If you’re looking for an example of American self-satisfaction, one might be our concept called “smart cities.” This is a 21st-century label for municipalities that manage their basic infrastructure — everything from water treatment to parking meters — via the Internet. Pretty smart, unless, of course, someone hacks into the system and turns everything to chaos.
When that happens, and it’s come pretty close more than a couple of times in the U.S., the security breaches that enabled the hacker to make those “smart cities” look pretty dumb.
One of the implications of the revolution in artificial intelligence is increasing reliance on remote controls. In the military, “autonomous weapons” are a hot concept. They can size up a battlefield reality and respond to it faster than an enemy can adjust without time consuming precise command and control from headquarters. Great when everything works, but if anything goes wrong, too bad, because headquarters has already been left behind. Even worse, if cyber links between commanders and the autonomous weapon are corrupted, if hackers can seize control — well, it’s a problem keeping autonomous weaponry on the drawing boards and off the battlefields.
While your local water system is not yet an autonomous weapon, according to retired Adm. Mark Montgomery, Executive Director of the federal Cyberspace Solarium Commission, Congress’ cybersecurity watchdog, the industry has had one guiding principle over the last 50 years: increased automation to lower the size of the workforce to keep costs down.
There is a logic there, but Montgomery says, given how important local power, water and transportation systems are, “Along with [automation,] there should have been an investment in the cybersecurity of the infrastructure. But that did not happen.”
What has happened, in Rye, New York and Oldmar, Florida, is that vulnerabilities in the security systems protecting a small dam and a low to medium-sized water plant were exploited and hackers seized control. Only luck and happenstance prevented serious problems. In Rye, the hacker hit while the dam’s controls were disconnected for maintenance, while in Oldmar, what experts call digital ineptitude produced a “frightening near-miss” of poisoned drinking water that could have affected thousands of unsuspecting customers.
Jack Gillum is a senior reporter at ProPublica based in Washington, D.C., covering technology and privacy. He joined ProPublica in July 2018.
Gillum came to ProPublica from The Washington Post, where he was part of the investigative team that dug into mismanaged taxpayer funds and troubled relief efforts in Puerto Rico. Prior to the Post, Gillum was an investigative reporter at The Associated Press, where he broke stories on the existence and location of Hillary Clinton’s private email server, as well as a U.S.-backed “Cuban Twitter” program that secretly mined data for political purposes. At the AP, he also covered two presidential races and the world of campaign finance.
Gillum began his career as a business reporter and database specialist at the Arizona Daily Star in Tucson, his hometown. He is a graduate of Columbia University’s graduate school of journalism and Santa Clara University in California.