chicksdaddy (814965) writes "In a not-so-strange case of life imitating Blade Runner, Dan Geer, the CISO of In-Q-Tel, has proposed making embedded devices such as industrial control and SCADA systems more 'human' (http://geer.tinho.net/geer.secot.7v14.txt) in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. (http://www.gartner.com/newsroom/id/2636073)
Geer was speaking at The Security of Things Forum (http://www.securityofthings.com), a conference focused on securing The Internet of Things last Wednesday. He struck a wary tone, saying that "we are at the knee of the curve for deployment of a different model of computation," as the world shifts from an Internet of 'computers' to one of embedded systems that is many times larger.
Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. Geer noted the way that embedded systems, many outfitted with remote sensors, now help manage everything from transportation to food production in the U.S. and other developed nations.
“Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?" he wondered. Geer noted the appearance of malware like TheMoon (https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633), which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption.
Taking a page out of Philip Dick's book (http://www.goodreads.com/book/show/7082.Do_Androids_Dream_of_Electric_Sheep_) or at least Ridley Scott's movie (http://www.imdb.com/name/nm0000631/) Geer proposes a novel solution: “Perhaps what is needed is for embedded systems to be more like humans.”
By "human," Geer means that embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of "end of life" past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued.
The idea has many parallels with Scott's 1982 classic, Blade Runner, in which a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them. In essence: the replicants want to become immortal."
Link to Original Source