A little over two years ago, I wrote about a hacker who was able to demonstrate hacking and takeover of an airplane’s flight control system, and suggested that it may be awhile before someone was able to execute this same type of hack “in the wild.” Unfortunately for everyone, it’s happened sooner than we might hope: notorious hacker Chris Roberts of One World Labs has claimed that he managed to penetrate an airplane’s flight control system while it was in flight and was able to temporarily alter the plane’s trajectory by overriding controls on a wing engine, forcing the plane to fly sideways for an short period. After joking via Twitter about his hacking activities on an April flight, Roberts was detained by the FBI and his equipment seized. According to affadavits published of the FBI interviews with Roberts, it appears as if the FBI believes Roberts is in fact capable of hacking planes while in flight.
What this means for you:
I’m actually quite surprised this hasn’t happened sooner, and with much more horrifying results. On the scale of expertise on technology security, I consider myself to be only moderately well-trained and informed, but it doesn’t take a expert to comprehend why this is going to be an increasingly dangerous problem. Because all security systems are essentially designed by humans, they will inherently be flawed. Hackers count on this weakness and are able to exploit it over and over again. In the case of the above alleged hacking incidents (yes, there was more than one), Roberts exploited a hardware weakness – he was able to physically connect his equipment to the plane by cracking the inflight entertainment box under his seat – and a software weakness – he used default passwords to circumvent the security of the plane’s control systems. In both cases he would have been foiled if the people who designed and implemented the systems had taken more care in their work. According to Roberts, his actions are meant to goad the industry into taking security more seriously, and maybe now that the FBI seems be backing his claims, something might get done.
Overall, security is an uphill battle, and requires more energy, money and expertise than most companies can field at any given time. Like insurance, many folks have a hard time spending money to secure against something that might happen. In this case, like the other inevitabilities we insure against, accepting the fact that you will be hacked (even if you already have been) at some point in the near future, will help you frame your investments in security in a more realistic and practical perspective, and doing something proactive will often put you ahead of your competition. Embattled industries like airlines should definitely keep this in mind.
For those of us that spend a good part of the day stuck in SoCal traffic, Google’s self-driving car offers a tiny glimpse of future salvation. We’re a long way off from streets filled with autonomous autos, but Google’s cars have driven 1.7 million miles so far, have only been in 11 accidents, and apparently humans were at fault in all cases. This really shouldn’t come as a surprise to anyone with any measure of self-awareness and experience with today’s technology. After all, technology provides us with a means to amplify our own innate abilities and allows us to achieve objectives that might be beyond our unassisted reach. It also grants us the ability to fail faster and sometimes in a spectacular way.
What this means for you:
My newer clients are frequently surprised to hear me say, “Sometimes, less technology is better.” It sounds like a butcher preaching a vegan life-style to his customers. The main reason I say this is not because I’m a Luddite (far from it!) but that I often come across instances where someone has become temporarily blinded by what I call the “Shiny Factor” and has adopted or implemented a technology that complicates rather than simplifies their original intent.
A prime example of this are clients that purchase software or even new computers to deal with an increasing volume of email, when the simpler (but not necessarily easier) solution would be to reduce the volume of email. Purchasing expensive firewalls won’t prevent infections caused by poorly-trained employees. Faster, more powerful computers won’t fix broken process automation or buggy software, nor will a faster internet connection necessarily result in more productive workers. It’s a dangerous, slippery slope, and can become self-perpetuating spiral of expense, frustration and complexity. As the old adage goes, the cure may end up being worse than the disease.
Are we doomed? Only if we continue to ignore that technology is created to serve us, and not the other way around. Technology is not meant to replace humans, but to amplify us. It’s up to us to make sure that the good is amplified and the bad minimized wherever possible, and sometimes to solve problems or get work done the old fashioned way – with a little elbow grease, human ingenuity, and common sense.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net