Planes, robots, and vulnerabilities! Cybersecurity news this week included a number of stories focused on just what the new autonomous society we are building will look like, and what we need to do to keep that society safe:
- Improving the VEP: The Vulnerabilities Equities Process (VEP) is the internal process that the U.S. government uses to determine whether they should disclose newly discovered vulnerabilities, or retain them for offensive use by the intelligence community. It has been one of the most controversial cybersecurity flashpoints in recent years. Today, the White House announced a new, much more public and transparent VEP process. The response has not been universally positive, but, in general, reviews have been supportive, and the new process is a substantial step beyond the internal processes that existed before. If you're interested in how the government captures and uses 0-days, this is an important development, and worth a read.
I'm reading: "Improving and Making the Vulnerability Equities Process Transparent is the Right Thing to Do," "It’s Time for the International Community to Get Serious about Vulnerability Equities," and "Federal vulnerability review under new VEP still has questions."
- Let us celebrate – and beware – the backflip: If the last decade of technological innovation has been about anything, it has been about the ongoing rush to integrate technology into more and more parts of society. One of the key challenges between us and a Phillip-K-Dick-inspired future is how to make robots that can move and act like human beings. As far-fetched as this might seem to those who have interacted with the early-stage robots that now roll by at some malls in Silicon Valley, researchers recently took a massive step forward – building a robot that can walk, step up stairs, pivot smoothly, and even execute a perfect backflip. The video is incredible to watch, but what it really shows is evidence that we are breaking down yet another barrier between us and a world of ubiquitous autonomous technology. What this world will look like as it continues to emerge remains to be seen, but if you were thinking it was still years or decades off, take this report as yet more evidence that you should probably reconsider.
I'm reading: "Stop Laughing at Those Clumsy Humanoid Robots."
- Nice plane you've got there...: A new report from a group of cybersecurity researchers working for the Department of Homeland Security seems to confirm earlier claims that at least some major jetliners are subject to remote hacking. The team targeted a Boeing 757, and was able to remotely access the plane's systems using radio frequency communications. There are conflicting reports about how serious this access could prove, but to be honest, this shouldn't be a huge surprise to anyone. It is simply the other side of creating an increasingly networked society – increasing connectivity also creates increasing attack surface. It will be interesting to see going forward what steps are taken to address threats like this, especially as they become more prominent and more frequent.
I'm reading: "Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says."
- Mob majority by any other name...: We have all seen the science fiction stories about a parallel world where everything (and everyone) is judged based on popularity – based on likes or up-votes from friends and acquaintances. Maybe you've seen the Black Mirror episode. Or the 2014 Community episode. Or any number of other treatments of this issue that inevitably vear sharply into futuristic dystopia and cautionary tale. Well, now you don't have to wade all the way to futuristic fiction to find this plot. China recently announced a new "social credit system" that it is in fact already using to rate its citizens. The goal of the project appears to be to measure and enhance trust and build a culture of "sincerity," but every time I look at it I can't help thinking about the wholly arbitrary reasons why you might click a like or dislike button on any given day. Where will this initiative lead? I guess all we can do is wait and find out. Or else you could watch any of the dozens of sci-fi imaginings, and fervently hope that's not where it's headed.
I'm reading: "Big data meets Big Brother as China moves to rate its citizens."