OPINION:
Back in 2014, a Pew Research study looked at the future of the internet and found that most tech experts agreed that the proliferation of the internet would have “widespread” effects on public life by 2025. “Amplified connectivity will influence nearly everything, nearly everyone, nearly everywhere,” the authors postulated.
“Amplified connectivity will influence nearly everything, nearly everyone, nearly everywhere,” the authors postulated.
The last decade has proved their prediction right. Americans today are more connected than ever. From everyday household items to smart infrastructure that makes cities and towns safer, virtually every facet of life is now plugged into the internet.
And it will only accelerate: The number of internet products is forecast to double by 2030.
This digital transformation holds tremendous value. Information is becoming more accessible. Barriers to critical services are being removed. Goods of every kind are available at the touch of a button — and in many cases without the touch of a button with the advance of artificial intelligence.
It also poses great challenges. In most Americans’ pockets (and their homes, workplaces and vehicles) are back doors to their personal information — back doors that cyber criminals are working hard to crack.
Today, the greatest threats to U.S. national security are not found on a battlefield. They are pervasive campaigns waged virtually by nefarious actors supported by nation-state aggressors such as China, Russia, North Korea and Iran to pilfer data and technology, conduct espionage, and disrupt the systems on which we rely.
This new arena of modern warfare should give pause to the policymakers considering “right to repair” bills. More than 30 states are now considering such legislation, with California recently passing such a bill. The goal is to require technology makers to provide access to the parts and instructions that would allow more consumers to fix their own devices.
Proponents argue that creating open access to repair will benefit the public, and there is compelling evidence that it might in some industries. But a critical examination through the lens of cybersecurity reveals concerns that are not just hypothetical.
Technology, however well designed, has vulnerabilities. As Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, stated this summer, “technology is released to market with dozens or hundreds or thousands of vulnerabilities and defects and flaws.”
These defects may be innocuous. But they equally could be the weakness in our digital armor that provide cyberattackers access to sensitive data or, worse, critical networks.
What’s more, these devices and the software that run them require maintenance and repair, just like a car or kitchen appliance. But unlike common consumer goods, if a code is incorrectly “fixed” in a vital network, the consequences are much greater than an engine breaking down on the road. It could very well be the entry point to launch a major disruption, which could go undetected until it’s too late.
Mandates to open up information about the parts and operations of otherwise proprietary devices could, at a minimum, lower the bar of maintaining the security fences of critical infrastructure. At worst, it would effectively hand cyberattackers a manual of how to hack into these networks.
Consider the health care industry, which has been the frequent target of cyberattacks. Medical devices require connectivity, which means they could be turned against their infrastructure if compromised. These devices are highly regulated by the federal government, which acts as a kind of stopgap to prevent widespread access to any vulnerabilities these critical systems may have.
But allowing anyone and everyone to access the schematics and software of these machines could expose our critical health care infrastructure to more nefarious actors that look for information to leverage — not to mention the possibility of causing a life-threatening outcome if the device fails.
Even automobiles — an industry where it may seem like consumers could save money on manufacture repairs — could be jeopardized. Most vehicles today use high-end software that generates a great deal of data. It’s why the National Highway Traffic Safety Administration last year asked original equipment makers to strike a balance between cybersecurity and third-party access to data.
The internet has connected every aspect of our lives. The benefits have come with great security challenges. Firming up our cyber defenses will require a whole-of-industry, public-private effort.
Policymakers must consider the full picture of cyber resiliency when weighing sweeping right to repair bills. That likely means exempting vulnerable industries and technologies. Otherwise, they could open doors to our enemies in a war being waged in silence on the technology we all depend on.
• James “Spider” Marks is a retired Army major general and a CNN military and national security contributor.
Please read our comment policy before commenting.