@Moderator:

1, Lionel Rs., #comment-444973

Is link spam.

This post underscores how a solid Continuity Plan For Business is essential, not just during disasters but in daily operations. A great continuity strategy should reflect current business processes and evolve with them—static plans are as risky as no plan at all

I allways new connecting car brakes to internet is a bad idea. I think this needs a hardware fix. It’s not even that complex. Separate critical system (brakes, engine and so on) from the non critical system (car DVD player, bluetooth, car wi-fi and so on), and if you want to add some security feature like automatic crash reporting or realtime diagnostics, do it through WRITE ONLY MEMORY. One system is deaf, other one is muted.

Sir,
Do not believe government regulation is the answer although industry needs to be held accountable and responsible for the crap they expect us to buy. Was helping a friend with her wireless router. The admin password could be changed but the SSID and wireless password could not. There was not anything resembling a firewall or security in this router. told her it was a hunk of junk.
The Internet of stupid things need to be halted until security is installed. Microsoft security is an oxymoron I would not have any device corrupted by Microsoft. Considering that GM’s OnStar has been to divorce court One of these days someone will hack OnStar and shut down GM police and emergency vehicles. I would not have a vehicle that is connected to the Internet. Jeep was hacked, patched and hacked again. How many “smarttv’s” have been hacked or changed their EULA to allow spying or the tv stops working?
Thanks for a great article!

A government agency is demonstrably the wrong solution, and not just because the government is so corruptible and inept.

You have a worldwide threat. You do not have a worldwide government (thank god). And if you did, see above.

Regulation isn’t the answer … for all the reasons you point out in the article.

For domestic cases, it would be much better would be to put the fear of liability into security companies. A law allowing ordinary users to sue companies for security breaches (much like our product liability laws) would go a long way toward organically incentivizing good security practices.

For international cases, I would argue that this would be the job of the army (broadly speaking). If a hacker attacks a US company, it should be entirely reasonable for the US army to go after the hacker.

@TM,

My fridge and my stove

Gives a whole different meaning to firewalls. As long as your stove is on, the firewall is built-in. A firewall in the fridge… hmm, not a good idea. Kind of defeats the purpose. Security versus usability, I guess 🙂

My fridge and my stove are not on the internet, and none of my friends’ are. Nobody I know wants their fridge and stove to be on the internet. The internet of things is a hype, it’s not something ordinary people are clamoring for.

What I’m afraid of is that the industry may force us to accept a world where everything is on the internet without asking us and without giving us a choice. That is the biggest concern, not that people will voluntarily connect everything to the internet because they like it so much.

#IoT = #EUBoT

aka Eternally Unpatched Botnet of Things

“We also need to start disconnecting systems. If we cannot secure complex systems to the level required by their real-world capabilities, then we must not build a world where everything is computerized and interconnected.”

Near term, NOT connecting things to the Internet is the only workable approach to avoiding chaos.

I feel there is one glaringly incorrect assumption in this article: The idea that “Law” or another “agency” can rectify the issues involving Internet/Information security in the US OR the world.

One easily identifiable example of this failure of both law and agencies involves HEALTHCARE prices (and the industry) within the US—I’m sure all would agree that yearly price increases, that exceed market growth, is and will continue to be a major problem very soon. We hear about issues with price and affordability on a continuous and regular basis—so much that it’s become a major political topic. We’ve been provided with two general solutions: Socializing the healthcare system OR somehow forcing competition. Both of these methods require a myriad of additional ‘law’ and increased ‘government’ involvement in the daily lives of its Citizenry.

Unfortunately, what we’re not told is that there are EXISTING laws in place already which would not only prevent the problem of increasing healthcare prices but would have an affect on prices that would eliminate the need for having healthcare “insurance” altogether (except for actual events that you don’t plan on experiencing: like having a heart attack for example). What are these laws?? They are USC 15, Robinson–Patman Act of 1936, and the Sherman Anti-Trust Act 1890.

The Federal government has been exempting the healthcare industry from these laws for decades—and by the way, no other industry is protected from these laws.

If laws can be ignored and exempted in other industries then why would we assume they would somehow be enforced in any other industry??

The solution to this problem requires “us” to require that all existing laws be enforced—Companies that produce any computerized device should be liable for the security in their devices. Liability can be enforced through existing law (to my knowledge) so crafting more laws and creating more bureaucracies is a pointless effort at best..At worst, it provides more involvement by the state into the private lives of it’s Citizens….