Internet of Things’ future collides with Jeep hackers
News that hackers had messed with the controls of a Jeep Cherokee — first the heater, then the radio ... then the transmission, then the brakes — sent a shiver down a lot of spines, and not just in the high-tech community and the auto industry. The entire industrial economy is amped up about the Next Big Thing, and that “thing” goes by the curious name of the Internet of Things. The Internet of Autos is a particularly sensitive part of the mix. But back to the Jeep. The fact that it was a “friendly” hack, and that Fiat Chrysler is issuing a fix, offers cold comfort. For what the hackers demonstrated was not simply one particular vulnerability, but the sobering fact that a vast global engineering company, no doubt paying big dollars to cybersecurity experts, could be out-maneuvered in a situation of life and death. And by a couple of guys in a basement — whose only contact with the Jeep was via their QWERTY keyboard.
The core idea behind the Internet of Things is to use increasingly cheap sensors (soon, we are told, to number in the trillions) and the growing ubiquity of Wi-Fi to create a “smart” world in which devices are continuously connected and engaged with each other. Such connectivity will make life easier for us, and drive economic value. So the future will have “smart” homes in “smart” cities — and we shall be traveling in “smart “cars. To put it in simple terms, the Internet’s “new economy” gets much more closely synced with the “old economy.” In the trade, they call it simply M2M; machine-to-machine.
Yet as the tale of the Jeep Cherokee shows, the “smarter” we get, the more interdependent — and therefore potentially more vulnerable — we become. Every fresh connection raises the stakes with all the exponential inevitability of Moore’s Law itself.
We have already begun to learn this lesson with respect to information. Hackers have ransacked the data held by major corporations so often that it’s scarcely news any more. Visa, Sony, Target — the list keeps growing. The latest scandal, of course, is that of the U.S. Office of Personnel Management, the federal HR agency. It appears that more than 20 million personnel records have been siphoned off, including millions containing extremely sensitive high-security clearance applications. Not so long ago the only way to filch that kind of data was with a photocopier.
What’s different, of course, with the Internet of Things is that the threat posed is not simply to information — but directly to people’s safety and indeed their lives. This is already true across a range of early applications, from heating and locking your home to certain medical devices, to a host of uses in transportation — including, of course, the Jeep Cherokee. As the “smart” movement advances to include self-driving cars (and trucks, and buses, and trains), a huge range of health care applications and comprehensively connected smart homes, the risk curve gets steeper. And as it rises, perceived risk — what people worry might go wrong — can go off the scale. Just one big scare could lead to a huge loss of confidence — and corresponding market damage.
So what to do? The Internet of Things is with us and growing. By one estimate, we shall soon have 100 connected devices in every home. Management gurus at McKinsey & Co. reckon that by 2025 it will be driving up to $11 trillion of value — more than one-tenth of the global economy.
Here’s the thing: One spine shivering colder than most when the Jeep story broke was that of Fiat Chrysler’s flamboyant boss, Sergio Marchionne. He’s no typical CEO, aloof in the C suite behind layers of aides. I once saw him pull six different cell phones out of his pockets, and he’s famous for having dozens of direct reports. His company’s rapid decision to recall 1.4 million vehicles plainly came from the top. In the era of the Internet of Things, trust becomes ever more important to business.
Brands who stumble will pay a heavy price. Companies who want trusting customers will need to build cybersecurity into the core of their design and engineering processes from the ground up, and hold everyone on the team responsible; and we will expect them to operate with a high degree of openness. In the machine-to-machine economy our hard-won trust will need to be continuously maintained if they want to stay in business. We shall expect transparency and extreme reliability as the increasingly interconnected economy moves ahead.
I wonder if cybersecurity is a department among Marchionne’s direct reports. Perhaps it is now.