This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/iot-wg@ripe.net/
[iot-discussion] US Homeland Security published recommendations for IoT Security
- Previous message (by thread): [iot-discussion] US Homeland Security published recommendations for IoT Security
- Next message (by thread): [iot-discussion] US Homeland Security published recommendations for IoT Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Klaas Tammling
klaas at tammling.hamburg
Fri Nov 18 11:17:58 CET 2016
> I think that I disagree with everyone in this thread so far. > > I don't think this paper is "common sense", or else we wouldn't be in > the mess that we are all in now. (Of course, I think that "common > sense" is really just an excuse to mock people who don't share your > background or expertise, so maybe I am biased.) > > While the recommendations in the paper *do* make sense, I think the > most > crucial issue was identified in this sidebar on pages 14 and 15: > > Identify and advance incentives for incorporating IoT security. > > Policymakers, legislators, and stakeholders need to consider ways > to better incentivize efforts to enhance the security of IoT. In > the current environment, it is too often unclear who bears > responsibility for the security of a given product or system. In > addition, the costs of poor security are often not borne by those > best positioned to increase security. DHS and all other > stakeholders need to consider how tort liability, cyber > insurance, > legislation, regulation, voluntary certification management, > standards-settings initiatives, voluntary industry-level > initiatives, and other mechanisms could improve security while > still encouraging economic activity and groundbreaking > innovation. > Going forward, DHS will convene with partners to discuss these > critical matters and solicit ideas and feedback. > > Giving people with power to solve problems the responsibility to > solve > them along with proper rewards if they do seems quite obvious, so > maybe > that is what you meant by "common sense"? :) > > I'm glad that DHS seems to "get it", but I am also nervous because I > doubt that they can make an impact with legislators and regulators > here. Setting up markets so they align with the best interests of > society is likely to be considered government meddling by many; > especially business folks who instinctively fear and hate any > constraints on their activities. > Sure I can agree with you that "common sense" doesn't seem to be that common as we wouldn't have the current situation. So at the moment I don't know if this is the right thing to talk about. What I am a bit worried about is that everytime regulators or even in the extreme case the government comes in to set up rules, strange things happen. In the extreme case when the government steps in it will need technical advice otherwise laws appear where you have to be discussing about privacy again or where an engineer knows that these measures won't be serving anyone except everything will be getting more expensive and/or complicated. At the moment I couldn't even imagine what such a "reward" could be. Maybe certificates for IoT security which can be traded on the market if you want to release a product which isn't that secure as it should be. "To enhance security while keeping economic costs low" maybe.
- Previous message (by thread): [iot-discussion] US Homeland Security published recommendations for IoT Security
- Next message (by thread): [iot-discussion] US Homeland Security published recommendations for IoT Security
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ iot-wg Archives ]