/ 20 March 2011

The internet of things: It’s big but it’s not always clever

Those whom the Gods wish to destroy, they first make infatuated with their own ingenuity. Witness the heady talk about "the internet of things".

Those whom the Gods wish to destroy, they first make infatuated with their own ingenuity. Witness the heady talk about “the internet of things”. The basic idea is that we are moving from an era when the network connected human beings to one where a majority of the nodes on it will be devices: printers, cameras, monitoring devices, domestic appliances — yea even unto the humble toaster.

Two forces are driving this trend. The first is that sensors and actuators are increasingly being embedded in physical objects — from phones to roadways to pacemakers — which are linked via the internet. “When objects can both sense the environment and communicate,” burbles a report by the McKinsey consultancy firm, “they become tools for understanding complexity and responding to it swiftly. What’s revolutionary in all this is that these physical information systems are now beginning to be deployed, and some of them even work largely without human intervention.”

The second factor is that we now have enough internet addresses to assign a unique one to every object on the planet. Originally, Internet Protocol (IP) addresses were 32 bits long, which meant that the maximum number of unique addresses was two to the power of 32 which is just short of 4,3-billion. But we are getting to the point where even that 4,3-billion isn’t sufficient and so a new addressing convention — called IPv6 — is being adopted which uses 128-bit addresses. This means that the maximum number of unique addresses available will be two to the power of 128, which is the kind of number that only astronomers can cope with, but which guarantees that every toaster can have its own IP address.

Institutional slavering
The possibilities offered by the internet of things have induced in government and industry what can only be described as institutional slavering. One of the most glaring examples is the electricity industry. All over the industrialised world, utility companies are starting to install hundreds of millions of “smart meters” which contain an on/off switch that can be remotely actuated. The prime purpose of these devices is to enable electricity suppliers to switch delinquent customers on to pre-pay tariffs; but other uses include giving utility companies (or governments) the power to implement rolling power cuts as electricity demand outstrips generating capacity.

The car industry is another case of networked-gadget mania. The current S-class Mercedes, for example, runs not just on petrol but on over 20-million lines of computer program code; it also contains nearly as many embedded computers as the Airbus A380. And even low-end cars nowadays have 30 to 50 embedded computers — which means that most vehicles are running millions of lines of software code, controlling everything from the brakes to the air conditioning. And increasingly these computers are not only networked within the car but are also hooked up wirelessly to the internet.

This emerging technological nirvana raises two disturbing problems. The first is that all computer programs have bugs, and bugginess increases with program size. The probability that your car’s software has nasty surprises embedded in it is probably much higher than the industry thinks — as Toyota discovered when their Prius and Lexus saloons turned out to have minds of their own.

But in a way the bigger threat comes from the Gadarene rush to network everything — because once you connect something to the internet it becomes vulnerable. For a cyberwarrior, for example, the ideal attack on a target country is to interrupt its citizens’ electricity supply. As two leading computer security experts put it in a recent paper: “This is the cyber equivalent of a nuclear strike; when electricity stops, then pretty soon everything else does too. Until now, the only plausible ways to do that involved attacks on critical generation, transmission and distribution assets, which are increasingly well defended. Smart meters change the game.”

They sure do. And as for cars, well last week American computer scientists who have spent two years studying the security of car computer systems revealed that they could take control of vehicles wirelessly. They were able to control, they reported, “everything from the car’s brakes to its door locks to its computerised dashboard displays by accessing the onboard computer through GM’s OnStar and Ford’s Sync, as well as through the Bluetooth connections intended for making hands-free phone calls”. The delicious irony was that these findings were presented to the National Academies Committee on Electronic Vehicle Controls and Unintended Acceleration — which was convened partly in response to last year’s scandal over supposed problems with the computerised braking systems in Toyota cars.

Welcome to the internet of things. As they say in Germany, Vorsprung durch Technik (nein). – guardian.co.uk