Home → Opinion → Articles → Making Security Sustainable → Abstract

Making Security Sustainable

By Ross Anderson

Communications of the ACM, Vol. 61 No. 3, Pages 24-26

[article image]

As we start to connect durable goods such as cars, medical devices, and electricity meters to the Internet, there will be at least three big changes. First, security will be more about safety than privacy. Certification will no longer mean testing a car once before selling it for 10 years; safety will mean monthly software updates, and security will be an integral part of it. Second, we will have to reorganize government functions such as safety regulators, standards bodies, testing labs, and law enforcement. Finally, while you might get security upgrades for your phone for two or three years, cars will need safety and security patches for 20 years or more. We have no idea how to patch 20-year-old software; so we will need fresh thinking about compilers, verification, testing, and much else.

Back to Top

Privacy, Availability, or Safety?

The early security scares about the "Internet of Things" have mostly been about privacy. There have been reports of the CIA and GCHQ turning smart TVs into room bugs, while the German government banned the Cayla doll whose voice-recognition system could be abused in the same way.3 Yet privacy may change less than we think. Your car knows your location history, sure, but your phone knows that already. It also knows where you walk, and it is already full of adware.


No entries found