Dave Farber
2018-06-05 14:12:03 UTC
Date: June 5, 2018 at 10:03:30 EDT
Subject: Fwd: Internet of Things
I wrote up some thoughts on security for the Internet of Things -
https://www.nytimes.com/2018/06/03/opinion/westworld-internet-of-things.html.
Iâd love to further develop the âisland of misfit toys ideaâ; curious what IPâers think.
From Westworld to Best World for the Internet of Things
By Jonathan Zittrain
Mr. Zittrain is a Harvard professor and a co-founder of the Berkman Klein Center for Internet & Society.
June 3, 2018
+
Image
CreditGetty Images
Last month the F.B.I. issued an urgent warning: Everyone with home internet routers should reboot them to shed them of malware from âforeign cyberactors.â
Putting aside the strangeness that for oncepower-cycling a device could perform an effective exorcism upon it, the episode reveals more than just the potential for disruption of internet access for people using equipment they never expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices and appliances â the âinternet of thingsâ â that are vulnerable to attack.
A longstanding ethos of internet development lets anyone build and share new code and services, with consequences to be dealt with later. I call this the âprocrastination principle,â and I donât regret supporting it. But itâs hard to feel the same way about the internet of things.
Worries about security for these devices have become widespread, and they fall roughly into two categories.
First, compromised networked things can endanger their users. In 2015, Chrysler recalled 1.4 million vehicles after researchers showed they could hack a Jeep and disable its brakes and transmission. Coffee makers and other appliances with heating elements could have safety features overridden, starting a fire. And an alert was issued on certain pacemakers last year after vulnerabilities were found that could allow attackers to gain unauthorized access and issue commands to the devices.
Second, hacking even a tiny subset of the 10 billion and counting networked things can produce threats larger than any one consumer. Individually these devices may be too small to care about; together they become too big to fail. Security systems in a city could be made to sound an alarm simultaneously. Light bulbs can be organized into bot armies, directed to harm any other internet-connected target. And worse than a single Jeep executing an unexpected sharp left turn is a whole fleet of them doing so.
Short of rejecting internet integration with appliances, dealing with this is not easy. As with home routers, we tend to keep appliances around for years, so vulnerabilities arenât phased out quickly.
In fact, many vendors might stop issuing firmware updates for physical objects even while theyâre still widely in use â abandoning the public to problems lurking in embedded code. And otherwise-valuable âover the airâ security updates could also be a gateway to a hack, especially for small vendors of cheap if useful objects like $5 drones.
The unusual problems of the internet of things call for unusual solutions.
The first confronts the life-cycle problem. Companies making a critical mass of internet-enabled products should be required to post a ânetworked safety bondâ to be cashed in if they abandon maintenance for a product, or fold entirely. Insurers can price bonds according to companiesâ security practices. Thereâs an example of such a system for coal mining, to provide for reclamation and cleanup should the mining company leave behind a wasteland.
For internet-connected appliances, âreclamationâ can entail work by nonprofit foundations to maintain the code for abandoned products, creating an âisland of misfit toys,â in the parlance of the famed 1964 Rankin/Bass stop-motion Christmas special. Proceeds from redeemed bonds would go to these foundations to maintain the products, like the way the Mozilla Foundation has transformed the 1998 Netscape browser long after its originators left the scene.
A second intervention would require networked products modeled after analog counterparts to work even without connectivity. A smart coffee maker shouldnât be so clever that it canât make coffee without internet access. Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for appliances that reach the end of their supported life cycles while still beloved by owners.
Finally, networked devices made by different vendors need to be able to communicate with one another â the way that, say, Mac and PC users seamlessly exchange email. That prevents a household from becoming locked into a single vendor for all its appliances. It also prevents us from flocking to one or two vendors whose compromise could cause widespread consequences.
While procrastination around security has been vital to the expansion of the internet, âlaterâ doesnât mean ânever.â We can create incentives to design networked devices for both interoperability and safety, and to plan for remediation when some things inevitably go wrong. We can enjoy the best rather than worst of both worlds.
-------------------------------------------Subject: Fwd: Internet of Things
I wrote up some thoughts on security for the Internet of Things -
https://www.nytimes.com/2018/06/03/opinion/westworld-internet-of-things.html.
