When you’re roaring down the highway on a rainy day, you’re depending on a number of computer chips to manage your brakes and steering. They quickly evaluate road conditions and help you bring the car to a safe halt.
The last thing you want, then, is for the car’s minicomputers to be vulnerable to viruses or other malware, and require patching or updating as often as a desktop computer. But we may be getting closer to that stage, says David Friedlander, a senior analyst with Forrester Research, who has written a report suggesting that in the next few years we can expect to see a wide range of devices, from vehicles to machinery, that need to be managed like traditional computing resources.
“In terms of the number of devices and the diversity of things that count now as computing infrastructure, they have enough computing power that you begin to worry about managing them and the way these devices connect to a network and each other,” he says. These devices can be found increasingly in cars—such as GPS systems—which could be connected “wirelessly to a manufacturer for service information,” says Friedlander.
And they aren’t just in cars. Production machinery and even medical devices will be connected and sharing data with other computing devices and networks—and that creates the possibility of being hacked or infected.
Other tech experts foresee a similar expansion of threats to what are called “embedded computing devices.” For example, a report from IBM’s Security Intelligence Services notes that the growing sophistication of malicious code aimed at wireless devices may be a harbinger of threats to come.
David Mackey, director of IBM’s Security Intelligence, says, “The things we saw in 2004 that were very disconcerting were the fledgling viruses aimed at cell phones and PDAs,” such as the Cabir worm; disconcerting because as the technology in those mobile devices becomes more advanced, there will be “a wider range of vulnerabilities that can allow attackers to exploit them.”
Code inside these embedded computers has traditionally been “locked down and read only,” he says, “but as communication and interactivity with those devices becomes more functional for users, there will be more of a chance to be able to hijack communications or even insert code in those embedded computers.”
One step toward protection is awareness. Another step is to consider the user’s role. That means “looking at this from the perspective of who needs to use this machine, what sort of policies should we have based on what this system is used for, who is it used by,” and so on, says Friedlander.
It’s important to properly manage users, he explains. Keeping devices safe means applying automation to the task of managing user IDs, policies, and device requirements, a task that Friedlander says a few companies are doing. That’s what it’s going to take to keep computers—and devices using them—free of danger.