Vint Cerf: CS Programs Must Change To Adapt To Internet of Things

chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."

They can teach whatever they want.

[Anonymous Coward]

But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.

Stupid

[hsmith]

You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.

College is about learning theory and how to apply it, it isn't a vocational program.

But why do we need the internet of things

[Anonymous Coward]

What exactly are the upsides of having my fridge, toaster, microwave oven, sock drawer or fork connected to the internet?

Oh yeah sure.

[istartedi]

My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...

Re:They can teach whatever they want.

[mlts]

Nail, head, hit. Even if someone had a device that had obvious security failings that were unfixable, the EULA/TOS by opening it up and turning it on would ensure that lawsuits would not proceed (either by forcing arbitration, or just a clause stating that it isn't their fault, no matter what.)

I have no interest in IoT. Realistically, what has to be on the Internet all the time and take commands? Why do we need to give devices full exposure if it isn't needed?

If someone wants status messages from devices, why not just have devices communicate via BlueTooth to a log box, and said log box present the data to where it needs to go? This would force an intruder to have to hack that core box, then use BlueTooth weaknesses to jump to actual devices, rather than just run scripts blindly and hope someone's widget shows up.

Re:Stupid

[bmo]

College is about learning theory and how to apply it, it isn't a vocational program.

When you have a $100k bill to pay off that you can't escape through bankruptcy, you'd better have some way to pay it off. When you have a trillion dollar debt problem based upon this (see previous slashdot headlines) you have what they call a "real problem."

What you say is a nice sentiment. It's a sentiment that was only valid 40 years ago, when a summer job every year could pay for tuition at Northeastern.

It is also preposterous to not teach the concepts of security for devices connected to hostile environments (i.e., every network ever), and networking is not a "fad." The only people that thought that the Internet and networking in general for "the great unwashed" were fads were "futurists" like Cliff Stoll who were wildly wrong in 1995.

http://www.newsweek.com/cliffo... [newsweek.com]

Read that. A 30 year trend is not a fad.

--
BMO

You miss the point --- it's about security focus

[Morgaine]

You teach core and theory and you apply it to whatever the current fad is.

He's not really saying that CompSci programmes should be tailored for Internet of Things. What he's saying indirectly but perfectly clearly to those who are aware of the appalling state of networking security in recent years is that university-level tuition needs to buck up and face the music, because the people they have been releasing into the field are totally inept at designing secure systems. The hundreds of thousands of security problems spread right across the whole Internet speak for themselves.

It's a very important message, and hopefully it will resonate with more than a few CompSci departments. IoT is just being used as an excuse for releasing a high-profile message from a respected person about the very unsatisfactory state of developer competence in the area of secure systems.

Regarding your second point about education versus vocational training, you are right about that, but secure software design and cryptogtaphy are not subjects for vocational training, but very strongly in the domain of CompSci. You have to understand the fundamentals, not just know which functions to call.

Wrong, Expectations Must Change

[TrollstonButterbeans]

The most explosive *recorded* invention in the history of mankind was the printing press.

And it set Europe on fire.

But this led to the Renaissance.

You can't put the genie back in the bottle.

What is going on now with the internet and mobile devices and communication in general --- like the printing press or like radio or television --- is going to upset the status quo in 57 different ways.

Embrace these ways, understand how they will be used for good (yes --- if you think citizens are upset, just imagine how upset tyrants and governments are --- people in power hate change) ----

Communication advances always causes flowers to bloom --- any heartache always looks dumb and old fashioned in a decade of hindsight, because it yields new freedoms and rights that were never expected. If you doubt this, why do civil right continue to grow and governments to ever more tend to the welfare of their people?

"connectivity meme" is marketing B.S.

[globaljustin]

The concept is very important, as it introduces a sea change.

For far too long, computing has been about desktops and servers. Smartphones and tablets opened it up slightly

Yeah...just like Telegraph machines "became" telephones...and a whole ***new way of communicating*** was invented!

You sound like a salesman...like a TED Talk...or maybe a "tech evangelist"

First, we don't need to invent a new word to describe "sea change"...the words "sea change" or any number of synonymous phrases used daily work just fine.

2nd, computing has ****never**** been about "just desktops and servers"

3rd, your understanding of "computing" is fundamentally incorrect

we design devices to accomplish user tasks...we use all available technology (and maybe invent some new stuff) mitigated by cost

"the internet of things" is just a B.S. marketing way to say "making devices that use updated technology to its fullest"

stop it...just stop forever...there is absolutely no reason to ever say the words "the internet of things"...or "connectivity meme"....they are redundant concepts that conjure abstractions needlessly so people who don't understand technology can think they sound smart

Re:They can teach whatever they want.

[epyT-R]

No thanks. I don't want to be responsible for intractable problems. Security is one of those. See, in this situation the programmers would be the ones canned over any security flaw, regardless whether it's due to programming or misuse by the customer.

Cleaning toilets is starting to sound like a great job these days. It sure beats cleaning up peoples digital toilets...err computers and networks.

The best way to be safe from the internet of things is not to have unneeded connectivity. Anything else is a risk.