Many years ago, I watched a movie that was really scary. I don’t usually watch horror movies, but somehow I came across it without knowing what it was. I couldn’t turn it off. It took place in a remote wooded area. I think it may have been titled “Claws.” The main characters are in conflict with a bear and, as the movie progressed, one wondered if the bear may be supernatural and unable to be killed. I remember trying to go to sleep afterwards and talking to myself about how the bear wasn’t real, it was just a movie. It was all make believe and I was actually safe. It wasn’t really going to come and get me as I lay in my bed with the lights out.
Perhaps you’ve been at camp. Camp is good for “ghost stories” and the like. One year in grade school our class went on a field trip for a couple of days. It was in a secluded area and we had “nature classes” during the day. We went out in the field and saw the different kinds of long grasses that grew in this natural habitat.
At night, as we lay in our bunks, someone told a “ghost story.” It was about some unsavory character that lived in the woods. I don’t remember the story but it was one of those designed to scare the young kids and make them terrified to go to sleep. Even if you knew it was just a story to scare us, lying there in the dark it was easy to wonder if maybe it just might be true. It’s not real… it’s just a story…. isn’t it? I hope it’s just a story. But, maybe…. What if he’s really out there?
OK. So, let’s talk about cyberspace. What is cyberspace, anyway? It’s all just “virtual,” isn’t it. Just computer stuff. Not really the real world. It’s all inside computers and what’s inside the computers can’t really “reach out and touch” the real world, can it? I mean, it’s kind of like television. It’s behind the screen and it’s different from the world we live in. Isn’t it?
But, what if it’s not just “virtual”? Could it really be real?
Twenty years ago it would be easier to say that the “virtual world” is not connected to the physical world. But today, so much of our world is connected through computers. Traffic signals can be controlled by computers that monitor traffic flow. Our telecommunications systems are computerized systems, so our phone calls, e-mail, text, and any other communication that isn’t face-to-face relies on computers.
Our water and wastewater systems are controlled by systems that can be accessed over the Internet. Many industrial control systems are also accessible through the Internet or through Internet-connected systems. So, the systems that control water processing and distribution and also other essential systems have a connection to the “virtual” world.
In “Daily Tip 31” (the extended tip version), I told of how a hacker had taken down a state-wide emergency response system (911 service) toward the end of last month. I didn’t provide many details, but he did this using a “botnet” where he controlled about 6000 smartphones to launch an attack. This is an instance where the virtual world “reaches out and touches” the real world, and disables critical functions. This kind of “virtual” world activity can actually threaten our life and safety in the physical world.
What about the information we share that resides on computers in doctors offices, labs, and hospitals? What if someone were to “alter” that information. Suppose they changed your drug allergy information. The next time you visit the doctor’s office, if your allergy information has been altered, could the doctor perhaps prescribe some medication that you are allergic to? If it’s a medication that results in a serious reaction, that change in your information could result in death. They often review your allergies when you are in the office, but are mistakes ever made? Are all recommended procedures always followed?
Just in the normal course of events, I regularly find that some of the information about the medications I take, which were reviewed each of the last several times I went to my doctor’s offices, are “missing” from the records. They have to update it every time. It’s not a matter of verifying it, it isn’t showing up in the records.
I have also had a doctor prescribe a medication to me that I cannot take (not an allergy but an extreme sensitivity). I had just told him that I couldn’t take certain medications. One of the components in the medicine he prescribed was the drug that I had just told him I couldn’t take. The result was really bad pain. When I researched it after the attack of pain, I discovered his error. Fortunately, it wasn’t a severe allergy.
If doctors and medical offices have these kinds of troubles with keeping information accurate or with prescribing medications when the information they receive is correct, think of the results if the records were altered by someone else. Can we really continue to think, “But that’s just the “virtual” world. That doesn’t affect our real lives, does it?” Think again.
As a final example, consider your bank account. It’s all numbers inside a computer. The number of the account, your social security number, the numbers for the dates and amount of transactions, the number showing your balance. What if someone messes with those numbers? Suppose they alter the amount of your paycheck and the numbers showing how much money you have in the bank? Do you think that affects your REAL life? You bet it does. If your money is all gone, and you can’t pay your bills, how long before you run out of food, before your water and electricity are disconnected, and other consequences occur? Hopefully, you could get that corrected in time. But, if all your credit cards were unusable and your bank accounts had zero balances, how long before it would impact your “REAL LIFE”?
Why am I saying this? Why am I painting these images of bad things that could happen?
It’s not to scare you. I am trying to make a point.
It’s easy to think of protecting our information as being something “in the computer,” much like the movie we watch is “in the TV,” or the ghost story we hear as being “in our imagination.”
It’s easy to say, “Yes, there may be threats out there, but why should I worry about those. After all, that’s only computer stuff. I live in the real world and that computer stuff isn’t going to affect my real world life.” But, unlike the movies and the ghost stories, a lot of what happens “in the computer world” can actually have an impact on our physical world and our real lives.
So, when I talk about protecting yourself and your information, that really does mean protecting yourself. Not just in a metaphorical way, but in a real-life physical way.
We may not always see the impact on our lives from any particular “threat” or the benefit of any specific “security measure” that may be recommended. But, just because it may not be obvious, I want you to realize that these are not just theoretical ideas. The decisions we make really can make a difference in our REAL world.
Some of you may say, “But I don’t have any information on my computer that would affect my real life. I don’t do anything financial online, I don’t store any personal information. I just use e-mail and surf the web. How can that affect my personal life?”
Although, at first glance, that may appear to be a reason to not take the concern for security seriously, I want to remind you about the way the 911 emergency services were taken offline last month. Consumer’s smartphones were used to attack the system.
If you don’t secure your system, your system can be compromised without you ever knowing it. Then, it can be used to attack banking, medical, utility, and emergency services, as well as other consumers. In other words, your unsecured computer can be used to attack systems that you rely upon for your personal, financial, and physical well-being.
The more we protect our systems, even when we don’t have “anything of importance” on them, the harder we make it for attackers to attack the systems that we really do care about, the ones that contain our financial and health information, and the ones that keep our communities safe.