Cybersecurity Insights

Richard Jones

Security & 'The Internet of Things'

13/02/2015, 16:30

Richard Jones, one of our PCI DSS/Payment Security Specialists, gives his thoughts on the landscape of PCI Compliance (and driverless cars!)

cliff-clipart-caution-cliff-water-clip-art It was slightly ironic that the day after my niece passed her driving test, at the 4th attempt I might add, the media was gripped with the excitement of a driverless car being tested out on the streets of Milton Keynes! The fact that it took 4 attempts to pass is testament to the fact that the barriers to entry as far as driving on the streets of the UK are concerned remain fairly high, arguably higher than when I learnt to drive in the 80’s.

Whilst cars have become safer and are now equipped with all manner of driving aids (mine parks itself, or so I am led to believe), the process by which one gains their driving license has remained pretty consistent. Some formal tuition, plenty of practise and a sound understanding of the Highway Code - whether your first vehicle is a Ferrari or a Fiat, the process is the same.

Now, I have long considered that there are a number of parallels with motoring and IT, in particular their respective evolutions and overall impact on society.  That said, how we are educated to use them has diverged somewhat. Going back to when I started out in this industry, you were always being trained on something new. Anything different required some form of education to ensure you knew what you were doing. Granted - back then, IT was far from intuitive, so just ‘winging it’ was not an option.  Then suddenly it all stopped, certainly from a user perspective. As generic office systems took over, so it was assumed that everyone knew what they were doing. Indeed to this day, whilst I have probably used MS office at some point during every working day of the last 20 years, I have never had any training on it.

Clearly I can get by, however during that 20 years the said application has evolved considerably, yet I still use pretty much the same basic functionality that I picked up back in the early nineties!  OK, so that’s my problem, ‘Help’ abounds within MS office and there is no shortage of books and online resources to help me maximise the plethora of functionality that it offers. The thing is that it’s all ‘opt-in’, it requires me to be inquisitive and motivated enough to find out what I might be missing.

And so it is with pretty much all the technology that clutters up my home. Every new gadget is pitched with some great new feature that will revolutionise our life! Cool as these features at first may seem, how many of them really are life changers? Things that next time around, we really can’t do without? My guess is that one or two stick, however the rest are confined to the digital equivalent of the ‘Innovations’ catalogue that used to fall out of the Sunday papers!

Which brings me to Cyber Security, or more specifically, how it could impact us in the brave new world of the ‘internet of things’.  Firstly the whole concept is rife with cool ideas, indeed there is now no end to what could be automated for us. Everything will become that bit more convenient and rid us of the hassles of 21st life. However, just as the dot com boom created an in ordinate number of crazy ideas, just because it’s possible it doesn’t mean it will catch on. The challenge this time around is that we stand to expose ourselves to an increasing level of Cyber Risk. The thought of my fridge being hacked into and re-stocked with cheap lager rather than my preferred craft options is too awful to contemplate!  But seriously creating an ‘internet of things’, will demand a much more effective means of imparting cyber security awareness.

I’d argue that driverless cars could serve to close the loop. Indeed it could go one of two ways. Either, the current approach to learning to drive remains and ‘taking control’ of a driverless car requires a heightened awareness of cyber security risks before you hit the road, or the trial and error alternative - perhaps backed up with a sort of ‘self-assessment’ driving test, to confirm that you know what you are doing!

Anyway I’m off to figure out how to ‘self-park’ my car, I don’t want to get left in the ‘driverless’ car slow lane, trundling along at 10mph, because I haven’t got the patience to explore the more exciting options available to me! 

Tags: Web Security