[SystemSafety] Schneier on IoT
Peter Bernard Ladkin
ladkin at causalis.com
Mon Feb 20 05:09:44 CET 2017
IoT matters are safety-related because, first, not all critical systems are air-gapped, as we know
from demonstrations of partial take-over of road-vehicle controls while driving, and, second, air
gaps can be quite leaky, as the Chatham-House report on NPP cybersecurity showed.
Bruce Schneier wrote an essay on IoT and cybersecurity for New York Magazine, published in January I
believe. His latest Crypto-Gram newsletter contains it:
https://www.schneier.com/crypto-gram/archives/2017/0215.html
He points out that a failure to ensure appropriate dependability of software-based interconnected
devices is a market failure, and suggests that the only solution (as with most market failures) is
regulatory correction. He is concerned that regulatory measures could well be less-than-well considered.
Here is how it begins:
[begin quote]
Last year, on October 21, your digital video recorder -- or at least a DVR like yours -- knocked
Twitter off the Internet. Someone used your DVR, along with millions of insecure webcams, routers,
and other connected devices, to launch an attack that started a chain reaction, resulting in
Twitter, Reddit, Netflix, and many sites going off the Internet. You probably didn't realize that
your DVR had that kind of power. But it does.
All computers are hackable. This has as much to do with the computer market as it does with the
technologies. We prefer our software full of features and inexpensive, at the expense of security
and reliability. That your computer can affect the security of Twitter is a market failure. The
industry is filled with market failures that, until now, have been largely ignorable. As computers
continue to permeate our homes, cars, businesses, these market failures will no longer be tolerable.
Our only solution will be regulation, and that regulation will be foisted on us by a government
desperate to "do something" in the face of disaster.
In this article I want to outline the problems, both technical and political, and point to some
regulatory solutions.
[end quote]
PBL
Prof. Peter Bernard Ladkin, Bielefeld, Germany
MoreInCommon
Je suis Charlie
Tel+msg +49 (0)521 880 7319 www.rvs-bi.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: OpenPGP digital signature
URL: <https://lists.techfak.uni-bielefeld.de/mailman/private/systemsafety/attachments/20170220/8b5bf6e1/attachment.pgp>
More information about the systemsafety
mailing list