Stacey on IoT | Internet of Things news and analysis

Internet of Things

  • Home
  • Analysis
  • Startups
  • How-To
  • News
  • Podcast
  • Events
  • About
  • Advertise
  • Speaking
    • Facebook
    • RSS
    • Twitter
    • YouTube

Hackers aren’t just a security issue, they are a safety issue

June 5, 2017 by Stacey Higginbotham Leave a Comment

Professor Ross Anderson explaining how IoT security becomes a safety issue.

Think about your first car. If you’re like many of us, it was probably used, either purchased or handed down from parents or maybe even siblings. My first car was 14 years old. Now, think about how poorly secured most 14-year-old electronic devices are. The success of WannaCry capitalized on precisely that lack of security for hospital machines and operating systems.

When it comes to embedding tech into everyday machines and critical infrastructure, security is no longer just about privacy of data, it’s a safety issue. To build a connected medical device without contemplating how to prevent someone from hacking it is like building a bridge without a civil engineer and load testing. With this being said, it is also important to understand the difference between manual and automation testing for various parts of your business, as they can both offer benefits and disadvantages. Seeing as your business should be one of your top priorities, it would be worth considering this.

That’s been missing from a lot of the conversations about IoT security, but an excellent paper from the University of Cambridge looks at security for connected cars, medical devices and the energy grid as a safety issue.

The report covers the role of regulators in our technocentric world, how liability might be shared among manufacturers, consumers, insurers and regulators, and ways to implement security over a 30-year life span. Alone, each of these topics is worth several papers, which is why I found the report such helpful reading. It covers all of these to enough depth to help interested parties dig into the issue, rather than say, “It’s hard,” and move on.

The paper offers up liability as the impetus for secure infrastructure and discusses where European laws (this report was commissioned by the European Commission) fall short. For example, product liability can invalidate the ubiquitous end user licensing agreements that people click on with every software download, but it cannot protect against unforeseen harms.

And when dealing with the interest, electronics and a network, we will encounter the unforeseen. Additionally, laws that protect against insecure and unsafe products do not cover services. For many companies, connected devices are about selling a service, not selling a physical device.

There are an additional half dozen interesting points for discussion in the paper, plus a historical perspective on how regulation developed around the railroads and cars. It provides grim parallels on how things might unfold for connected device security in the 21st century.

If all of this sounds crazy and over-the-top, go reread the essay I wrote about hospital security. The CISOs I spoke with for that story were most worried about their connected devices doing physical harm to a patient, not about records getting stolen. We’re already living in a world made less safe by connected products. Now we have to admit this and solve the issues technology has wrought.

Just like we have done before.

Want the latest IoT news and analysis? Get my newsletter in your inbox every Friday.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: Analysis, Featured Tagged With: EU, iot security, Ross Anderson, University of Cambridge

Sponsors



Become a sponsor

Subscribe to Blog via Email

Enter your email address to receive notifications of new posts by email.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

IoT Podcast

Listen to the latest episode of the Internet of Things Podcast. Just press play!

Sponsors

Become a sponsor







Get Stacey’s free weekly Internet of Things newsletter

  • This field is for validation purposes and should be left unchanged.

Recent Comments

  • Michael Rada on Podcast: Hacking sensors and securing medical devices
  • Jon Smirl on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Lawrence K on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart
  • Hugo on TP-Link Tapo Smart Plug with Matter: Simple and mostly smart

Stacey on Twitter

Tweets by gigastacey
Copyright © 2023 SKT Labs, LLC · Privacy Policy