Blade Runner Redux: Do Embedded Systems Need A Time To Die?

The plot of the 1982 film Blade Runner (loosely based on the 1968 novel Do Androids Dream of Electric Sheep by Philip K Dick) turns on the question of what makes us ‘human.’ Is it memories? Pain? Our ability to feel empathy? Or is it merely the foreknowledge of our own certain demise?

In that movie, a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them.  In essence: the replicants want to become immortal.

Rutger Hauer-Bladerunner
Do embedded devices need a time to die? Dan Geer, the CISO of In-Q-Tel, believes they do.

It’s a cool idea. And the replicants – pre-loaded with fake memories and histories – pose an interesting philosophical question about what it is that makes us humans.

Our artificial intelligence isn’t quite to the ‘replicant’ level yet (the fictional tale takes place in 2019, so we have time). But some of the same issues that animate Blade Runner are starting to come to the fore. Exhibit A: Dr. Dan Geer’s keynote speech from The Security Ledger’s Security of Things Forum last week. The Chief Information Security Officer at In-Q-Tel, the CIA’s venture capital arm, Geer is an astute observer of the security zeitgeist. He used his speech to zero in on a central tension of the Internet of Things: the Herculean task of securing billions of smart, connected embedded devices.

“The embedded systems space, already bigger than what is normally thought of as ‘a computer,’ makes the attack surface of the non-embedded space trivial if not irrelevant,” Geer said.

Beyond their sheer numbers, embedded devices have a way of hanging around. Geer noted they persist in computing environments long after their (supposed) useful life has passed – achieving a kind of immortality that’s a common problem in managing industrial IT environments and critical infrastructure. “If those embedded devices are immortal, are they angelic?” Geer wondered.

Geer made headlines back in 2003 when, as an executive at the consulting firm @stake, he co-authored CyberInsecurity: The Cost of Monopoly.” In it, Geer argued that the Microsoft Windows monopoly on private and public networks magnified the risks of security vulnerabilities that affect Windows, undermining the security of the entire computing environment.

He returned to that idea in his talk at the Security of Things Forum. The problem with embedded systems (like replicants) becoming ‘immortal’ is that the longer embedded systems persist in IT environments, the harder they become to manage and defend, he said.

Computing monocultures, Geer said, raise the likelihood of what he terms “cascade failures” in which the ripple effects of attacks against a wide range of computing systems cause disruption far in excess of what would be possible by attacks on any one system.

In the coming Internet of Things, Geer warned, we are at risk of establishing a Windows-like monoculture of embedded devices all relying on a short list of hardware and software. Individually, these devices aren’t particularly valuable targets compared to, say, a Web application server or enterprise desktop system. But, together, IoT systems are tremendously powerful. That means the effects of an attack on that infrastructure (think Code Red or SQL Slammer) will be harder to detect and more damaging than the Windows worms of a decade ago or today’s ‘advanced persistent’ attacks.

“Perhaps what is needed is for embedded systems to be more like humans.” Dan Geer, In-Q-Tel

 

“The Internet of Things, which is to say the appearance of network connected micro controllers in seemingly every device, should raise hackles on every neck,” he told attendees.

Dan Geer Speaking
Geer addressing The Security of Things Forum on May 7.

“Our food pipeline contains less than a week’s supply, just to take one example, and that pipeline depends on digital services for everything from GPS driven tractors to drone-surveilled irrigators to robot vegetable sorting machinery to coast-to-coast logistics to RFID-tagged livestock,” Geer observes. “Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?”

Geer isn’t hostile to the idea of monocultures. Rather, he argues that if we are to opt in favor of monolithic computing infrastructures, we need “tight central control” of that infrastructure. That might come either in the form of a robust and secure management infrastructure that keeps close tabs on the operation and behavior of connected devices and allows them to be rapidly updated (a la Windows update). Or it could come in the form of a kind of designed obsolescence – a ‘mortality.’

“Perhaps what is needed is for embedded systems to be more like humans,” Geer told attendees. “By ‘more like humans’ I mean this: embedded systems, if having no remote management interface and thus out of reach, are a life form and as the purpose of life is to end, an embedded system without a remote management interface must be so designed as to be certain to die no later than some fixed time,” he said.

As with the “Insecurity” paper, Geer’s thoughts are bound to spur discussion and even controversy. Writing on DUO Security’s blog, security evangelist Mark Stanislav called Geer’s keynote “truly thought-provoking.”  “It’s this forward-thinking that has made Dan’s research and papers a continual source of inspiration for many of us as we approach the next hurdle of security realities,” he wrote.

Joshua Corman, the Chief Technology Officer at the firm Sonatype and another Security of Things speaker said that Geer’s formulation of embedded devices as “immortal” was both elegant and inspired.

Corman saw Geer’s talk as a call to arms for the security industry to push for standards that would require Internet of Things devices – especially those that might affect the public’s safety or welfare – to include a patching feature. “The message I took from that is that the Internet of Things will not be secure if it is not patchable,” Corman said.

You can read Dan’s speech on his web site.

It is also mirrored on Security Ledger here.

Comments are closed.