The CIA Fears the Internet of Things

by Patrick Tucker,  Defense One 

The major themes defining geo-security for the coming decades were explored at a forum on “The Future of Warfare” at the Aspen Security Forum on Thursday, moderated by Defense One Executive Editor Kevin Baron.

Speaking as part of the “Future of Warfare” panel, Dawn Meyerriecks, deputy director of the U.S. Central Intelligence Agency’s (CIA) directorate of science and technology, discussed the agency’s position on emerging technological concepts such as big data and the Internet of Things (IoT).

Meyerriecks said the CIA cannot afford to be caught unaware by changing technology and is particularly concerned about the unintended security implications of the IoT. Meyerriecks pointed to documented cases of Internet-connected, embedded appliances already being turned to malicious purposes: a distributed denial-of-service attack launched using smart refrigerators and a massive 2013 spam attack that involved some 100,000 Internet-connected devices.  She also mentioned “smart fluorescent LEDs [that are] are communicating that they need to be replaced but are also being hijacked for other things.”

“The merger of physical and virtual is really where it’s at. If we don’t grok that then we’ve got huge problems,” she said. Grok, a reference to Robert A. Heinlein’s 1961 novel Stranger in a Strange Land, describes the telepathic communion of thoughts, feelings, and fears.

The potential security implications of connected health devices are especially worrying to Meyerriecks, who called the potential transparency and workplace problems something “I don’t want to have to deal with.” She also said the CIA has big plans for big data analytics, in particular the creation of highly-targeted data collection efforts that would eliminate the need for today’s clumsy mass surveillance efforts.  Report