Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Communications Networking Security

A "Public Health" Approach To Internet of Things Security 48

New submitter StewBeans writes: Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do. David Bray, CIO of the FCC, emphasizes the exponential growth we are facing by comparing the Internet we know today to a beachball, and the Internet of Everything future to the Sun. Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything. He says this might look similar to public health on the consumer side — the digital equivalent of hand washing — and involve an open, opt-in model for the rapid detection of abnormal trends across global organizations and networks.
This discussion has been archived. No new comments can be posted.

A "Public Health" Approach To Internet of Things Security

Comments Filter:
  • by Anonymous Coward

    Thanks.

    IoT is a bad idea.

    Don't assign responsability to my grandmother for patching kernels using interfaces made by hardware people.

  • by rtkluttz ( 244325 ) on Thursday August 27, 2015 @02:52PM (#50404557) Homepage

    It will be a cold day in hell before I will accept having to authenticate to a 3rd party outside my network to access or access data that my devices generate on someone elses servers or devices. When I am able to open ports in my own firewall and access my devices and data directly without having to ask someone elses permission then internet of things will be a go for me. Until then I'll be a technically savvy luddite.

    • Exactly.

      I could see News like in this ... in 2030s:

      "An elder starved to death after his refrigerator got hammered by a DoS (Denial of Service) by hackers and was unable to open the fridge."

      or

      "Hackers are wrecking havoc with consumers as they find their refrigerator keeps turning off and are forced to re-buy all their frozen food. Local supermarkets are staying mum for fear of retaliation."

      And there is the potential of all the EF spectrum "pollution" as all these stupid IoT devices are constantly broadcastin

      • by mlts ( 1038732 )

        I can see the future /. complaints as well:

        "I just bought a fridge, and they demand $25 a month to allow the door to be opened after 9:00 PM, and the ice maker to work 24 hours. I am just tired of watching the same ads for 5 minutes before it allows the door to be opened."

        "My doorbell won't stop playing ad jungles unless I pay $10 a month for the ad free experience."

        "Time to reboot all the light switches. Some botnet got installed and is using them for NarfCoin mining."

        "Just had my health insurance premiu

        • by alhead ( 1386235 )
          It sounds like you've read Ubik by P. K. Dick, or you've seen that episode of Black Mirror about the socioeconomic system based on virtual avatars. I can imagine a lot of those scenarios playing out in the not-too-distant future, but I hope that people will have the freedom to avoid products or services that cause those problems. The worst part will be when alternatives are no longer available or when participation is mandatory.
    • Why do I need the 'Cloud' to handle my data? IoT should come with local network apps that keep my data on my network so I can access it. I contact my network through the apps, check/adjust the appliances, then I am done. No One else need be involved.
      • But then how are the manufacturers supposed to make money by mining all the data they collect from people?

      • You cheap freeloader! You didn't pay enough up front for your application/car/phone/device, for the CEO of the manufacturer to keep in hookers and coke for the rest of his life. Clearly, you need to keep paying, at least until the device is no longer able to function. And then you need to buy a new one, immediately.

    • I agree with you, but it misses the crud (my opinion) which is TFA. TFA claims that we are all responsible for being good citizens and policing the internet because IoT and such. Which is crud because it lacks a sense of reality. Bad guys do exist, and people do bad things, regardless of how the rest of society is living.

      If what TFA said was true, simply agreeing to give banks the ability to build vaults would have stopped all robberies. Countries that have outlawed guns for citizens would be completely

      • The answer is for anything on the Internet to be protected, and if it can't be protected it should not be on the Internet.

        That's fine and good in principle. The public health equivalent would be that "anything in public is vaccinated, and if it's not vaccinated it should not be out in public."

        Until you get the anti-vaxx blowback, the hysterical screaming, authorities caving in.. and then the next sweeping pandemic.

        The internet is becoming the next public forum, and inevitably public hygiene debates will b

        • The bad guys are one thing, but in reality they aren't that much of a risk because they're pretty rare. The inconsiderate, careless, drunk, incompetent and downright stupid are more dangerous simply by sheer weight of numbers.

    • DoS (Denial of Service) is the old way to broke the door of any firewall as we know. But nowadays, many of technology open for everyone at cheap cost. Even many of hackers try to hack the door or anything with a key or something else. US Government has controlled this kind of thing with CIA Special OPs. In the world has lot of professional to control the security with high quality equipment's and they have many technology to secure the home like they will help you http://www.locksmithsinscottsd... [locksmiths...tsdale.com]
      • ya DOS is the oldest version at that time it s a most powerfull service but now i am using locksmith service.it is a best service like DOS
  • by Anonymous Coward

    It strikes me that this is a bit unrealistic. The largest number of devices out there are designed for consumer use to consumer standards, which I think will mean massive security holes in the interests of quick to market and lowest prices. And the people that these are marketed to will not have even the smallest chance of keeping their devices cheap or noticing that anything is out of the ordinary until it is way to late. If you want a comparison to public health, think about the likelihood of an illite

  • This is gibberish. lol.

