 Christopher Tucker Geosptial Consultant, USA Email: Chris@tuckerglobal.com A trend of geo-enablement is interacting, and will continue to interact with the IP-enablement trend that is taking the industrialised world by storm. At the most basic level, many have been to a website that tells you your IP address, and which tells you what city your computer (and presumably you) are sitting in? Most people consider this a bit spooky. But, this is just the beginning of what we will see in the future from the dual trends of IP and geo-enablement. IP Enablement It used to be that only the privileged few had a networked computing device. Indeed, when the Internet was first designed during the ARPANet project of the 1960s, Vint Cerf (now the Chief Internet Evangelist for Google, but was then the DoD ARPA program manager for ARPANet) settled the dispute on whether to use a 32bit, 128bit or variable length name space for Internet addressing by selecting 32bit. For those of you not familiar with the term 32bit name space, think of a default IP address on your wireless router at home like 196.168.0.0.1. If you do the combinatorial math, you will find that this scheme offers the potential for 4.3 billion unique terminations. Well, once the Internet got going as an operational infrastructure, and as computer networking became ubiquitous, people began to forecast just when those 4.3 billion unique addresses would be all used up. We are currently on track to run out of IPV4 namespace in mid 2010. With the end in sight, the IPV6 movement was organised to ensure that there would be sufficient name space if the more aggressive estimates for the Internet's expansion were met. IPV6's 128 bit name space will give us 3.4×1038 hosts. This is 34 decillion. For the curious, decillion falls between nonillion and undecillion. Geo Enablement Now with 34 decillion termination points to dole out, we will be able to have unique IP addresses for every mobile computing device, every IPenabled appliance, and every sensor being deployed off into the distant future. Many have recognised that it's not just desktop computing anymore. More importantly, it is not just stationary computing anymore. It is about mobile computing and geospatially distributed sensors (also perhaps on the move) deployed to observe the world around us. All of these IPV6 end points will eventually be geospatially enabled, or location-aware. This geo-enablement trend in our world of networked computing has great potential to make our lives better. To provide functional enhancements to our lives. iPhone applications are asking us whether we will share our location with them, so that they can provide us with value added experiences. Social media platforms such as Twitter are able to geospatially and temporally stamp every message that we post. Our photos can be tied to the Earth with geospatial and temporal precision with applications like Flickr. Google Latitude lets you coordinate your whereabouts with your social circle, by revealing your time/space travel to your network of family, friends and colleagues. As the dual trends of IP-enablement and geoenablement converge, our society will be utterly transformed, as we occupy the "Cyber/Location Nexus". The Threat of Unintended Channel Consolidation As everything we do becomes recorded in cyber space, we have become accustomed to having different aspects of our lives accumulated as data in different places. It has been our fear that identity thieves might uncover the precious keys that unlock these various data stores that have driven much of our behaviour. Jeff Jonas, Distinguished Engineer and Chief Scientist of Entity Analytics at IBM, describes it this way: "As we live life, our actions are recorded across countless channels, e.g., text messaging threads versus ATM transactions and so on. Channel separation is why your bank doesn't know where you were physically located yesterday and your doctor doesn't know the contents of your work emails. While we take channel separation as a given, channel consolidation is the trend and our society is heading in this direction at warp speed." Facebook is a fabulous example of a social media site which provides us benefits which have led us to consciously consolidate several channels into one. But, now, with the consolidation of channels, it is even easier for nefarious actors to "enjoy the benefits" of channel consolidation, by assembling a comprehensive view of our lives. Increasingly, these are lives that are mapped in space and time. The threats of unintended channel consolidation (i.e., bad guys gathering all of the relevant data about you) have increased enormously as we "opt in" to a handful of comprehensive channels such as Facebook. With relative ease, a bad actor will be able to find all of the data that you and your social network have authored, from any IP address, tied to specific locations and times. The Dawn of Massively Distributed Sensor Webs As the dual trends of IP-enablement and