Certification Survey Extra is a series of periodic dispatches that give added insight into the findings of our most recent Certification Survey. These posts contain previously unpublished Certification Survey data.
In the early history of the Roman Republic, the statesman Marcus Furius Camillus was appointed dictator and sent to take command of the drawn-out Roman siege of the Etruscan city of Veii. After 10 years of fighting, the Romans had essentially achieved nothing, and recent failed attacks had left Rome poised on the brink of retreat and failure.
Like many ancient cities of its time, however, Veii had a network of drains and sewers to remove wastewater from the city — and this beneficial and useful infrastructure became Veii's downfall. While maintaining a facade of frontal attacks on Veii's fortified main gate, Camillus ordered his soldiers to dig beneath the city walls and then dig up until they found a drainpipe.
The end for Veii came when Roman soldiers entered the city through its drains and then let their compatriots inside. That sort of thing remains problematic to this day. Critical infrastructure can lead to disaster even without the presence of an interfering enemy: It's estimated that the failure of Idaho's Teton Dam in 1976 ultimately caused up to $2 billion worth of damages.
We live in a digital era, of course, when much of the infrastructure we depend on for daily life has become internet infrastructure. As we move into a cashless world, for example, banks, restaurants, retail stores, and other links in the system by which "money" changes hands have become increasingly targeted by hackers and other criminal elements.
The infamous 2014 attack on retail giant Target has a Veii-esque element to the story: Hackers gained access to the Target's internal network, and ultimately to its point-of-service (POS) payment system, using network credentials stolen from servicing company contracted to manage heating and cooling at a number of Target stores.
As more and more things — things like heating and cooling systems — are connected to the Internet of Things, there are more and more points of entry to any large network that require protection and monitoring against attack. Which brings us to our recent Computer Networking Certification Survey.
In the course of seeking comment from certified computer networking professionals about the past, present, and future of their certification efforts, we also asked the to evaluate various aspects of the Internet of Things. One key question concerned survey respondents' level of wariness regarding civil infrastructure attack vectors presented by the Internet of Things.
In other words. how much do you worry about the extent to which an enemy (or enemies) of your nation could cause significant disruption by attacking (you might say "targeting") key internet infrastructure? Here's what we learned:
Q: How concerned are you about civil infrastructure attack vectors presented by the Internet of Things?
Very Concerned — 49.6 percent
Concerned — 35.3 percent
Somewhat Concerned — 11.5 percent
Not Concerned — 3.6 percent
That's a fairly resounding, "Is the Pope Catholic?" level of consensus. Roughly 85 percent of certified computer networking professionals who participated in the survey are either very concerned (49.6 percent) or concerned (35.3 percent) about the possibility of attacks that turn the Internet of Things into a doorway to disaster.
Even the people who would probably tell alarmists to dial it down a notch are mostly (11.5 percent) in the camp of those who don't feel that they can entirely dismiss the possibility of trouble. Only 3.6 percent of those surveyed are unconcerned, essentially shrugging off the potential for bad actors to reach out and punch someone (or someones) through the Internet of Things.