Vint Cerf: 'The internet of things needs to be locked down'

The problem is not authentication or lack thereof

but rather the bugginess of embedded systems, Internet-connected or otherwise, manufacturers' unwillingness to expend engineering work to issue patches, and the logistic intractability of managing patches for all the devices out there. We've seen makers of expensive SCADA controllers wash their hands of the problem, and even lowly printers have turned out to be attack vectors.

Authentication won't solve the problem. Strict product liability laws that force manufacturers to fix bugs would be a first step, and it's encouraging the FCC recently compelled HTC to release Android security updates for phones they'd just as soon not want to support.

One option could be to require devices to disable themselves 6 months after their last autoupdate, and to require manufacturers to support devices for 7 years after EOL just as they are required to for spare parts.

shut off internet access for my toaster?

But then how am I supposed to read my morning emails?

Just because you can, doesn't mean you should.

One hack on your home aircon setting it to 0deg while your at work for the day could lead to a very large electric bill in the heat of summer. Honestly, a simple programmable thermostat works a treat and can be replaced when it flips over on its back and twitches its legs for just a few quid.

The need for central control

Quite a few commentards seem to overlook the need for central control of demand and the benefit that it can provide.

The overall demand for electricity is variable. Storage is expensive and output modulation of the most efficient generators is a rather slow. If part of the overall demand can be made adjustable, being advanced or delayed as appropriate to smooth out fluctuations, this can improve regulation and reduce the cost of supply.

Given that the variability of wind power will have to be factored in to the grid, the problem of mismatch between supply and demand will become more acute. Already some large customers pay a reduced price in return for sometimes being shut off at times of peak demand. If the grid ever becomes truly 'smart' this sort of cost saving through switched supply will become fairly widespread.

"Why would you ever put them on a publically accessed net? Aren't there personnel on station to adjust the settings? Like 24/7 at a power plant?

Is he making a problem so he can sell us the solution?"

Aircon is one example, but there are plenty of things that require outside connections - monitored alarms for instance. One could well envisage a scenario where neer do wells could cause chaos by tripping every monitored alarm in London. The monitoring firm (who would normally call the Police or their Security patrols) wouldn't know where to send Police or Security, and the noise pollution could cause substantial public concern or panic. Conversely it's conceivable that an alarm could be nullified with a man-in-the-middle attack or simply by being hacked into, allowing burglars access to a lucrative target at their leisure in the safe knowledge they won't be disturbed because the monitoring centre won't be getting any calls from the alarm box. Same could apply to remote access CCTV on campus sites and inserting a false video stream (21st century equivalent to putting a photo in front of the camera!).

Of course controlling your heating and lighting from your phone to "save energy" is pointless in a domestic scale. In larger buildings it might be a serious cost saving. One that would be offset by having staff wandering around turning them up/down in the evening and morning - far more efficient to monitor from a central location, which can also spot anomalous behaviour and call a service tech, ideally before the office gets to sweltering point and someone takes the time to put in a call.

$120 to control your Home heating remotely from your smartphone

I came across a wi-fi enabled Home Thermostat just this weekend - if my wife ever comes across it, she'll buy one and insist that I install it so that she can turn the heat up before she goes home.

http://www.lowes.com/pd_171234-74493-RTH6580WF1001_0__?productId=3850713

Verizon is also pushing "Home automation and control" for an additional $10 a month -

http://www22.verizon.com/home/homemonitoringandcontrol/

(you pay extra for the actual hardware - the $10 only get's you permission to use the control panel!)

IOT is coming. Who will control it?

Whatever it is ultimately called, the IOT will come. Of that you can be sure. It is, in a sense, already with us.

Security is indeed a problem, but the problem is inherent in how we do security, not in the IOT. Properly secured, an IOT world would be safer than a non IOT world. It would also be faster, cheaper and easier.

The number one problem confronting us with the IOT is not the technical failings of our security (though they be many). Those can and will be fixed (made 'good enough'). We have a profound problem of governance that is getting worse with each passing day. Bad players like the MPAA, the RIAA, corrupt/lazy/incompetent politicians and people worse than that have had the citizens of the Internet under attack for some time.

Any techie managing his own local network can see that most of the world could easily and cheaply be connected at Gigabit speeds. The drag on our systems imposed by rent seekers like the telecommunications cartels is obscene. The disparity between what is technically feasible and what is actually possible grows larger every day.

If you had told me forty years ago that I would one day live in a world where it was possible to give every intellectual artifact possessed by humanity to every child in the world for the cost of a few books *and* that we chose not to do so, I would not have believed it ... and yet here we are ... poised on the brink of a magical world and being held back by fools and bullies who are so mean spirited that they would rather we live in a lesser world so they could prevent the rest of us from enjoying abundance that rivals their own.

One need only look to the infamous 'salt laws' to see that those who seek power are not above telling your refrigerator to spoil your food if you don't pay yet another arbitrary hike in pricing. Not only should those guys not be in control, the Darl McBrides of this world should be charged, tried and serve a sentence that denies them access to the commons until they mend their ways.

"... needs to be beaten to death with the Salmon of Correction."

The way this week's been going it needed a dose of the surreal.

Thank for telling us of your spoons.