geo-enablement converge, indeed we will realise a world in which everything you do and everything you observe is firmly and indisputably tied to real-world locations, with very specific timestamps. Then, of course, there is everything observed about you and your surroundings. In effect, what we are seeing is that modern, industrialised societies are becoming massive, distributed sensor webs which are inherently geospatially and temporally enabled. These sensor webs have been, and will continue to be constructed because they have great benefit to individuals, businesses, public agencies and the defence/intelligence/ homeland security community. They allow us to make observations in a cost-effective and time dominant manner, over large areas of geography. These sensors can be airborne, space-based, mobile, in situ, or remote terrestrial sensors. Many military leaders like to talk about "soldiers as sensors", as they are our eyes and ears on the ground, increasingly sending sophisticated digital battlefield observations back from the field. In many cases, everyday people are more wired than our soldiers. Increasingly, in cybersecurity debates, you hear networks discussed as sensors. I embrace both of these uses of the term. And, I like to underscore that these networks of sensors will be expanding rapidly, in the context of IPv6, to engulf virtually anything capable of making an observation including most our civil infrastructure. Just think about the SCADA - Supervisory Control And Data Acquisition systems underpinning our public and private utilities, and other infrastructure providers. The Good News and the Bad News As these sensors become IP accessible, in even the most indirect and guarded way, they become susceptible to hackers. This is the same as the threat to all of the content that might be consolidated from different (increasingly consolidated) channels by bad actors. We all recognise that presently, no system is safe. Beyond the functional advantages, fuelling this driving toward the IP and Geoenablement of our world, there is a clear defensive cybersecurity benefit to this collision of IP-enablement and Geo-enablement. There is some promise that we might improve our ability to geo-enable what the cyber-security folks like to call "attribution" in the hunt for cyber-bad guys. This is clearly in the best interest of cyber-security. Yet, there is also an ominous threat. One might use the term "space-time hacking", which sounds like something straight out of Star Trek. In essence, it is the ability of a foe to harness the functional power of this convergence, the convergence of IP- and Geo-enablement against you in a time and place of their choice. Imagine being able to undermine, alter or end all networked computing within any arbitrarily small or large geography, at any moment in time, for any period of time, particularly during times at which vital interests are at stake. The ability to engage in such "denial of mission" attacks is truly frightening. If we extrapolate this issue, perhaps excessively, it is the possibility that your infrastructure, your sensors, and your (weaponised?) platforms might be used against you by spacetime hackers. It sounds like something out of the movie Terminator, but without the need to assume sentient computing - just bad actors capable of "space-time hacking". How to Survive Cyber/Location Nexus If, we assume that the only computing environment is a hostile computing environment and that any addition to the network is an additional cyber vulnerability. If we expect to continue "enjoying" the benefits of channel consolidation. If the dual trends of IP- and Geo-Enablement lead ultimately to the rise of a ubiquitous, dynamic, realtime, SensorWeb. And, if indeed, we will increasingly be susceptible to "space-time hacking" and "denial of mission" but could protect ourselves with "geo-enabled attribution". Then we must take concerted action, or else suffer dire consequences. How do we survive the cyber/location nexus? This question will require attention. Luckily, to achieve the right answers, we must first ask the right questions. Many actions will need to be taken. Without tying a strong identity mapping the cyber-infrastructure to geographic space, we will operate from a massive disadvantage. Bad actors will be able to hack us in space and time, but we will lack the essential equipment for geospatial attribution. To some extent, it is a simple recipe, though not without enormous amounts of work. First, we must map our cyber-terrain. By this, I mean we must actually map our cyber-infrastructure to geographic space - real world coordinates. Luckily, the IP infrastructure will help us along as it is beginning to map itself, as geo-enablement occurs. Without mapping our cyber-terrain, we will have no means of finding cyber-bad actors. So, essentially this requires tying identity management infrastructures to access nodes and achieve 'attribution' which will hem in the growing cyber-threat. |