In a recent opinion piece written for The New York Times, Harvard law professor Jonathan Zittrain discusses how internet-connected devices — the “internet of things” — are vulnerable to cyberattacks; and he offers solutions to minimize these threats.
In “From Westworld to Best World for the Internet of Things,” Professor Zittrain stresses how “unprepared we are to manage downstream-networked devices and appliances — the “internet of things” — that are vulnerable to attack.” He explains that security concerns for internet-connected devices fall into two categories: compromised networked things that can endanger their users (example: a coffee maker could have safety features overridden and start a fire), and a potential hack of a subset of the millions of networked things could produce threats to business and government infrastructure or large groups of people (example: security systems in a city could be made to sound an alarm simultaneously).
Below are a few excerpts from “From Westworld to Best World for the Internet of Things.”
Short of rejecting internet integration with appliances, dealing with this [cyberattack threat] is not easy. As with home routers, we tend to keep appliances around for years, so vulnerabilities aren’t phased out quickly.
The unusual problems of the internet of things call for unusual solutions.
The first confronts the life-cycle problem. Companies making a critical mass of internet-enabled products should be required to post a “networked safety bond” to be cashed in if they abandon maintenance for a product, or fold entirely. Insurers can price bonds according to companies’ security practices. There’s an example of such a system for coal mining, to provide for reclamation and cleanup should the mining company leave behind a wasteland.
For internet-connected appliances, “reclamation” can entail work by nonprofit foundations to maintain the code for abandoned products, creating an “island of misfit toys,” in the parlance of the famed 1964 Rankin/Bass stop-motion Christmas special.
A second intervention would require networked products modeled after analog counterparts to work even without connectivity. A smart coffee maker shouldn’t be so clever that it can’t make coffee without internet access. Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for appliances that reach the end of their supported life cycles while still beloved by owners.
Finally, networked devices made by different vendors need to be able to communicate with one another — the way that, say, Mac and PC users seamlessly exchange email. That prevents a household from becoming locked into a single vendor for all its appliances. It also prevents us from flocking to one or two vendors whose compromise could cause widespread consequences.
We can create incentives to design networked devices for both interoperability and safety, and to plan for remediation when some things inevitably go wrong.
Read the full article on The New York Times: “From Westworld to Best World for the Internet of Things.”
Jonathan Zittrain is the George Bemis Professor of International Law at Harvard Law School and the Harvard Kennedy School of Government, Professor of Computer Science at the Harvard School of Engineering and Applied Sciences, Director of the Harvard Law School Library, and Faculty Director of the Berkman Klein Center for Internet & Society. His research interests include battles for control of digital property and content, cryptography, electronic privacy, the roles of intermediaries within Internet architecture, and the useful and unobtrusive deployment of technology in education.