It’s inevitable that at some point the world will end. The only question left is whether it will be in a slow, inexorable heat death of the universe, or something a little more active and exciting. Unsurprisingly most sci fi movies tend to explore the second option (although there are some excellent books and short stories such as Asimov’s The Last Question which look at the first).
Since it’s my field, we’re going to look at how cyber security failings could cause these apocalypses (apocalypsi?), and which are most likely. We’ve got the deliberate corruption of global agritech, hijacking of DNA printers, the classic infrastructure hack, and autonomous smart device madness.
Those of an anxious or nervous disposition may want to stop reading now. Instead, you can go watch something nice and light. If you’d like a more active distraction, then there’s some great games here to take your mind off the inevitable collapse of, well, everything.
Now that we’re left with the incurably curious, lets crack on.
Disclaimer: Don’t take these as inspiration. Also, if one of these does happen to be accurate, please note that neither HackerNoon nor I had anything to do with it.
Agritech is about technology being applied to farming, especially more advanced and intelligent technology. As agriculture is more and more industrialised, we see traditional farming equipment replaced with advanced gadgetry such as smart tractors, sprinklers, and of course drones.
At the 2011 DefCon Chris Roberts and Jesse Diekman demonstrated to the world just how bad cyber security flaws in the ever-expanding world of agritech could be. They’d managed to find a way to access and modify the manufacturer’s software repository, where updates to be pushed out to (in this case) tractors were constructed.
The targeted tractor was definitely a labour-saving device, even handling planting of crops at the perfect depth and distance from one another for optimum growth. The software update in question controlled a number of variables, such as the depth and distance for planting. They showed that it could be edited, and staged for update to the full network of tractors.
Caption: Not the tractor in question. Instead, an automated harvester for green asparagus developed by Muddy Machines.
When dealing with highly industrialised farming measurements are vital. Everything is calculated as perfectly as possible, with very small margins for error. If you’ve gardened at all you’ll know the issues that planting an inch too low can cause. In this case, it could easily have led to grain crop failures across the American Midwest, which may not have been detected until after the planting season when it was too late to correct.
There is no doubt difficulties would have quickly followed, especially as one strand of a multi-targeted attack to cause as much damage and disruption as possible. Worryingly, the manufacturers themselves worsen the situation by fighting desperately against the right to repair and trying to force their own central control. If something does go wrong, only the manufacturer can fix by design.
Add to this the possibility of of disruption due to other attacks and while it’s a remote possibility, a well-resourced and multi-threaded attack could definitely push into agricultural crisis. Once food is disrupted on a severe enough scale, everything else follows.
We’ve now seen what a pandemic can do, at least to some degree. COVID-19 is difficult to judge, but is probably far from the worst pandemic in recorded history. Still, at least any attempt to weaponise a virus would surely need highly advanced knowledge and expensive equipment, and any such equipment would never be connected to the internet.
Of course, that ignores desktop DNA synthesisers which come with internet connections. The ones I researched and spoke about in 2021 are, luckily, just used for synthesising base pairs and so couldn’t create an entire custom virus. Still, technology advances, convenience trumps security, and efforts to put protections in place would best be described as struggling.
While this is unlikely to be how the world ends, the more these technologies advance without putting effective cyber security in place the more likely it becomes. At the very least it would be good to see some sort of fiction about custom-designed killer viruses.
Oh, never mind.
While it’s the most popular option for the average cyber-crisis film about impossible missions, the whole idea of attacking infrastructure isn’t as effective as fiction would lead people to believe.
There have been individual incidents of water treatment plants being targeted, more often for ransomware than poisoning, and famously Ukraine’s power grid hack in 2015, but even in the worst cases these tend to be fairly localised. The good news is, that means even the worst case of a successful attack on national infrastructure is only likely to cause kilodeaths, rather than the megadeaths of something like nuclear warfare.
The reason for this is that, generally speaking, the people who run national infrastructure have resources, and are very aware of how appealing their systems are for someone wanting to cause harm.
There’s also the advantage that different systems are diverse rather than standardised. The time to worry will be if there are significant efforts to standardise and centralise control systems for critical infrastructure - diversity makes systems more resilient, as attacks against one component are less likely to impact others.
Frankly, critical national infrastructure failures are more likely to be equipment failures or human error rather than a team of hackers sitting in a room watching green code scroll past.
We are a long way from truly self-driving vehicles, despite the hype and enthusiasm we’ve had around them since at least the 1980s. There’s a lot of work before they’re safe, let alone legal, but it’s one of those things that keeps floating around the collective unconsciousness and popping up as ‘just a few years away’.
There’s plenty of different models that could be applied to autonomous vehicles, ranging from centralised control to each vehicle making its own decisions. It’s not hard to predict the potential flaws of either model - malicious updates causing cars to become homicidal ala Cory Doctorow’s Attack Surface. We could even see centralised control hijacking as famously shown in Minority Report.
That’s only talking about vehicles though, and we already have autonomous drones, including ones which are heavily armed. As with all smart devices, ultimately they do the bidding of whoever controls their software and encryption keys, which puts them as a very definite candidate for at least a local apocalypse.
That’s assuming we don’t instead have to battle our own smart homes to the death, becoming more and more popular in film. Or have to deal with our cars locking us in and spontaneously combusting.
In great news, any of these (or other cyber security attack scenarios) are almost certainly not the way the world is going to end. There are plenty of other options out there which are far more likely, and these are largely used as FUD (Fear, Uncertainty, and Doubt) to drum up anxiety rather than anything else - but that doesn’t mean there aren’t serious questions we need to be asking.
While this is a bit of a light hearted take on things, there are serious conversations we need to have about how we deal with security and how we get from where we are to a place where at least things aren’t getting worse.
I’ll just leave you with a little final thought, badly paraphrased from T. S. Elliot’s The Hollow Men.
This is the way the world ends
This is the way the world ends
This is the way the world ends
Not with a bang but with a HTTP ERROR 410