We have approached the era in which all networked devices should be considered as potentially harmful and dealt appropriately.
We're well into that era, but neither the technological protections nor the legal ones have kept up.
Tech laws are still barely on the level of requiring manufacturers of network devices not to use the same default password every time and manufacturers of kitchen appliances to accept some basic "right to repair" provisions. These are steps in the right direction of course but they are small steps at the start of a marathon.
I think a lot of political leaders fail to appreciate the danger here. This has somehow remained true even as tech crime is rocketing. We are seeing more and more headlines about how some aspect of critical infrastructure has been brought down due to some form of technological attack, businesses have lost money due to data losses, people have had their identities stolen after data breaches, etc.
Meanwhile, the tech firms best placed to defend ordinary people and businesses against these kinds of attack are often the ones carrying out the attacks. The fox is guarding the hen house.
Just yesterday, there was a news story in the UK[1] about some home car charging stations being vulnerable to simple attacks. These devices get connected to both home networks and electricity grids. The specific models in question were government-approved too.
I think typical open-by-default networking is fundamentally broken today. It's like software for non-experts that doesn't have the option to install security updates automatically, or a browser or mobile OS that doesn't sandbox web pages or apps individually. Professionals use many tools to lock down organisational networks, audit and manage connected devices, and deal with modern challenges like bring-your-own-device, and they still get hit from time to time. Meanwhile home users are basically expected to install a new Trojan every time they buy a new device. This is not going to end well.
We're well into that era, but neither the technological protections nor the legal ones have kept up.
Tech laws are still barely on the level of requiring manufacturers of network devices not to use the same default password every time and manufacturers of kitchen appliances to accept some basic "right to repair" provisions. These are steps in the right direction of course but they are small steps at the start of a marathon.
I think a lot of political leaders fail to appreciate the danger here. This has somehow remained true even as tech crime is rocketing. We are seeing more and more headlines about how some aspect of critical infrastructure has been brought down due to some form of technological attack, businesses have lost money due to data losses, people have had their identities stolen after data breaches, etc.
Meanwhile, the tech firms best placed to defend ordinary people and businesses against these kinds of attack are often the ones carrying out the attacks. The fox is guarding the hen house.
Just yesterday, there was a news story in the UK[1] about some home car charging stations being vulnerable to simple attacks. These devices get connected to both home networks and electricity grids. The specific models in question were government-approved too.
I think typical open-by-default networking is fundamentally broken today. It's like software for non-experts that doesn't have the option to install security updates automatically, or a browser or mobile OS that doesn't sandbox web pages or apps individually. Professionals use many tools to lock down organisational networks, audit and manage connected devices, and deal with modern challenges like bring-your-own-device, and they still get hit from time to time. Meanwhile home users are basically expected to install a new Trojan every time they buy a new device. This is not going to end well.
[1] https://www.bbc.co.uk/news/technology-58011014