Singular Insights

BBC NEWS | Science/Nature | Scientists warn of ‘vocal terror’

According to Dr. David Howard of the University of York, soon a computer will have the ability to sound exactly like someone we trust. Dr. Howard sees this as a potentially huge problem. He warns of a day, sometime around 2017, when an attacker compromises some large chunk of a nation’s emergency communications infrastructure and impersonates someone of high rank. Said attacker could then theoretically cause a great deal of harm by merely sounding like the previously mentioned high ranking official who then causes a panic of some sort or another.

When the computer that is perfectly matching your trusted person’s voice can also pass a Turing test while also looking exactly like someone we trust then I’ll agree that it’s a big problem.

But not in the ways Dr. Howard seems to be worried about. I’m not discounting Dr. Howard’s warning. I just think that the scope of the problem covered by his warning of “vocal terror” is both too small and entirely in the wrong place. Too small because I foresee this technology being abused by the same sorts of people who are currently defrauding people via phishing scams. Emails and websites that mimic the look & feel of communications from your real bank, the IRS, etc. are bad enough. Scams that exploit our intrinsic nature to trust our eyes and ears by utilizing nearly perfect emulations of people we trust will require some significant changes to our daily lives to defeat.

I can see the television commercial for the fraud prevention service now…

“Honestly honey, it looked and sounded just like you. If I even suspected that it was a member of organized crime out to ruin our lives, I would have never given out our most sensitive financial and personal data… ”

I’m going to bet that nearly every sort of everyday activity (phone calls, credit card transactions, emails, etc.) will be secured by digital certificates and cryptography. It seems the only practical way of dealing effectively with these sort of trust issues.

I just don’t look forward to the day when I have to explain to my then 70+ year old mother the nuances of PKI and crypto.

Matt McGuirl, CISSP

When I read about the “Aurora Generator Test” video that has been leaked to the media I wondered “why leak it now now and who benefits.” Like many of you, I question the reasons behind any leak from an “unnamed source” inside the US Federal government to the media. Hopefully we’ll all benefit from this particular leak.

Then I thought back to a conversation I had at a trade show booth I was working in several years ago. I was speaking with a fellow from the power generation industry. He indicated that he was very worried about the security ramifications of a hardware refresh of the SCADA systems that his utility was using to control its power generation equipment. The legacy UNIX-based SCADA systems were going to be replaced by Windows based systems. He was even more very worried that the “air gaps” that historically have been used to physically separate the SCADA control networks from power company’s regular data networks might be removed to cut costs.

Thankfully on July 19, 2007 the Federal Energy Regulatory Commission proposed to the North American Electric Reliability Corporation a set of new, and much overdue, cyber security standards that will, once adopted and enforced do a lot to help make an attacker’s job a lot harder. Thank God, the people who operate the most critically important part of our national infrastructure have noticed the obvious.

Hopefully a little sunlight will help accelerate the process of reducing the attack surface of North America’s power grid.

After all, the march to the Singularity will go a lot slower without a reliable power grid.

Matt McGuirl, CISSP