.