What other companies/products could risk public safety if they were managed by over-networked systems (e.g., healthcare) and then hacked?
Across nearly every industry, there is probably some degree of public safety risk that is associated with networked systems and hacking. Some top ones that come to mind are telecommunication companies and autonomous vehicles.
Cell service providers such as Verizon and AT&T handle large amounts of customer data that should remain private (conversations, texts, billing information). Hackers may be able to access confidential information via communications between anyone which could pose a safety risk. Moreover, if the company’s systems were compromised during an emergency (e.g. natural disaster, terrorist attack, etc), then response times may be significantly increased and the effectiveness of the response may be hindered.
Thinking about Tesla’s foray into autonomous driving, it’s entirely possible that bad actors would be able to access the systems that eventually control fully autonomous driving. I’m unsure of the technical aspects of how an attack like this may function, but there may be a chance that people’s lives are literally in someone else’s hands if it occurs.
What are some elements of those products that should never have access to the Internet and those that should be carefully guarded? Why?
With cell service providers, it’s difficult for those systems to stay disconnected. However, storage of sensitive personal information and communications should be kept offline as much as possible or not saved altogether.
In regard to autonomous driving, crucial vehicle functions such as steering and acceleration could strictly be tied to the onboard computer and not networked to minimize the risk that someone could feed false instructions to the vehicle.
How might this discussion have gone differently had she stayed quiet, or the CEO ignored her, etc.? What would have been lost?
If she stayed quiet or had been ignored, the information security officer or COO would have likely convinced Chad to continue bolstering existing security measures. They may have attempted to use more/new technology to beat the hackers. This would have caused them to miss out entirely on the option to un-digitize some aspects of the company. Without even making it an option, the “best” decision may have been missed.
What were the implicit (technical, hierarchical, gender) assumptions that she challenged, and why was it important that she did so?
It was absolutely critical that she challenged the CISO, COO, Head Engineer, and CEO. The CISO and Head Engineer figured she did not understand the technical implementations and benefits of digitization. Focusing just on the technical aspects, though, ignores other manual solutions that may be better for the company overall. All of the board, including her boss, dismissed her idea immediately because she was less senior and was perceived to have inferior ideas. It also seemed like the board was majority male-dominated, so it was important that she speak up, not only for a good idea, but also to empower other female employees who may feel uncomfortable with the current culture.
