The Column – Cyber Security Week
There is a moment in contemporary domestic life when the refrigerator stops being a refrigerator and becomes a small foreign embassy in the kitchen. Not so much that it guards state secrets between yogurt and cooked ham, but because it speaks to the world. It connects, updates, sends, receives, listens to commands. In short, it does things that until a few years ago we would have considered curious in an appliance and disturbing in a neighbor.
The news that Western intelligence services are looking with growing concern at hidden networks made up of compromised routers, home devices and smart objects should not be too surprising. At most it should make us feel that particular form of discomfort that we feel when we discover that a washing machine is not only used to give us clean laundry, but instead reminds us that every door, if connected, can become an opening.
For some time now there has been a lot of talk about “dual use” when it comes to artificial intelligence. It is right to do so because a system capable of writing, programming, synthesizing, imitating and organizing information can help a doctor, a student, a company or a scammer with the same Olympian indifference. Technology, of its own, is not embarrassed, but those who deal with IT know that dual use is not something new introduced by AI, as if before its advent “white” was always the same as “black”. In IT the dominant color has always been “grey”.
Almost all network management tools can be used to keep it healthy or to study its weaknesses. Software that checks which ports are open on a system can serve the diligent administrator who wants to close them and the patient criminal looking for where to enter. A tool for automating repetitive tasks can simplify a technician’s job or multiply the speed of an attack. Even a password manager, if used well, is a parachute in your backpack, but if compromised, it becomes the orderly list of house keys.
The difference today is that IT is no longer behind a screen. It came out of the computer, went through the smartphone, slipped into the car, into the lock, into the living room camera, into the thermostat, into the oven, into the boiler. It has stopped being a sector and has become a universal solvent: it dissolves the boundaries between digital and physical, between convenience and dependence, between object and infrastructure. The forgotten router on the bookcase is no longer just that little box with lights that we occasionally turn off and on with a priestly gesture, but the drawbridge of our domestic fortress.
Here the concept of dual use becomes more uncomfortable, because it concerns banal objects in everyone’s hands. Until yesterday, no one would have thought that a refrigerator could participate in a global cyber attack. At most he could get revenge by making the mozzarella disappear behind a jar of pickles. Today, if connected, equipped with a processor and abandoned without updates, it can become a toy soldier of a botnet. It doesn’t decide anything, of course, but it obeys and in the history of humanity many catastrophes have been produced by objects and subjects that obeyed very well.
The next step is even more delicate. When the digital controls the physical, the cyber attack is no longer limited to stealing data, blocking services or displaying a threatening screen. It can produce concrete, material effects, measurable in heat, pressure, movement, access, interruption. A smart boiler is not a web page with a burner attached: it is a device that manages energy within a home. If someone checks it the wrong way, the issue is no longer just the owner’s poorly chosen password, perhaps “caldaia123”, with that touch of creativity that distinguishes us as a species. The problem is that a convenience can turn into physical danger.
It is the “weaponization of everything”, a splendid intuition by Mark Galeotti, the transformation of anything into a potential instrument of conflict. Digital is the most powerful amplifier ever built: it takes a tiny gesture and multiplies it by millions. For the better, it allows a doctor to consult data, a family to speak remotely, a business to function. In evil it allows you to enlist tens of thousands of unaware objects and use them as a remote-controlled crowd. Every device doesn’t need to be smart. As long as it’s reachable.
At this point the question is not whether we should give up technology; it would be a convenient and useless response, like proposing to solve road accidents by abolishing roads. The question is learning to design, buy, use and manage these objects knowing that every connection is a responsibility: not everything that can be connected has to be, not everything that is smart is wise and not everything that flashes in the living room deserves trust.
For years we have thought of cybersecurity as a problem for companies, ministries, banks and hospitals. When the Internet entered the house with slippers and we offered it WiFi and now we discover that hybrid warfare does not necessarily knock at the front door: it can pass through the forgotten router, the cheap camera, the elegant thermostat. Modernity has given us objects that do many things for us, but it would be prudent to remember that, sometimes, they can also do them against us.
In the digital world, dual use is not the exception: it’s grammar. And those who don’t learn grammar always end up being “written” by someone else.