Iâd love to further develop the âisland of misfit toys ideaâ; curious what IPâers think.
From Westworld to Best World for the Internet of Things
By Jonathan Zittrain
Mr. Zittrain is a Harvard professor and a co-founder of the Berkman Klein Center for Internet & Society.
June 3, 2018
+
Image
CreditGetty Images
Last month the F.B.I. issued an urgent warning: Everyone with home internet routers should reboot them to shed them of malware from âforeign cyberactors.â
Putting aside the strangeness that for oncepower-cycling a device could perform an effective exorcism upon it, the episode reveals more than just the potential for disruption of internet access for people using equipment they never expect to have to physically manage. It also underscores how unprepared we are to manage downstream-networked devices and appliances â the âinternet of thingsâ â that are vulnerable to attack.
A longstanding ethos of internet development lets anyone build and share new code and services, with consequences to be dealt with later. I call this the âprocrastination principle,â and I donât regret supporting it. But itâs hard to feel the same way about the internet of things.
Worries about security for these devices have become widespread, and they fall roughly into two categories.
First, compromised networked things can endanger their users. In 2015, Chrysler recalled 1.4 million vehicles after researchers showed they could hack a Jeep and disable its brakes and transmission. Coffee makers and other appliances with heating elements could have safety features overridden, starting a fire. And an alert was issued on certain pacemakers last year after vulnerabilities were found that could allow attackers to gain unauthorized access and issue commands to the devices.
Second, hacking even a tiny subset of the 10 billion and counting networked things can produce threats larger than any one consumer. Individually these devices may be too small to care about; together they become too big to fail. Security systems in a city could be made to sound an alarm simultaneously. Light bulbs can be organized into bot armies, directed to harm any other internet-connected target. And worse than a single Jeep executing an unexpected sharp left turn is a whole fleet of them doing so.
Short of rejecting internet integration with appliances, dealing with this is not easy. As with home routers, we tend to keep appliances around for years, so vulnerabilities arenât phased out quickly.
In fact, many vendors might stop issuing firmware updates for physical objects even while theyâre still widely in use â abandoning the public to problems lurking in embedded code. And otherwise-valuable âover the airâ security updates could also be a gateway to a hack, especially for small vendors of cheap if useful objects like $5 drones.
The unusual problems of the internet of things call for unusual solutions.
The first confronts the life-cycle problem. Companies making a critical mass of internet-enabled products should be required to post a ânetworked safety bondâ to be cashed in if they abandon maintenance for a product, or fold entirely. Insurers can price bonds according to companiesâ security practices. Thereâs an example of such a system for coal mining, to provide for reclamation and cleanup should the mining company leave behind a wasteland.
For internet-connected appliances, âreclamationâ can entail work by nonprofit foundations to maintain the code for abandoned products, creating an âisland of misfit toys,â in the parlance of the famed 1964 Rankin/Bass stop-motion Christmas special. Proceeds from redeemed bonds would go to these foundations to maintain the products, like the way the Mozilla Foundation has transformed the 1998 Netscape browser long after its originators left the scene.
A second intervention would require networked products modeled after analog counterparts to work even without connectivity. A smart coffee maker shouldnât be so clever that it canât make coffee without internet access. Switchover to non-connectivity mode will not merely help prevent things from becoming useless when the internet goes down, or if the original vendor disappears or jacks up service prices. It can also provide a soft landing for appliances that reach the end of their supported life cycles while still beloved by owners.
Finally, networked devices made by different vendors need to be able to communicate with one another â the way that, say, Mac and PC users seamlessly exchange email. That prevents a household from becoming locked into a single vendor for all its appliances. It also prevents us from flocking to one or two vendors whose compromise could cause widespread consequences.
While procrastination around security has been vital to the expansion of the internet, âlaterâ doesnât mean ânever.â We can create incentives to design networked devices for both interoperability and safety, and to plan for remediation when some things inevitably go wrong. We can enjoy the best rather than worst of both worlds.
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=26461375
Unsubscribe Now: https://www.listbox.com/unsubscribe/?member_id=26461375&id_secret=26461375-c2b8a462&post_id=20180605101211:6E9969BC-68CA-11E8-A2F8-E67A9A9437FD
Powered by Listbox: http://www.listbox.com