body.has-navbar-fixed-top { padding-top: 4.5rem; }
What is changing?
It’s no longer about risks to data, but about risks to life and property. And the title really points out that there’s physical danger here, and that things are different than they were just five years ago.
Computers and security everywhere
Our cars, our medical devices, our household appliances are all now computers with things attached to them. Your refrigerator is a computer that keeps things cold, and a microwave oven is a computer that makes things hot. And your car is a computer with four wheels and an engine. Computers are no longer just a screen we turn on and look at, and that’s the big change.
Hacks against critical infrastructure
We know that at least twice, Russian hackers have turned off power to bits of Ukraine’s grid as part of a broader military campaign. We know that nation-state hackers have penetrated systems at some US power companies. These hacks have been exploratory ones and haven’t caused damage, but we know it’s possible to do so.
Patches, or fixes, for software flaws
Because computers now affect the world in a direct, physical manner, we can’t afford to wait for fixes.
Markets not rewarding security
Those standards are there because there’s already strong government regulation in this (aviation) and a few other industries. In consumer goods, you don’t have that level of safety and security, and that’s going to have to change. The market right now doesn’t reward secure software at all here.
Government role
They include flexible standards, rigid rules, and tough liability laws whose penalties are big enough to seriously hurt a company’s earnings.
Regulation or innovation?
We’re past the point where we need to discuss regulation versus no-regulation for connected things; we have to discuss smart regulation versus stupid regulation.