Tuesday, January 10, 2017

One case in which the "you will die" headline may be legitimate

Years ago, the medical and legal professions did not allow their practitioners to advertise.

Boy, has that changed - although they're careful about how they advertise.

Sort of.

Consider the many medical advertisements that sound something like this:

I had suffered from my myopia and deviated septum for years. Finally, when I turned to Super Duper Hospital, the trained physicians were able to assist me. Because of Super Duper Hospital's commitment to research, I was treated with new technologies that are not available anywhere else.

Well, that's what the actor portraying the patient literally said in the commercial. But the underlying message that the hospital is conveying is somewhat different. Imagine this message delivered by Arnold Schwarzenegger or the late Don LaFontaine:

If you go to any other hospital, you will DIE.

So when I first saw the headline for this article, my first reaction was to roll my eyes.

Secure IoT before it kills us

But then, when you start thinking about the things that are controlled by IoT devices, you realize that this is not an exaggeration.

2010: Stuxnet (believed to have been created by Israeli intelligence) vibrates centrifuges in Iran nuclear plant.
2011: Hacker takes wireless control of insulin pumps.
2014: Hackers commandeer hundreds of webcams and baby monitors.
2015: Researchers remotely take over and crash Cherokee jeep.
2015: Plane flight controls hacked via in-flight entertainment system.
2016: Smart thermostats hacked to host ransomware.

But there is a danger of overreaction on either side of the spectrum.

On the one hand, you could ignore the threat altogether and not really pay heed to the possibility that a device may be hacked. This opens you to a hacking incident and/or a lawsuit.

On the other hand, you could overreact and demand that no IoT device be deployed unless it is 100.000% secure. And as any security expert knows, 100.000% security is impossible.

But it certainly is possible to provide some level of security for IoT devices. After all, we do it all the time for the non-trendy computers.

As Microsoft’s [National Security Officer Stuart] Aston points out: “With each generation of smart things, we seem to have to relearn the lessons of the past.

“A lot of IoT security best practice is no different from the best practice we’ve learned through securing PCs and mobile devices over the years. We just need to ensure it’s rigorously applied.”
blog comments powered by Disqus