Daniel Miessler on My Writings about IoT Security
Daniel Miessler criticizes my writings about IoT security:
I know it’s super cool to scream about how IoT is insecure, how it’s dumb to hook up everyday objects like houses and cars and locks to the internet, how bad things can get, and I know it’s fun to be invited to talk about how everything is doom and gloom.
I absolutely respect Bruce Schneier a lot for what he’s contributed to InfoSec, which makes me that much more disappointed with this kind of position from him.
InfoSec is full of those people, and it’s beneath people like Bruce to add their voices to theirs. Everyone paying attention already knows it’s going to be a soup sandwich—a carnival of horrors—a tragedy of mistakes and abuses of trust.
It’s obvious. Not interesting. Not novel. Obvious. But obvious or not, all these things are still going to happen.
I actually agree with everything in his essay. “We should obviously try to minimize the risks, but we don’t do that by trying to shout down the entire enterprise.” Yes, definitely.
I don’t think the IoT must be stopped. I do think that the risks are considerable, and will increase as these systems become more pervasive and susceptible to class breaks. And I’m trying to write a book that will help navigate this. I don’t think I’m the prophet of doom, and don’t want to come across that way. I’ll give the manuscript another read with that in mind.
de La Boetie • January 9, 2018 4:01 PM
The reason people in InfoSec are having to shout is because our Beloved Leaders are so absent from passing any kind of constraint or good conduct on suppliers. They let the suppliers get away with murder.
In other words, this is primarily not an InfoSec problem on its own, but it’s very much incumbent on “us” to carry on kvetching. Because that’s the ONLY way it seems like the “obvious” (from the article) penetrates the obtuse.
Before food standards were enforced, bakers used to add lead oxide to bread to make it look white. Chemists could have told everyone this was a spectacularly bad idea, but it takes legislation and the prospect of liability and jail time to focus commercial behavior to align with civic responsibility.