Does the Internet of Things need an indie security assessor? The Internet toaster that's browning your crumpets, talking to its home servers, and participating in a ransomware-distributing botnet should get the kind of cyber-safety testing that it gets for physical safety. That is, at least, a growing view among Institute of Electrical and Electronic Engineers (IEEE) members, if an IEEE …
Not a bad idea. The interesting bit is of course (once again, dear friends) the implementation, i.e. making it work in way that actually benefits the end user. (Suspending the question "why the hell should my toaster be connected to anything else but the nearest power outlet anyway" for the moment.)
...that the certification process will typically be specified by a committee stuffed with vested interests who will see this either as a fantastic cash cow or a way to exclude smaller competitors from the marketplace. Make it as expensive and difficult as possible and both camps will be satisfied.
Added bonus is that it will kill open source projects, since they won't have the funds to play this game. Treble gin and tonics all round!
(Suspending the question "why the hell should my toaster be connected to anything else but the nearest power outlet anyway" for the moment.) Why suspend the question ? What benefit does a consumer derive from having his or her toaster connected to anything other than the mains (aside, of course, than bragging rights (?) - «now I'm connected to the IoT !») ?...
This post has been deleted by its author
Just look at how it works at the BBC, Parliamentary Expenses and Lawyers.
Expect a Can of Worms to be revealed when Tony Blackburn takes the BBC to Court fully open to the Public Gaze.
Expect the BBC to cave in and settle before it arrives at Court rather having their dirty Linen exposed in Court rather than a cosy self-originated internal-orientated investigation.
I think the law needs changing to bring it up to date but how do you do it? Do you add onto current protections (30 days to return an item) that for internet connected devices you have a warranty should the company not supply updates to keep it secure? How long do you set this warranty? As per the article a fridge can last 20 years. Do you make manufacturers give you an end of support date?
Difficult questions to answer but until it's law those companies making these devices will only care about one thing and that is profit at sale point and what is the smallest amount of time they can support the device due to costs involved. Phones are a benchmark as to how IoT will go because after 1/2/3 years you don't get any updates. I do also think there should be two specifications and laws, one for devices that only supply information and one for devices that allow control.
I for one will be informing all friends and relatives of the dangers these devices will present to leave them to make an informed choice as to whether they want to take the risk for the potential(still can't see this) benefit.
"I for one will be informing all friends and relatives of the dangers these devices will present to leave them to make an informed choice as to whether they want to take the risk for the potential(still can't see this) benefit."
I for one have already been doing that for ages... and in most cases there's a very short route between the entrance in one ear, and the exit in the other.
This post has been deleted by its author
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
