The challenge: How do we make security and safety sustainable? Ross - - PowerPoint PPT Presentation

the challenge how do we make security and safety
SMART_READER_LITE
LIVE PREVIEW

The challenge: How do we make security and safety sustainable? Ross - - PowerPoint PPT Presentation

Aug 25, 2022 318 likes •457 views

The challenge: How do we make security and safety sustainable? Ross Anderson Cambridge 13/08/18 Bal>more How does IoT change safety? The EU regulates safety of all sorts of devices They asked ireann LevereJ, Richard Clayton and

slide-1
SLIDE 1

The challenge: How do we make security and safety sustainable?

Ross Anderson Cambridge

Bal>more 13/08/18

slide-2
SLIDE 2

How does IoT change safety?

  • The EU regulates safety of all sorts of devices
  • They asked Éireann LevereJ, Richard Clayton

and me to examine what IoT means for this

  • Once there’s soOware everywhere, safety and

security get entangled

  • How will we have to update safety regula>on

(and safety regulators) to cope?

  • We studied cars, medical devices and grid

equipment but the lessons are much broader

Bal>more 13/08/18

slide-3
SLIDE 3

The Big Challenge

  • Established non-IT industries usually have a

sta>c approach – pre-market tes>ng with standards that change slowly if at all

  • The >me constant is typically a decade
  • When malicious adversaries can scale bugs

into aJacks, industries need a dynamic approach with patching, as in IT

  • The >me constant is then typically a month

Bal>more 13/08/18

slide-4
SLIDE 4

Broad ques>ons include…

  • Who will inves>gate incidents, and to whom

will they be reported?

  • How do we embed responsible disclosure?
  • How do we bring safety engineers and

security engineers together?

  • Will regulators all need security engineers?
  • How do we prevent abusive lock-in? Note the

US DMCA exemp>on to repair tractors …

Bal>more 13/08/18

slide-5
SLIDE 5

Policy recommenda>ons included

  • Pushing vendors to ensure that products can be

patched if need be

  • Requiring a secure development lifecycle with

vulnerability management (ISO 29174, 30111)?

  • Crea>ng a European Security Engineering Agency

to support policymakers (now: ENISA)

  • Extending the Product Liability Direc>ve to

services

  • Upda>ng NIS Direc>ve to report breaches and

vulnerabili>es to safety regulators and users

Bal>more 13/08/18

slide-6
SLIDE 6

The punch line

  • Phones, laptops: patch them monthly, but

make them obsolete quickly so you don’t have to support 100 different models

Bal>more 13/08/18

slide-7
SLIDE 7

The punch line

  • Phones, laptops: patch them monthly, but

make them obsolete quickly so you don’t have to support 100 different models

  • Cars, medical devices: we test them to death

before release, but don’t connect them to the Internet, and almost never patch

Bal>more 13/08/18

slide-8
SLIDE 8

The punch line

  • Phones, laptops: patch them monthly, but

make them obsolete quickly so you don’t have to support 100 different models

  • Cars, medical devices: we test them to death

before release, but don’t connect them to the Internet, and almost never patch

  • So what happens to support costs now we’re

star>ng to patch cars?

Bal>more 13/08/18

slide-9
SLIDE 9

Implica>ons for R&D

  • Research topics to support 20-year patching

Include a more stable and powerful toolchain

  • Crypto teaches how complex this can be
  • Cars teach: how do we sustain all the test

environments?

  • Control systems teach: can small changes to

the architecture limit what you have to patch?

  • Android teaches: how do we mo>vate OEMs

to patch products they no longer sell?

Bal>more 13/08/18

slide-10
SLIDE 10

Implica>ons for research and teaching

  • Since 2016–7 I’ve been teaching safety and

security together in the same course to first- year undergraduates

  • We’re star>ng to look at what we can do to

make the tool chain more sustainable

  • For example, can we stop the compiler writers

being a subversive fiOh column?

  • BeJer ways for programmers to communicate

and document intent might help

Bal>more 13/08/18

slide-11
SLIDE 11

The grand challenge for research

  • If the durable goods we’re designing today are

s>ll working in 2037 then things must change

  • Computer science = managing complexity
  • The history goes through high-level languages,

then types, then objects, and tools like git, Jenkins, Coverity …

  • What else will be needed for sustainable

compu>ng once we have soOware in just about everything?

Bal>more 13/08/18

slide-12
SLIDE 12

More …

  • Our papers “Making security sustainable” and

“Standardisa>on and Cer>fica>on in the Internet of Things” are on my web page hJp://www.cl.cam.ac.uk/~rja14/

  • Or see “When Safety and Security Become

One” on our blog hJps://www.lightbluetouchpaper.org which also has a couple of videos

Bal>more 13/08/18