Martin Giles talks to Bruce Schneier about his new book, Click Here to Kill Everybody:
The title of your book seems deliberately alarmist. Is that just an attempt to juice sales?
It may sound like publishing clickbait, but I’m trying to make the point that the internet now affects the world in a direct physical manner, and that changes everything. It’s no longer about risks to data, but about risks to life and property. And the title really points out that there’s physical danger here, and that things are different than they were just five years ago.
How’s this shift changing our notion of cybersecurity?Our cars, our medical devices, our household appliances are all now computers with things attached to them. Your refrigerator is a computer that keeps things cold, and a microwave oven is a computer that makes things hot. And your car is a computer with four wheels and an engine. Computers are no longer just a screen we turn on and look at, and that’s the big change. What was computer security, its own separate realm, is now everything security.
You’ve come up with a new term, “Internet+,” to encapsulate this shift. But we already have the phrase “internet of things” to describe it, don’t we?
I hated having to create another buzzword, because there are already too many of them. But the internet of things is too narrow. It refers to the connected appliances, thermostats, and other gadgets. That’s just a part of what we’re talking about here. It’s really the internet of things plus the computers plus the services plus the large databases being built plus the internet companies plus us. I just shortened all this to “Internet+.”
Let’s focus on the “us” part of that equation. You say in the book that we’re becoming “virtual cyborgs.” What do you mean by that?
We’re already intimately tied to devices like our phones, which we look at many times a day, and search engines, which are kind of like our online brains. Our power system, our transportation network, our communications systems, are all on the internet. If it goes down, to a very real extent society grinds to a halt, because we’re so dependent on it at every level. Computers aren’t yet widely embedded in our bodies, but they’re deeply embedded in our lives.
Can’t we just unplug ourselves somewhat to limit the risks?
That’s getting harder and harder to do. I tried to buy a car that wasn’t connected to the internet, and I failed. It’s not that there were no cars available like this, but the ones in the range I wanted all came with an internet connection. Even if it could be turned off, there was no guarantee hackers couldn’t turn it back on remotely.
Hackers can also exploit security vulnerabilities in one kind of device to attack others, right?
There are lots of examples of this. The Mirai botnet exploited vulnerabilities in home devices like DVRs and webcams. These things were taken over by hackers and used to launch an attack on a domain-name server, which then knocked a bunch of popular websites offline. The hackers who attacked Target got into the retailer’s payment network through a vulnerability in the IT systems of a contractor working on some of its stores.
