Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror

+ - Blade Runner Redux: Do Embedded Systems Need A Time To Die? -> 1

Submitted by chicksdaddy
chicksdaddy (814965) writes "In a not-so-strange case of life imitating Blade Runner, Dan Geer, the CISO of In-Q-Tel, has proposed making embedded devices such as industrial control and SCADA systems more 'human' (http://geer.tinho.net/geer.secot.7v14.txt) in order to manage a future in which hundreds of billions of them will populate every corner of our personal, professional and lived environments. (http://www.gartner.com/newsroom/id/2636073)

Geer was speaking at The Security of Things Forum (http://www.securityofthings.com), a conference focused on securing The Internet of Things last Wednesday. He struck a wary tone, saying that "we are at the knee of the curve for deployment of a different model of computation," as the world shifts from an Internet of 'computers' to one of embedded systems that is many times larger.

Individually, these devices may not be particularly valuable. But, together, IoT systems are tremendously powerful and capable of causing tremendous social disruption. Geer noted the way that embedded systems, many outfitted with remote sensors, now help manage everything from transportation to food production in the U.S. and other developed nations.

“Is all the technologic dependency, and the data that fuels it, making us more resilient or more fragile?" he wondered. Geer noted the appearance of malware like TheMoon (https://isc.sans.edu/forums/diary/Linksys+Worm+TheMoon+Summary+What+we+know+so+far/17633), which spreads between vulnerable home routers, as one example of how a population of vulnerable, unpatchable embedded devices might be cobbled into a force of mass disruption.

Taking a page out of Philip Dick's book (http://www.goodreads.com/book/show/7082.Do_Androids_Dream_of_Electric_Sheep_) or at least Ridley Scott's movie (http://www.imdb.com/name/nm0000631/) Geer proposes a novel solution: “Perhaps what is needed is for embedded systems to be more like humans.”

By "human," Geer means that embedded systems that do not have a means of being (securely) managed and updated remotely should be configured with some kind of "end of life" past which they will cease to operate. Allowing embedded systems to 'die' will remove a population of remote and insecure devices from the Internet ecosystem and prevent those devices from falling into the hands of cyber criminals or other malicious actors, Geer argued.

The idea has many parallels with Scott's 1982 classic, Blade Runner, in which a group of rebellious, human-like androids – or “replicants” – return to a ruined Earth to seek out their maker. Their objective: find a way to disable an programmed ‘end of life’ in each of them. In essence: the replicants want to become immortal."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Blade Runner Redux: Do Embedded Systems Need A Time To Die?

Comments Filter:
  • In some instances, and I can fathom just a few - mostly in regards to 32-bit time-stamp bugs, end of life is acceptable; this product should no longer be in service. Given enough time, a bug of convenience will throw the entire system out of whack. Said bugs of convenience are put in place by developers who cannot fathom the system being in use after the year 2106 (or 2038) or the entire flash memory module will fill up or the EEPROM will finally see 100,001 write operations.

    But in others, I'm finding it ha

EARTH smog | bricks AIR -- mud -- FIRE soda water | tequila WATER

Working...