Dangers of Technology Consolidation
I’ve been reading a lot lately about how technology consolidation is possibly not a good thing. Looking more at a strategic view rather than having tunnel vision on a single product or service.
I wonder if risk professionals are asleep or are just being ignored? IT infrastructure and software is one thing, but it seemingly bleeds into other industries. Renewable energy in this case. An interesting read from Bert Hubert linked below.
A Dutch ethical hacker figured out it was possible to shut down 4 million solar power installations. What’s the big deal? Well the power grid has to be balanced. Add or remove too much at certain times and the grid could collapse.
Which would be a very bad thing.
Problem is management of the software is consolidated amongst a small group of suppliers. Think of MSFT, AWS or Crowdstrike recently. None of this is run by them but it’s a similar consolidation impact. Vulnerability to nefarious folk or a bad update? Bad times occur.
“We’ve sleepwalked into this situation – individual solar panels can’t cause much damage, and didn’t need too many rules. But over time, the number of installations has increased enormously, and their management (needlessly) has become concentrated on just a few places, with lots of new risks as a consequence.”
Do risk professionals need to shout louder? Or do we need to think a little more strategically about a good few things?
Consumers can’t police this. We’re looking at solar panels but I hadn’t considered thinking about security for them. Already my TV is blocked from the Internet. I like my automated lighting, but I’m going to move away from anything that requires an online account (Hue) or software updates for bulbs. The first salesperson to try and sell me a WiFi enabled fridge is also going to get a STARE…
Tech should make life easier. Not be a chore. A patch/update management plan for the home is not the techy future I was hoping for.