Vint Cerf: CS Programs Must Change To Adapt To Internet of Things 163
chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."
Re:They can teach whatever they want. (Score:5, Interesting)
They should not be teaching the importance of such things to CS students, but much rather to the MBA's and BBus students. It's not the knowledge of the need for security amongst those that build, but the desire to pay for it from Management.
Re:He isn't wrong; but is myopic. (Score:4, Interesting)
I think Vint gets that, and is speaking to the higher level and using "security" as an abstract generalization.
For example, the web was explicitly developed as a "pull" technology with declarative linking by reference with public visibility. Understanding the impact of that to how you build a security model governing access presents unique challenge. By comparison, Usenet is the opposite. It's essentially a syndicated push technology, more similar to a broadcast publishing method. As a result, the security model for how people gain access to resources, and what talks to what, is handled in a very different way.
Those are just two examples of content on today's general Internet which is an extension of Vint's work. When he talks about the Internet of Things, he doesn't merely mean the fad of sticking a web browser on a toaster. He's talking about the bigger vision of omnipresent computing and direct interaction of common devices to each other. Much like the Internet (specifically TCP/IP and DNS) was conceived as a way for computers to directly talk to each other (not going through a centralized hierarchy for approval and redistribution). We learned a lot of great lessons about how it would be used, the shortcoming, and the security ramifications. Now that we're in the fledgling stages of doing the same thing for a whole new are of automation and computing, there's great opportunity to think about and apply the lessons learned.
The Internet of socket puppets (Score:5, Interesting)
Apparently what the Internet needs most is yet another buzzword so nebulous, context free and ill defined nobody really understands what it is your talking about.
If "Internet of things" means home automation the technology has been around for decades yet remains a small niche market. "you can ..." scenarios are fun and cool and functional and all yet tend to impart very little useful value to the owner. I don't need or want Internet connected thermostats, light bulbs and toasters. As for security we can't even communicate securely. Email, Telephone/SMS are wholly insecure and trivially spoofed by anyone. Securing a mythical buzzword is not a problem I chose to spend my time perusing.
Re:You miss the point --- it's about security focu (Score:2, Interesting)
Personally i think that you miss the point. It's not about security in the real world, it's about the economics of security. No manufacturer will put an advanced security system into dirt cheap consumable devices. It is a joke to even consider iot for most stuff. It's an '80s fantasy that just has no economical value if applied as blindly as the idea suggests.
One of the mayor benefit of a structure like iot is agencies can spy on everything more easily. The question is why we should consider this to be something we are ok with.