Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Embedded systems are a 'life form,' says In-Q-Tel's security chief

Patrick Thibodeau | May 8, 2014
Among the number of provocative points that Dan Geer, the CISO of In-Q-Tel, makes about embedded systems and supply chain risk, one stands out: The systems are immortal.

The risk is that embedded systems are also part of technological monoculture. At one point that was Windows, but now the risk is in the smaller devices, argues Geer.

"That combination, long-lived and not reachable, is the trend that must be dealt with and possibly even reversed," said Geer.

"Whether to insist that embedded devices self-destruct by some predicable age or that remote management of them be a condition of deployment, is the question," said Geer.

He called it a national policy issue.

"In either case, the Internet of things, which is to say the appearance of network connected micro-controllers in seemingly any device that has a power cord or a fuel tank, should raise hackles on every neck give our current posture," said Geer.

At a separate panel that preceded Geer's talk, Stacy Cannady, who specializes in hardware security at Cisco, talked about IoT devices and listed some of the problems that need to be addressed, including what is the unique identity of devices, is there a way to establish some knowledge of the software and its configuration, and whether it can be trusted?

"We have a very basic set of problems to solve on a very large scale," said Cannady.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.