Monday, August 1, 2016

Mathematics and the End of Days

A scene from Zero Days, a Magnolia Pictures resease. Photo courtesy of Magnolia Pictures

The new documentary movie Zero Days, written and directed by Alex Gibney, is arguably the most important movie of the present century. It is also one of particular relevance to mathematicians for its focus is on the degree to which mathematics has enabled us to build our world into one where a few algorithms could wipe out all human life within a few weeks.

In theory, we have all known this since the mid 1990s. As the film makes clear however, this is no longer just a hypothetical issue. We are there.

Ostensibly, the film is about the creation and distribution of the computer virus Stuxnet, that in 2011 caused a number of centrifuges in Iran’s nuclear program to self-destruct. And indeed, for the first three-quarters of the film, that is the main topic.

Most of what is portrayed will be familiar to anyone who followed that fascinating story as it was revealed by a number of investigative journalists working with commercial cybersecurity organizations. What I found a little odd about the treatment, however, was the degree to which the U.S. government intelligence community appeared to have collaborated with the film-makers, to all intents and purposes confirming on camera that, as was widely suspected at the time but never admitted, Stuxnet was the joint work of the United States and Israel.

The reason for the unexpected degree of openness becomes clear as the final twenty minutes of the movie unfold. Having found themselves facing the very real possibility that small pieces of computer code could constitute a human Doomsday weapon, some of the central players in contemporary cyberwarfare decided it was imperative that there be an international awareness of the situation, hopefully leading to global agreement on how to proceed. As one high ranking contributor notes, awareness that global nuclear warfare would (as a result of the ensuing nuclear winter) likely leave no human survivors, led to the establishment of an uneasy, but stable, equilibrium, which has lasted from the 1950s to the present day. We need to do the same for cyberwarfare, he suggests.

Mathematics has played a major role in warfare for thousands of years, going back at least to around 250 BCE, when Archimedes of Syracuse designed a number of weapons used to fight the Romans.

In the 1940s, the mathematically-driven development of weapons reached a terrifying new level when mathematicians worked with physicists to develop nuclear weapons. For the first time in human history, we had a weapon that could bring an end to all human life.

Now, three-quarters of a century later, computer engineers can use mathematics to build cyberwarfare weapons that have at least the same destructive power for human life.

What makes computer code so very dangerous is the degree to which our lives today are heavily dependent on an infrastructure that is itself built on mathematics. Inside most of the technological systems and devices we use today are thousands of small solid-state computers called Programmable Logic Controllers (PLCs), that make decisions autonomously, based on input from sensors.

What Stuxnet did was embed itself into the PLCs that controlled the Iranian centrifuges and cause them to speed up well beyond their safe range to the point where they simply broke apart, all the while sending messages to the engineers in the control room that the system was operating normally.

Imagine now a collection of similar pieces of code that likewise cause critical systems to fail: electrical grids, traffic lights, water supplies, gas pipeline grids, hospitals, the airline networks, and so on. Even your automobile – and any other engine-driven vehicle – could, in principle, be completely shut off. There are PLCs in all of these devices and networks.

In fact, imagine that the damage could be inflicted in such a catastrophic and interconnected way that it would take weeks to bring the systems back up again. With no electricity, water, transportation, or communications, it would be just a few days before millions of people start to die, starting with thousands of airplanes, automobiles, and trains crashing, and soon thereafter doubtless accompanied by major rioting around the world.

To be sure, we are not at that point, and the challenge of a malicious nation being able to overcome the difficulty of bringing down many different systems would be considerable – though the degree to which they are interdependent could mitigate that “safety” factor to some extent. Moreover, when autonomous code gets released, it tends to spread in many directions, as every computer user discovers sooner or later. So the perpetrating nation might end up being destroyed as well.

But Stuxnet showed that such a scenario is a realistic, if at present remote, possibility. (Not just Stuxnet, but the Iranian response. See the movie to learn about that.) If you can do it once (twice?), then you can do it. The weapon is, after all, just a mathematical structure; a piece of code. Designing it is a mathematical problem. Unlike a nuclear bomb, the mathematician does not have to hand over her results to a large, well-funded organization to build the weapon. She can create it herself at a keyboard.

That raw power has been the nature of mathematics since our ancestors first began to develop the subject several thousand years ago. Those of us in the mathematics profession have always known that. It seems we have now arrived at a point where that power has reached a new level, certainly no less awesome than nuclear weapons. Making a wider audience more aware of that power is what Gibney’s film is all about. It’s not that we face imminent death by algorithm. Rather that we are now in a different mathematical era.