Re: Spitballing IoT Security

["Ronald F. Guilmette" <rfg () tristatelogic com>]

In message <20161108035148.2904B5970CF1 () rock dv isc org>, 
Mark Andrews <marka () isc org> wrote:

> * Deploying regulation in one country means that it is less likely
>  to be a source of bad traffic.  Manufactures are lazy.  With
>  sensible regulation in single country everyone else benefits as
>  manufactures will use a single code base when they can.

I said that too, although not as concisely.

> * Automated updates do reduce the numbers of vulnerable machines
>  to known issues.  There are risks but they are nowhere as bad as
>  not doing automated updating.

I still maintain, based upon the abundant evidence, that generallized
hopes that timely and effective updates for all manner of devices will
be available throughout the practical lifetime of any such IoT thingies
is a mirage.  We will just never be there, in practice.  And thus,
manufacturers should be encouraged, by force of law if necessary, to
design software with a belt-and-suspenders margin of safety built in
from the first day of shipping.

You don't send out a spacecraft, or a medical radiation machine, without
such addtional constraints built in from day one.  You don't send out
such things and say "Oh, we can always send out of firmware update later
on if there is an issue."

> From a software perspective, building extra layers of constraints is not
that hard to do, and people have been doing this kind of thing already
for decades.  It's called engineering.  The problem isn't in anybody's
ability or inability to do safety engineering in the firmware of IoT
things.  The only problem is providing the proper motivation to cause
it to happen.


Regards,
rfg