Convergence: A Recent History

April 14, 2015
CyberPhysicalHuman: Post by Rob Simmons, Peter Sheingold, and Chris Folk

Our discussion of the CyberPhysicalHuman world begins with an old idea: convergence. Remember convergence? In the early 1990s we started talking about how digital networks would enable cable TV operators to offer 500 channels, phone, and email. We called it convergence.

Today, convergence goes far beyond the television and telephone. Whether it is called the Internet of Things, Internet of Everything, the Industrial Internet, or Cyber Physical Systems, convergence now refers to billions of smart, connected devices used by people and organizations to manage their lives and businesses. These devices take convergence to a new level that blurs the lines between physical, cyber, and human.

For example, in the CyberPhysicalHuman world, what is a wristwatch? For years, its primary purpose has been to tell the time. In our CyberPhysicalHuman world, a wristwatch will be used to check email, control home security systems, monitor physical fitness…and even tell the time.

We already see many examples of these devices in use today—people control home security systems with their smart phones, managers in factories use sensors to track the location of physical assets, farmers monitor and manage milk production of dairy cows. Looking forward over the next 20 years, industry analysts predict exponential increases in the market for these devices. Eight billion people will likely share the world with tens of billions of devices, most of which will be designed for mass consumer use.

Welcome to a world of self-driving cars, wireless dust motes used to detect dangerous substances, and ingestible medical devices. These Internet of Things devices can bring many benefits, but we must also consider the security implications associated with them.

Cyber Attacks Could Put Humans and Infrastructure at Risk

In some ways, the CyberPhysicalHuman world presents long-known challenges associated with information security, such as data and associated intellectual property loss. At the most basic level, more devices and more sensors mean significantly more data at risk. By 2020, IDC predicts there will be 40 trillion gigabytes of data in the world, and a Gartner study assumes that government and industry will be unable to protect most sensitive data.

However, the scale of interconnectedness across so many discrete products, services, and systems also means that attacks will put more than data and information at risk. We increasingly face the possibility that attacks will put our physical infrastructure and the humans who rely on them at risk as well. For example, researchers have already demonstrated that it is possible to remotely take control of an automobile, disable a wearable insulin pump, take control of traffic lights, and disable home security systems.

We have also seen unexpected interactions between things. For example, less secure, seemingly mundane devices have been used to launch attacks on interconnected systems. It has been publicly reported that home appliances and multimedia systems have been attacked to send malicious emails, and networked lightbulbs have been hacked to obtain passwords to the networks to which they were connected.

In this increasingly converged world, will society demand and be willing to pay for more secure products and services? Will industry design security and resilience into Internet of Things devices, services, and systems, rather than bandaging them on after the fact? If history is a guide, these things may not occur. As we have seen over the last 20 years, security has often been an afterthought in the design and development of software products. In our increasingly converged world, we need to raise this question again.

Consider also the regulatory implications of convergence. For example, as cars become increasingly automated, should we describe them as cars with a computer on the inside, or as a computer with a car on the outside? What once might have been an abstract question starts to become more concrete when we think about the regulatory environment. Manufacturing industries tend to be strongly regulated, the software development industry less so. Regardless of your views on regulation, this question of car or computer starts to have some real-world regulatory implications. Is the software more regulated because it’s installed in a car? Is the car less regulated because it’s now increasingly dependent on software? Who is liable if a self-driving vehicle crashes into another vehicle? Will regulations need to address potential consumer demand to turn off mandatory device features?

Design and regulation are examples of risk management strategies. Our next article will take a broader look at risk management.

This post is part of a continuing series that will look at the CyberPhysicalHuman world from three perspectives: convergence, risk and resilience:

  1. The CyberPhysicalHuman World of Homeland Security
  2. Convergence: A Recent History
  3. Risk: Focus On Your Main Thing(s)
  4. Applying Ancient Wisdom to Help Manage Modern Risks
  5. Resilience Is a Team Sport
  6. Resilience, Moving Beyond Sectors
  7. Enabling Effective Collaboration with Shared Threat Information
  8. Wrapping It Up and Moving Forward
  9. Coming Closer and Closer to You
  10. More Ancient Wisdom for Today's CyberPhysicalHuman World
  11. There is No One-Size Fits All Approach to the CyberPhysicalHuman World