Bracing for the Denial of Things

Denial ThingsTurn out the lights in any major city in the developed world, and you know what? It’s not really all that dark. Unless you’ve managed to lock yourself in a broom closet (I won’t ask) then chances are, while it may be dim, it won’t actually be dark. Why? Because cities are luminous creations. Actually, pretty much the entirety of modern civilization is lit, constantly. But what would happen if the lights really went out? I mean, really?

In his 2012 blog “In Tyler Durden We Trust,” Jeff Sorenson wrote:

“I remember one of my favorite moments in my life was during the Great Northeast Blackout of 2003. In an instant, everyone went back in to the dark ages. People’s cell phones got no signal… I got to the see the Milky Way from my house due to the light pollution largely being gone. Looking down a major road was completely dark and looked like I was in the middle of the countryside.”

I recently mentioned, rather offhandedly, the concept of Denial of Things (DoT) as an attack. It was slightly tongue-in-cheek, since ultimately it’s just another DoS attack, albeit aimed at IoT devices, and not other services. But the more I thought about it, and talked to other folks in the industry, the more I realized just how powerful such an attack would be.

Remember the incident at the Austrian hotel where attackers basically used IoT-targeted malware to lock all the guests out of their rooms? Annoying, but probably not life-threatening in most cases.

Here’s the challenge though – it’s only going to get worse. And by “worse” I mean much, much worse. Every benefit of technology invariably brings with it a level of dependency on the services that technology provides. FEMA wrote a short paper on this a couple of years ago: “However, the reliance on technology may also make infrastructure more vulnerable to cyber-attack, natural disasters, Electromagnetic Pulse events, and solar flares.”

Processes and expectations adapt to the presence of technical enablers by simply absorbing the capability. Rather like a piece of grit at the heart of a pearl, the process grows around the capability. So what happens when the rug gets pulled out from under the feet of a technologically dependent society?

The result is unlikely to be pretty. Remember, as the IoT becomes more embedded, the domino effect of deeply inter-related systems failing will become harder and harder to manage. A well-coordinated Denial of Things attack could target very specific elements of our infrastructure or society. Power grids, self-driving cars, city control systems, medical monitors, emergency response capabilities, retail systems – any number of opportunities might exist to cause economic damage, to make a political point, to exert strategic pressure on a government, or to simply make a buck through extortion.

While the examples above sound bad, shutting stuff down isn’t the nightmare scenario. No, the real problem would arise when they attack, not the availability of an IoT-based service (such as a traffic control system), but rather the trustworthiness of that system.

Turning the power off would be one thing. Turning the power on and off randomly would potentially have far greater psychological (and economic) impact. A 911 system that integrates with a smart road management system would be useless, not to mention disastrous, if the traffic management systems were no longer trustworthy, routing vehicles the wrong way, to the wrong location, or preventing them from getting there at all.

So what do we do? Well, we, at the city and business level, do what ordinary people do when faced with uncertain services. We put in place backups from day one. Simply hardening systems against attacks won’t be enough (because we already know that no system is hard enough to withstand every attack). What we need then, in order to maintain trust and dependence on our systems, is resilience. The ability to bounce back is far more important in deploying IoT systems than the ability (or aspiration) to keep them safe in the first place.

If you live in a place where the power supply is uncertain, you don’t just hope the lights stay on – you buy flashlights and candles so you can stay safe until the power comes back on. An IoT denial of service will occur, and it will occur either as the result of a direct attack, or simply the result of a cascade of misfortune, the kind that caused that East Coast blackout back in 2003.

It’ll happen. So for every system that relies on smart devices (and we are going to build a lot of them), we will need the equivalent of flashlights and candles. We will need to work through the worst-case scenario for when these devices stop working, and what that looks like. And we need to build those IoT systems with significant resilience. Rolling with the IoT punches will be essential to maintaining confidence, safety, and national security.

We have big plans for the IoT, and rightly so. But as Mike Tyson famously said, “Everybody has a plan until they get hit.”