  • by turkeydance ( 1266624 ) on Thursday August 27, 2015 @03:18PM (#50404715)
    with this One Weird Trick
  • "Guaranteeing your personal privacy in an era when more and more devices are connecting our daily lives to the Internet is becoming increasingly difficult to do"

    Waffle, how about designing 'computers' that can't be compromised by opening a malicious attachment or clicking on a malicious URL. ref [crash-safe.org]
  • it just means Facebook is fucked because it can't track your movements anymore and the NSA is fucked because your data is encrypted. Seriously, the technology does exists to protect your digital information but that would mean people couldn't spy on you and make money off you so easily.
  • Instead of all the hand wringing about future issues why not do things that really can be done right now to make life better. For example if our government announced a policy of economic punishment for any nation failing to arrest foreign hackers and turn them over to US courts we could eliminate boat loads of E-crimes against American citizens. Why should we tolerate Russia allowing pools of hackers dedicated to stealing American bank accounts or credit cards? Or how about a severe penalty
  • Good fucking luck.

    How much longer do we have to put up with this Internet of Things nonsense until it goes away?
    • Until they find a worse term for it.

    • by Anonymous Coward

      How much longer do we have to put up with this Internet of Things nonsense until it goes away?

      It's not going to go away, nor should it. The only question is whether we're going to do it RIGHT, and every screeching whiner like you decreases the chance of that.

  • "every consumer needs to assume some responsibility"

    Really? When *I* go online, yes, I have to assume some responsibility.

    I hold the "things" up to the same standard: when the "things" go online, *they* have to assume some responsibility. It's not my f***ing fault if my fridge wants to surf the web, it's the fridge's fault.

    • by BVis ( 267028 )

      No, it's your fault for bringing a device into your house that has the potential to be compromised and spread misery to others without knowing enough about how to maintain its security through patches and other available upgrades. If you can't determine if that device is secure enough, don't buy it. If the manufacturers see that security is important to their customers (in other words, bad security is starting to cost them money, which is the most important thing, forget that 'quality' or 'security' shit)

      • So basically I'm responsible, because I didn't write the firmware, and instead it was written by an idiot? Like someone who runs Windows, and is therefore able to turn off Windows Update because it exists in the first place, and could be the very channel which, by means of DNS cache poisoning and/or router compromise and/or BGP poisoning, was the means to infect the thing in the first place?

        How about we hold the idiot who thought giving the fridge a routable address via NAT off the local network in the fir

        • by BVis ( 267028 )

          You are responsible for what you can do. Of course you're not responsible for the firmware, but you have a responsibility to update it if it needs it. Balance the benefits WU gives you versus the risk in shutting it off for the average mouth breather; you can't save everyone but the chance of a compromise through WU is much lower than the risk of running an un-patched Windows machine. Leaving WU in its default state is the responsible thing to do, and that's the kind of responsibility I'm talking about.

  • When they start making devices based on Genode, and can generate a Private/Public key pair for authentication by pushing a button, and share the public pair via a local web page... I'll be interested.

    As long as these things are running some version of Linux, Windows or that ilk, they won't be secure, no matter how many updates and patches you apply vigorously.

  • What we need more is a base model of distrust.

    The primary design error in networking was to trust other devices. If we had designed networking from the start under the assumption of malicious intruders, we would have things like "to do anything, you need a token that proves you're allowed to do it". It would be in the protocols.

    On embedded devices, I want a networking stack that will cryptographically check all incoming packets, and at the lowest level discard them if they don't carry a valid token. Nothing

  • Bray says unless you plan to unplug from the Internet completely, every consumer needs to assume some responsibility for the security and overall health of the Internet of Everything.

    This is not going to be reasonable or even possible when devices are using obfuscated or poorly documented protocols which is becoming more prevalent. The best that the consumer will be able to do is isolate every device from every other (with a VLAN switch or equivalent) and block all incoming connections.

    For example with Win

  • Thanks for the useful article. Despite the fact that there are many new blogs and many other internet projects launched every day I believe that the blog created now may be promoted and made popular. In order to become an expert in the niche and attract people you need to learn and grow constantly. People want to read bloggers who are developing to grow with them. http://www.cutelovestories.net... [cutelovestories.net]

Fast, cheap, good: pick two.

Working...