Talking to a couple cyber security SMEs recently it would appear one of the biggest threats are high volume, low cost IoT devices like IP security cameras that have very short product development and sales life cycles(measured in months rather than years).Originally Posted by OUTLAW 09
Lots of persistent vulnerabilities in cheap IoT hardware's firmware that can result in very large and easy to build attack arrays.
Moore's Law combined with commercial market forces means that this environment of large volume vulnerabilities occurring with each cheap IoT device generation is unlikely to be mitigated without intervention.
I would suspect that some form of intervention will be required, possibly along the lines of public/private partnership such as certification.
CE or UL are symbols used to identify compliant appliances for categories like electrical/fire safety.
I suspect we will need some form of IoT device compliance through certification or litigation.
Or in emergencies, the ability to remotely identify, locate, and negate them.
Ralph Nader's "Unsafe at any speed" but instead of targeting the Corvair and greater car industry in terms of safety standards and features, but for the IoT age.
This is not an original thought as I found it elsewhere first, but there's also the potential for some jurisdictions to "conscript" devices.
We have moved beyond conscripting humans to work on behalf of sovereign government in most instances, but our devices being conscripted is an entirely different story and not beyond the realm of believability to preempt a crisis and enhance national resilience.
Reply With Quote
Bookmarks