Cyber Breaches Will Kill

People's property and life are getting increasingly exposed to cyber-attacks because just about everything today has computing power, an information security expert warns. A world of "smart" devices means the Internet can kill people.

“It used to be what with computer security, we were worried about computers, desktops and laptops,” Bruce Schneier, (pictured) a special advisor to IBM Security, said Tuesday 14th May during the Payments Canada Summit in Toronto.

But cars, appliances, power plants and medical devices are at increased risk from hacking attacks, suggested Schneier, author of Click Here to Kill Everybody.

Everything is a computer. Ovens are computers that make things hot; refrigerators are computers that keep things cold. These computers, from home thermostats to chemical plants, are all online. The Internet, once a virtual abstraction, can now sense and touch the physical world.

As we open our lives to this future, often called the Internet of Things, we are beginning to see its enormous potential in ideas like driverless cars, smart cities, and personal agents equipped with their own behavioral algorithms. But every knife cuts two ways.

“All the lessons from computer security, about vulnerabilities, about hacking, about complexity, about changing technology, become true for everything everywhere, and I am not convinced we are ready for that,” Schneier said during the recent  Payments Canada Summit in Toronto.

“There’s a fundamental difference between ‘my spreadsheet crashes and I lose my data,’ and ‘my embedded heart monitor crashes and I lose my life,'” said Schneier.

But the computer you use for the spreadsheets could have the same type of operating system and central processing unit as one with an embedded heart monitor, added Schneier, and therefore the same method can be used to attack both.

“It’s only what the computer is attached to that makes a difference and that is the world that is coming.”
Conventional computers can be made more secure with patching but this is because the software vendors have teams working on software that addresses security issues and can be installed by the users.

“That fails with low-cost medical devices. The teams don’t exist.”

Schneier suggested that although he worries that someone might hack into his medical records and steal his private health records, he is even more worried about the consequences of a hacker being able to alter his health records and show that he has a different blood type.

Cyber security has three major elements, confidentiality, integrity and availability, said Schneier.

Confidentiality means only certain authorised people can access the data.

Integrity means the data cannot be changed and availability means that one has access to the data. So a corporate data breach means the data is no longer being kept confidentiality, while a ransomware attack means the data is no longer available.

If a criminal can hack into medical records and change what is recorded as the patient’s blood type, then the integrity of the data is compromised.

“When you get to computers that affect the world in a direct physical manner, the integrity and availability attacks are much worse than the confidentiality attacks because there are real risks to life and property,” said Schneier.

He demonstrated the significance by using an example of hackers targeting a connected car. Listening to one’s conversations on a Bluetooth-enabled cellphone or figuring out someone’s location is a confidentiality breach, suggested Schneier.

“I really don’t want them disabling the brakes. That is a data availability attack,” said Schneier, who is also a fellow at the Berkman Klein Center for Internet & Society at Harvard University

“Your car used to be a mechanical device. Now it’s a computer with four wheels plus and an engine.”

Canadian Underwriter:

You Might Also Read: 

Security Flaws In Smart City Technology

 

 

« The Worldwide Skills Shortage Is Growing
Iranian Cyber-Espionage Exposed »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

iboss Network Security

iboss Network Security

The iboss cloud is designed to deliver Network Security as a Service, in the cloud, using the best malware engines, threat feeds and log analytics engines.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Cyber Senate

Cyber Senate

Cyber Senate is dedicated to bringing Operators of Essential Services together with global subject matter experts to address the challenges of evolving cyber threats to critical infrastructure.

HDI Global SE

HDI Global SE

HDI Global SE provides customised insurance solutions for industrial and commercial clients worldwide including Cyber Liability insurance.

Defence Intelligence

Defence Intelligence

Defence Intelligence is an information security firm specializing in advanced malware protection.

Portuguese Institute for Accreditation (IPAC)

Portuguese Institute for Accreditation (IPAC)

IPAC is the national accreditation body for Portugal. The directory of members provides details of organisations offering certification services for ISO 27001.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

Sequretek

Sequretek

Sequretek was formed with the aim to “Simplify Security”. We envision a future where enterprise networks are streamlined, secure and simple.

Dell Technologies Capital

Dell Technologies Capital

At Dell Technologies Capital we lead investment in disruptive, early-stage startups in enterprise and cloud infrastructure.

Aversafe

Aversafe

Aversafe provides individuals, employers and certificate issuers around the world with a first line of defense against credential fraud.

Redhorse

Redhorse

Redhorse provides top-tier consulting to help clients address mission-critical government problems in National Security, Networking Technology, Energy and the Environment.

National Cryptologic Foundation (NCF) - USA

National Cryptologic Foundation (NCF) - USA

The National Cryptologic Foundation strives to influence the cryptologic future by sharing our educational resources, stimulating new knowledge, and commemorating our heritage.

Alpha Omega Integration

Alpha Omega Integration

Alpha Omega creates new possibilities through intelligent end-to-end mission-focused government IT solutions.

Chestnut Hill Technologies (CHT)

Chestnut Hill Technologies (CHT)

CHT provide Best Practices IT Cybersecurity and Technology Solutions and Consulting Support to the Mid Cap through Fortune 1000 Nationwide.

Zeus Cloud

Zeus Cloud

Zeus Cloud provide clients with world-class web hosting services to businesses both big and small.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.