Security threats can be anywhere
Even a vending machine's signals cause problems
In the brave new world of cyber challenges, everything can be a threat. Even your hearing aids, as the director of national intelligence discovered.
DNI head James Clapper told a Washington audience Wednesday that the intelligence community is grappling with the “internet of things” – devices and appliances that can be wirelessly connected to the web and can provide access for hackers or foreign spies.
Even his hearing aids required a security waiver, because they use Bluetooth technology, Clapper said.
“How’s our workforce going to be affected when even our clothes are interconnected,” Clapper said at at the Bipartisan Policy Center, “and when doctor’s regularly prescribe wireless monitors for health conditions?”
“Even now,” he added, “I need security waiver for my hearing aids which have Bluetooth connectivity.”
“Smart” devices like self-driving cars or home systems that are linked to the electric grid are improving efficiency, convenience and saving energy, but intelligence officials stress that anything that touches the internet is inherently vulnerable.
Any sensitive government site forbids items like cell phones and even fitness trackers like a Fitbit wrist band. Visitors to the CIA, for example, know they’ll be leaving their cell phones and recording devices in a building that sits at the outer edges of the campus as they enter.
The intelligence community is trying to figure out how it should operate on a wireless basis, Clapper said, in ways that are secure. It’s a particular challenge “in terms of dealing with millennials who are quite used to that,” he added.
“We’re trying to come up with a policy on this, some governance that is consistent across the enterprise, that at the same time will allow for latitude for technology to change – because it will,” he said.
The country’s top intelligence official said that as the internet of things grows more common, the 10.3 billion end points now in existence are expected to mushroom to 29.5 billion by 2020 in an industry that will be worth $1.7 trillion.
“This has huge implications for cyber security,” Clapper said. He offered another example of how complicated this could make life for spies.
During a standard sweep of a new facility, some of his security staff discovered several wireless signals “transmitting out into the world,” Clapper recalled. “Of course, for us, that conjures concern,” and the possibility of a foreign intelligence agency at work.
When the security group located the source of the signals, “they were relieved to discover the signals were not from foreign intelligence bugs placed in the facility,” Clapper said. “They came from vending machines trying to tell the distributor they were empty.”
Now, he said, he and his staff know to look for and mitigate the vending machines. That experience “conjures up questions about how the internet of things might affect the intelligence community” and is forcing them to ask themselves about potential weak points, he said.
“The internet of things presents lots of vulnerabilities,” Clapper said.