The reality is that no IT security issue ever gets solved for all time. Security is a race without end between attackers and defenders, writes Louise Bennett, chair of BCS Security.
But the area where I would like to see focus and progress in 2012 is security for the Internet of Things. My reason is that many people thought Y2K was not a real problem, but the problem was very real when it came to embedded chips. These often had code that did not allow for the millennium date change and almost never had any security. Many still do not.
Now, more than a decade on, there are billions of “things” attached to the Internet, with frighteningly little security. These do not just include computers and mobile devices, but also TVs, medical devices, smart meters, lights, environmental control systems and so on. Soon we will have tagged cars and clothes and food. Most of these devices have limited provision for security and we have no model of how security will work. Who is going to provide security patches for Internet TV or tagged consumer products? Ubiquitous broadband networks will link these and may be monitoring and subtly altering them. Who will accept responsibility and liability for the protection of consumers and businesses using these devices? What will happen to confidence in remote health monitoring of the elderly and those with chronic diseases if a future Dr Shipman chooses to alter medicine doses?
We need to discuss this topic and act now to provide the right security.