The recent Mirai cyberattack, where several devices connected in the ecosystem collectively referred to as the Internet of Things (IoT) were hacked, converted into botnets, and directed to execute distributed denial of service (DDoS) attacks on popular websites such as Twitter, Spotify and SoundCloud, highlight the continuing need to battle cyber threats. So do the banking hacks of last month when 3.2 million debit cards were compromised, most likely due to a malware in the systems of Hitachi Payment Services which managed the “switch” to inter-bank networks. Reliance on the existing cybersecurity frameworks to address these threats—notifying users, tracking the source of the hack and improving protection for the future—seems to send the message out that nothing new can be done beyond more of the same old. Cyber threats are a necessary evil and we just have to protect ourselves better against them.
But on closer analysis, the nature of these attacks, especially Mirai, reveal how ineffective more of the same old is soon headed to be. In a world of connected washing machines, hair dryers, air conditioners and television sets, an intrusion into any one of the connected points—and there are many of them indeed—can result in drastic consequences for both the virtual and real world.
Current scenario-building exercises that envisage critical infrastructure projects being taken over by dangerous third parties or rogue nations, or huge swathes of private information stolen from information repositories such as servers and cloud storage systems, ignore the equally disturbing consequences arising from the inefficient functioning of devices connected to the Internet. Even the response of banks to the debit card hack mirrored this sentiment when predominant attention was devoted to the quantity of money skimmed through the unauthorized transfers to arrive at a figure much lower than previous hacks elsewhere.
The number of man-hours lost in rectifying the intrusion, the quality of service affected during the period when the attacks are on, the volume of business wiped out, the hardship to consumers and, above all, the sheer loss of trust which cautions people from switching to otherwise efficient modes of banking, are beyond tangible quantification, but often ignored as independent justifications for policy intervention. The systemic inefficiency caused by attacks such as Mirai exceeds manifold the choke caused in the early 2000s by the spamming explosion, and to which legal and policy responses were directed.
The evolving nature of the Internet, which today permits sensors, consumer devices, industrial machines and all kinds of appliances not fitting within conventional notions of a computer or even a smartphone, to connect and share data, leaves us with no choice but to clamp down on inefficiencies in the running of devices connected to each other and the Internet. Cyber efficiency, broadly defined by this writer as the efficient working of “connected” consumer and industrial appliances, and attacks on such efficiency in the form of hacks and unauthorized intrusions, merit independent attention and resultant policy frameworks, because they transcend “information technology” and move into the domain of “consumer technologies” and “manufacturing technologies”.
For Full Story, Please click here.