“Ransomware Doesn’t Scare Me; Listeria Does”
IoT devices have the potential to become over-networked and especially vulnerable, given the often large data handling, combination of hardware and software, and variable communication methods and protocols. One such example is smart agriculture. The idea of smart agriculture is to optimize farming systems by levering data from various technologies. For instance, several sensors monitor the agricultural environment, from pH levels to humidity to soil nutrient levels. These types of sensors could be hacked, where false measurements can be reported back. Imagine if the hackers were able to increase the use of fertilizers or pesticides while reporting back regular/safe levels. We can see how the overuse of these pesticides/fertilizers can be a real threat to human health, and how invisible such changes may be to the human eye. Yet, these sensors are a necessary component to the success of smart agriculture since they enable the collection of a large amount of data, which can then be analyzed downstream and used for recommendations. The granularity of the data and insights from it are something traditional farming cannot provide. Thus, they should be heavily guarded. No sensitive data should be stored there (ex. ideal environment for the products). For other smart products, sensitive information like video/audio data of people may also be involved.
“Who Invited Her?”
Had Sara not spoken up, an external consultant would not have been hired and large security vulnerabilities would not have been uncovered. Furthermore, the team was defensive and overconfident in their system, with the tech brushing off the consultant’s questions with answers that give off the impression of “Oh it won’t happen.” We can see how without someone external to tell them of their problems, the team likely would not have put in the effort to look for vulnerabilities. Moreover, we see that had Sara not brought up her concerns, the team wouldn’t have understood the complexity of the digitization initiative. One would have thought that before moving to digitization, the team would have done an in-depth analysis of aspects like security. Instead, it seems like the team made many dangerous assumptions that they now realize are false. But most of all, the inspection revealed the possibility of Listeria, which would not only jeopardize the health of thousands of people but would also tarnish the image of the company. The team now no longer lived in blissful ignorance – they were now in a position that required a tough decision. Do they care more about safety or about profits and scalability? How would investors view their decision?
From the response of the other members in the meeting, namely disdainful laughter and her boss apologizing for Sara’s actions, it is clear that she challenged several implicit assumptions about who has a voice in such a meeting. She was “standing in the back of the room,” indicating some social or technical hierarchy, as people in the back tend to be more quiet, like a fly on the wall. Given she was in a room full of men, they may have thought that her ideas were “dumb” because of her gender. At the end, when Chad asks for her opinion, she initially responds with “Oh, I don’t understand the operations and costs enough to –” which demonstrates perhaps her lack of technical expertise in that area as well as her lower place in the hierarchy, which she also challenged via her initial comment in the meeting.
