Stolen Data, Internet Giants, Social Media, and Artificial Intelligence: The Growing IoT Risk

You can scarcely read the news today and not find an article about an information breach of one sort or another.  The most visible one today is the Equifax breach.  Exposing the personal information of nearly 150 million customers, much of the concern and recommended actions are focused on protecting  people’s credit by placing a “credit freeze” on accounts, but should this be the only concern? For Equifax their business goal is apparently not just to gather the information needed to address the credit worthiness of a person or corporation, but to amass information that it could productize to sell to other companies, including ironically information used to address Cyber security breaches.

Are they the only company amassing unprecedented concentrations of personal data? Is the credit report of the average person really the biggest potential problem?  The answer to both is definitively no.

All of us are complicit in the willful offering of our personal information to the mega Internet companies, being enticed by free services and our own vanity.  It is precisely this information value that drives Internet advertising and sales support making companies worth hundreds of billions of dollars.  These services contain not only static information but also patterns-of-life of hundreds of millions of people.

What is the danger, why do we believe that these companies or really any company can protect its information from hacking exfiltration?  How do we understand the risk of Insider Threats of these great compilations of data?  Will we even know when breaches occur?  Do we know when it is for monetary gain or even more concerning for political or military power?

With the explosion of Artificial Intelligence (AI) systems, what is the training set needed before an AI understands a person’s life and puts together the details and information that today forms the basis of identity and trust?  And then use of this information for nefarious purposes.

So, we worry about the opening of a new unauthorized credit account, but do we worry about the modification of an account that enables the unauthorized opening of a door in a house, or turning on off lights or heating?  In a few years, virtually all cars will be connected, how many cars need to be “hijacked” before chaos ensues?

These are a lot of questions, but they are some of the critical questions that need to be considered as the Internet of Things becomes virtually everything and our current ability to securely operate these systems gets away from us.

I hope to see you at the IEEE CNS 2017 Industry Track where we will expand and hopefully see some answers.