Driven Off a Cliff by a Bored Eighth Grader
Technology has entered a strange new phase. As we’ve become accustomed to having more capability at our fingertips, it’s quite possible we’ve all lost our minds.
The drive to make everything cheaper, faster and easier to use comes at a tremendous price. We now have to trust what’s going on behind the scenes is well designed. Unfortunately, this is not always the case.
For decades our agencies have been forced to choose one of a handful of management systems. We’re brokers, not technology firms, so we have to trust that the exorbitant fees we pay for these systems come with a return that is necessary and valuable. As our agencies grow and the placements become more complex, that returned value diminishes dramatically. As an agency leader you are likely well aware of this. But faced with a limited number of options in a foreign landscape, this is a tough problem to solve.
In a broader sense, this scenario is beginning to play out with potentially dire consequences. Chrysler recalled 1.4 million vehicles this summer when hackers revealed their ability to take remote control of the vehicle’s Wi-Fi based entertainment system. Once in, they were able to directly control the brakes, transmission and other vehicle functions. The scenario of losing control of a vehicle while hurtling down the highway is a nightmare. But here’s the real scoop: hacking Wi-Fi networks is not the purview of the NSA and well-funded organized crime. This is a level of hacking accessible to disgruntled teenagers. In fact, anyone with a basic knowledge of computers can learn enough online to pull this off.
So why is this even happening? Chrysler, in an attempt to create an easy way to play your music, implemented off-the-shelf architecture, which is inherently hackable. And the recall? It’s a software update to close the exploited security hole. But here’s the problem: It was only considered a security hole by Chrysler after it was exploited. So now Chrysler has unwittingly entered the cat-and-mouse game of security updates and virus detection that is typically played by Microsoft, Symantec and other creators of security software. Microsoft releases security updates for Windows on the second Tuesday of every month, typically downloaded automatically via the Internet. Chrysler is sending 1.4 million USB drives with a security update related to the newly discovered exploit. So if you own an affected vehicle you have to drive it to your dealer, plug in a USB drive and fix this one particular hack. Not exactly an efficient process. I’m not sure everyone will be willing to do this on a regular basis even to assure they aren’t driven off a cliff by a bored eighth grader.
Even worse, earlier this year reports surfaced of a security researcher hacking into the entertainment system of a commercial airliner. He claimed to adjust the fuel flow to one of the engines causing the plane to bank slightly mid-flight. While the reports were never publicly substantiated, the story has somehow disappeared from public view. Draw your own conclusions on what this silence indicates.
And the next frontier? Tech companies are doubling down on the world of home automation. From thermostats to security systems to Internet-connected locks, our homes are the next target. It is already quite easy to hack into and remote control everything from a webcam to a baby monitor. Serious questions loom: Whom do you trust to build this technology? What’s their motivation, and are they putting convenience ahead of security? And what does this mean for our agencies?
Beyond the direct insurance ramifications of cyber security for cars and baby monitors, the questions are the same for our internal operations. Whom do we trust, and why do we trust them? Do our agencies have access to technology leaders with the insight and know-how to manage around an inherent lack of system choice?
If the Chrysler example scares you, there’s a simple solution: Don’t buy those cars, or certainly don’t buy that entertainment option. Life isn’t this simple in a world of limited choices, and that’s exactly what we face in our industry. The wisest option for agencies is to take these challenges seriously. Put in place a team of technology and operational leaders who work together to bridge the gap between automation and operations. We no longer live in a world where we can make significant technology decisions by crossing our fingers and closing our eyes.