[192346] in North American Network Operators' Group
Re: Spitballing IoT Security
daemon@ATHENA.MIT.EDU (Leo Bicknell)
Wed Oct 26 13:19:15 2016
X-Original-To: nanog@nanog.org
Date: Wed, 26 Oct 2016 10:19:07 -0700
From: Leo Bicknell <bicknell@ufp.org>
To: nanog@nanog.org
Mail-Followup-To: nanog@nanog.org
In-Reply-To: <20161026120634.GA20735@gsp.org>
Errors-To: nanog-bounces@nanog.org
--sdtB3X0nJg68CQEu
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
In a message written on Wed, Oct 26, 2016 at 08:06:34AM -0400, Rich Kulawie=
c wrote:
> The makers of IoT devices are falling all over themselves to rush products
> to market as quickly as possible in order to maximize their profits. They
> have no time for security. They don't concern themselves with privacy
> implications. They don't run networks so they don't care about the impact
> their devices may have on them. They don't care about liability: many of
> them are effectively immune because suing them would mean trans-national
> litigation, which is tedious and expensive. (And even if they lost:
> they'd dissolve and reconstitute as another company the next day.)
> They don't even care about each other -- I'm pretty sure we're rapidly
> approaching the point where toasters will be used to attack garage door
> openers and washing machines.
You are correct.
I believe the answer is to have some sort of test scheme (UL
Labratories?) for basic security and updateability. Then federal
legislation is passed requiring any product being imported into the
country to be certified, or it is refused.
Now when they rush to market and don't get certified they get $0
and go out of business. Products are stopped at the boader, every
shipment is reviewed by authorities, and there is no cross boarder
suing issue.
Really it's product safety 101. UL, the CPSC, NHTSA, DOT and a
host of others have regulations that if you want to import a product
for sale it must be safe. It's not a new or novel concept, pretty
much every country has some scheme like it.
--=20
Leo Bicknell - bicknell@ufp.org
PGP keys at http://www.ufp.org/~bicknell/
--sdtB3X0nJg68CQEu
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBWBDli7N3O8aJIdTMAQKc/Q/9GZpMeRsp2i5IGt5goQu4xb8+96zeYUn6
ExgJdx7hmgMoIyY0rsyi9MUxitxSQrA3X+fw8Pp0U3QSY/BuQI4j9K97l9sgPbBE
yHM/7/DAm3wlXChLzrFDTVXZx7/rN2pdDUzqdqte4NLCqDdFkdwFPzAyQ2UpsFM6
ebqpj+Ytz3CsJnpNQrx2qKFpxfD+xVU5BjJ6LWeIcNKx7E2ltXcx1ZFjF8rqyM5B
peVP09hzlnZSvw8fLd6ENBg3L5m1pbaL3c/J70SjO6+L4xLp+/QH5kCEiGC7jF/i
TkX4JTelr8OOgg1MCMM26klpEHmfGnkXDYVgvzLM9oUSNtGVrqkZpAoBMgDrA20o
ScmDLpohz3NE6ipsw/fnocxVuegKCOzqhSphznsG9Z2SfSRFkRx92O1/ComJLinF
yt7WMxuP4zucE7FrUXgL0y0yKQIQIyeYDVnVV6cVr8B+ioYVibiXdStzlslVyDdH
I6FyilmtavYUhvCaFj9Xbjl1Qz4Ik18Af16DybwisCzrgC+d5AX3Tqa1t65/vzwk
p3Gv90jEhM8/D0bkcSRg4KkDGHAm5U/HveW18zfgP5VCzXHd36ujxKV9HnTucqGj
q/XIe/+tGJeNaAnaWekoqR9Ghzo771TnFyj+ZoXZRlmR9Jc8C2bTjkZz4swyjhpp
gqxfo08zHFo=
=uDuD
-----END PGP SIGNATURE-----
--sdtB3X0nJg68CQEu--
