On 8/3/2015 I watched Chappie with a friend and thoroughly the enjoyed the film for including future ideas and present social or political problems, which director Neill Blomkamp often includes in his films.
The film has similarities to iRobot and Robocop and is about a police robot being re-coded with AI (artificial intelligence), which of course throws up ethical questions that this post is not about.
Control of critical infrastructure – think: power stations, dams, traffic lights, oil pumps and more – is of great concern, since someone can dial in remotely and cause havoc. Power stations should, and often do, require physical access to the building and control panels are isolated from standard Internet connected computers, thus you cannot hop. Though some have a small crossover, which is a problem.
At the start of Chappie in the fictitious company presentation it is stated robots cannot only be control or re-coded with a hardware device. Later on in the film you see the following is needed: system password (ok), USB token (good) and physical access to the building (great). One problem, a single person can achieve all three and wreck or control all the robots. In reality separation of duties should be used, or a four or six eye rule, which means two or three people should have to perform a duty, thus reducing the chance of someone be bribed or held to ransom.
What is needed in the 21st century is strong authentication in order to create a “bullet proof” platform, an air gap, which is a separated and isolated network that is not on the Internet. In some cases the problem is that there is a minor connection to the standard network, thus if malware got through it could jump over. Take Skyfall for example Mi6 HQ is blown up by hacking into the network, could this happen in real life? Unlikely but on a smaller scale likely.
One real life example is based on speaking to someone casually; the anonymous man’s company offers sea oil pipeline engineering and outsourced controls. While he goes on holiday he could open and close pumps from thousands of miles away from a standard iPad. The question is how good is the authentication and encryption, in my guess poor. Security is an afterthought for many manufacturers or end users, especially when the anonymous company only has a handful of staff.
Potentially no one can tamper with traffic lights or switch off a power station, but increase the pressure on an oil valve and oil could leak thus sabotaging someone’s business. Western governments or large corporations put a fair amount of effort into SCADA security but security in the developing world is very poor and email servers are insecure (not even with SSL) how secure are SCADA systems we have to wonder?