I’ve been following and reading Bruce Schneier for many years. He’s one of the most well-researched, articulate, and reasonable technology experts writing about computer and network security around.
I highly recommend reading: Hacking Airplanes. It’s a well reasoned and well written piece on internet vulnerabilities as we become more connected.
Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some “Die Hard” reboot, but it’s actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.
He’s not saying that the above scenario will happen any time soon, or ever, but he is worried that as “the internet of things” grows and our refrigerators, watches, cars, planes, baby monitors and medical equipment become more connected, our vulnerability to cyberattack grows.
Bruce Schneir has a fascinating piece on Internet Quarantines.
The short of it: If an ISP finds that a computer getting online through its gateway is infected with a virus and is spreading it, that ISP could close down the cable modem of that computer’s home or business network and keep them offline until the problem is solved.
There’s the technical problem–making the quarantine work in the face of malware designed to evade it, and the social problem–ensuring that people don’t have their computers unduly quarantined.
No doubt we’re on the way to quarantining in the background (self-healing?) with operating systems that update themselves and applications that send manufacturers information about the environment they’re running in.
The social problem is the one that interests me and Bruce discusses it:
Who gets to decide which computers to quarantine? A software vendor (Microsoft for example) might want to quarantine all computers not running legal copies of its software.
What if someone uses their cable modem for voice over IP telephone calling and that’s their only means of making and getting calls? Take them offline for a virus and you’ve made for a potential disaster when they can’t call for help when they fall down.
What if someone gets quarantined by mistake? What will their recourse be?
Public health is the right way to look at this problem. This conversation–between the rights of the individual and the rights of society–is a valid one to have, and this solution is a good possibility to consider.
Quarantining is a form of social engineering and as we’ve found out with attempting to change the whole to protect the part (ADA, Affirmative Action, etc.) that things get messy. This doesn’t mean that social engineering is a bad thing to do or that quarantining isn’t something to consider to make for a safer/cleaner internet, just that it might get a bit messy downstream.