What does the digital society mean to you?

Posted on: October 24, 2017 by Sanjay Kapoor

I recently attended a presentation by Bruce Schneier – a renowned security expert - at which he shared an insight that made me reflect on our evolution as a Digital Society. He said that we are creating a world-size robot. This led me to think about the technological advances that could have led him to make this statement.

Consider the advent of the Internet of Things (IoT). Nowadays, just about any Internet connected device can become a sensor for the robot, enabling it to see, to listen, to smell, to touch and perhaps even to taste. Consider the storage and processing capacity offered by Cloud. This enables it to store and process the vast amount of data that is produced by these sensors. Consider Artificial intelligence algorithms which enable it to make sense of the data such that it can learn from the past and predict what may happen. One could argue that this makes it able to think.

Consider technologies like Alexa that enable us to interact with it by speaking to it and listening to it. This, coupled with the advances in image recognition, will soon enable it to assess our moods from our facial expressions, from the way we walk or from the tone in our voice. Based on this, it may be able to predict what we are about to do. One could argue that this makes it able to know what we think.

If the robot is able to think and know what we think then perhaps it is more human-like than robot-like. Notably this humanoid evolution is happening without any definition of the ethical bounds within which it can and should operate. Fortunately, since Professor Stephen Hawking raised concerns about Artificial Intelligence, people have begun to consider this dimension and groups (like OpenAI and the Partnership on AI) have formed to try to address it.

Along with concerns over the ethical boundaries of a new humanoid world order, there are other issues to consider. Security professionals have always cautioned that in the rush to achieve digital innovation, security and privacy are considered as an afterthought.

This concern is being realised as Blackhats (unethical hackers) take advantage of IoT innovation to find their own new ways to launch attacks. Consider last year’s Distributed Denial of Service (DDoS) attack on the Domain Name Service (DNS) provider Dyn. In this attack, a botnet (of Mirai infected IoT devices) was used to overwhelm the DNS service. The impact was that many organisations, including Netflix and Twitter, were simply not visible on the Internet. Innovative search engines like Shodan enable vulnerabilities in IoT devices to be easily found in real time and this, it seems, is being used by Blackhats as well as Whitehats (ethical hackers). Much of the Whitehat research presented at hacking conferences these days is on the ease with which IoT devices can be compromised.

Fortunately, governments are beginning to intervene and to mandate minimum security levels on IoT devices. For example the “IoT Cybersecurity Improvement Act of 2017”, which is being passed in the US, mandates the removal of default or hardcoded passwords. This is a basic security control and the fact that it has to be mandated illustrates just how much IoT security will need to mature.

So, the Digital Society will be a world in which it will be very easy to get things done, either because we want to do them or because we need to do them. Perhaps, we will just need to think what needs to be done and the mind-reading humanoid will take care of the implementation. In this world it will not be sufficient to achieve the traditional balance between security and functionality. We must now balance ethics and innovation along with security and functionality. Otherwise, the price for our Digital Society will be high.

Share this blog article

About Sanjay Kapoor
Head of Cybersecurity - Worldline UK&I
Sanjay is the Head of Cybersecurity at Worldline UK&I - the European leader in the payment and transactional services industry. He is responsible for setting and implementing the strategy for Cybersecurity and Data Protection across all business areas. Aspects of this include GDPR, product security strategy, secure software development, cloud platform assurance, data analytics platform assurance, AI products assurance and security in operations across all services. Sanjay holds certifications in ethical hacking (CEH), ISO27001, cloud security(CCSK) and is a CISSP.