Skip to Content
MIT Technology Review
  • Featured
  • Topics
  • Newsletters
  • Events
  • Podcasts
    • Sign in

    NSA Hacking Chief: Internet of Things Security Keeps Me Up at Night

    The leader of the National Security Agency’s hackers says that putting industrial control systems online has made America less secure.
    January 28, 2016

    The trend to connect devices such as air conditioners and door locks to the Internet is making life easier for the National Security Agency’s hackers—but also keeping their boss awake at night.

    Rob Joyce, chief of the NSA’s Tailored Access Operations unit, leads what is likely the best resourced group of hackers in the world. They are tasked with infiltrating computer networks to gather foreign intelligence, and also with probing U.S. government networks to improve their security.

    Speaking in San Francisco Wednesday about how nation-backed teams like his operate, Joyce said that the so-called “Internet of things” is a major boon when the TAO group needs to attack a target. He singled out heating and cooling systems as examples of Internet-connected devices that offer national-level hackers a route into organizations that computer network administrators often overlook. Joyce spoke at the Enigma security conference.

    However, Joyce also said that the poor security of such devices is one of his primary concerns when it comes to the safety of U.S. networks.

    In recent years researchers have found that hundreds of thousands of industrial and commercial control systems—referred to as SCADA systems—have been blithely hooked up to the Internet without proper protections, including power plants and other critical infrastructure (see “What Happened When One Man Pinged the Whole Internet”).

    “SCADA security is something that keeps me up at night,” said Joyce. He suggested that it might need new ideas from academia, which works on more fundamentally new ideas than industry, to improve the situation.

    Nicholas Weaver, a computer security researcher at the International Computer Science Institute in Berkeley, California, who attended Joyce’s talk, said that he had correctly highlighted a significant problem, and an area where scary discoveries are easily made but possible solutions very scarce. “I don’t do SCADA research because I like to sleep at night,” said Weaver.

    Researchers that do work on SCADA security have found evidence that there are groups trawling the Internet looking for industrial systems to infiltrate (see “Chinese Hacking Team Caught Taking Over Decoy Water Plant”). A recent report by the Nuclear Threat Initiative said that many nuclear power and weapons facilities are not adequately protected against computer-based attacks.

    Keep Reading

    Most Popular

    This startup wants to copy you into an embryo for organ harvesting

    With plans to create realistic synthetic embryos, grown in jars, Renewal Bio is on a journey to the horizon of science and ethics.

    VR is as good as psychedelics at helping people reach transcendence

    On key metrics, a VR experience elicited a response indistinguishable from subjects who took medium doses of LSD or magic mushrooms.

    This artist is dominating AI-generated art. And he’s not happy about it.

    Greg Rutkowski is a more popular prompt than Picasso.

    This nanoparticle could be the key to a universal covid vaccine

    Ending the covid pandemic might well require a vaccine that protects against any new strains. Researchers may have found a strategy that will work.

    Stay connected

    Illustration by Rose Wong

    Get the latest updates from
    MIT Technology Review

    Discover special offers, top stories, upcoming events, and more.

    Thank you for submitting your email!

    Explore more newsletters

    It looks like something went wrong.

    We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.