Skip to main content

Zoom Logo

CAE Forum's Personal Meeting Room - Shared screen with speaker view
Ed Wiley
03:14:21
DDOS
Troy S.
03:15:07
everything needs a shutoff switch and manual override (locks on doors)
ossenri
03:15:28
Keep firmware up to date. Change default sec. settings
Troy S.
03:15:28
stalking behaviors / thieves
ghi
03:15:31
jamming
Troy S.
03:15:47
traffic meter
Ed Wiley
03:15:47
unpatchable devices
Robert Martin
03:15:57
embedded security during develoment process
ghi
03:16:18
old hw. not upgradable
Ed Wiley
03:16:35
who does it
ghi
03:16:47
hardware upgrade
Ed Wiley
03:17:20
get Amazon to do it :-)
Troy S.
03:17:55
who validates firmware updates on my door locks?
Robert Martin
03:18:32
disable the device when an update is necessary, only allow it to be functional if all patches are up to date
CAE Forum
03:18:44
IoT Toys
Ed Wiley
03:19:07
certificates are going to be required for firmware upgrades
Troy S.
03:20:17
I'm more worried about the door locks not working after a bad firmware update - back to needing a manual override. IOT is a convienence, not the end-all. it's augmentation.
Troy S.
03:20:48
noooooo
Troy S.
03:20:55
default to locked and need a key
Troy S.
03:21:07
no default pins
Ed Wiley
03:21:11
where's the key?
Troy S.
03:21:20
under a rock?
Troy S.
03:21:26
under th mat?
T.R
03:21:39
On their key chain, just in case LOL
Troy S.
03:21:52
right - the keyring.
Ed Wiley
03:22:01
yes
Ed Wiley
03:23:45
all done verbally for commands
Michael Losavio, University of Louisville
03:24:00
should we mandate physical overrides?
Troy S.
03:24:11
I would, when it comes to life safety
T.R
03:24:16
Maybe, tough question
Troy S.
03:24:22
different ethics involved.
Troy S.
03:24:37
ref ACM code of ethics
Ed Wiley
03:24:48
but who will know how to do things manually? Think of the recent Boeing Planes grounded
Robert Martin
03:24:52
well UX & UI will drive much of how the public views the saftey and regulation of IoT
Troy S.
03:25:12
I think there's responsibiltiy for one's safety that falls to the individual.
Ed Wiley
03:25:59
most want the Easy button
Troy S.
03:26:01
won't fly...
Troy S.
03:26:05
no pun intended.
Troy S.
03:27:24
you won't be the first ;-)
Ed Wiley
03:28:17
currently corporate and consumer monitoring
Ed Wiley
03:34:52
Encrypted by default for IoT. Then they cost more since they need more resources
Troy S.
03:35:16
arson - toaster or oven
Ed Wiley
03:35:20
stop pacemaker
Troy S.
03:35:41
Medtronic did..
Troy S.
03:36:40
if IOT enters medicine dispersal and prescriptions then you could modify things to harm someone - IE: (as mentioned) insulin
Troy S.
03:36:59
no, we arent
Troy S.
03:38:26
SLOW DOWN and think - or at least regulate.
ghi
03:38:48
roll back to stone age!!
Ed Wiley
03:38:59
same way as done with automobiles--regulatation
Troy S.
03:39:05
lol Ghi
Ed Wiley
03:39:26
seat belts, airbags, crash zones
Troy S.
03:39:41
train companies... Siemens?
Troy S.
03:39:56
well ... now now
Ed Wiley
03:40:03
lots more people used to die from car wrecks
Robert Martin
03:40:04
create an IoT organization along the lines of NIST, IEEE, etc.
Troy S.
03:40:06
they also make train coordination systems
ghi
03:40:14
do we have a central regulation body?
Robert Martin
03:40:33
not to my knowledge, not specific to IoT
Troy S.
03:41:19
tough to enforce bst practices
ossenri
03:41:24
Why do we need a new regulating body for IoT?
ghi
03:41:57
maybe, use existing body?
ossenri
03:42:06
It is just another technology that exiting security framework can apply to.
Troy S.
03:42:23
credit card stuff / health care stuff.
Troy S.
03:42:30
HIPPA and PCI
Ed Wiley
03:44:15
needs to be more than national since most devices come from Asia
ossenri
03:44:15
The same insustry that is regulating drones.
Robert Martin
03:44:30
id say FCC
Troy S.
03:44:31
FAA, yes.
Troy S.
03:44:47
applyu FAA to cars and then to IOT
ghi
03:45:28
can we benchmark the way EU does?
Troy S.
03:45:30
self-driving stuff
ghi
03:45:56
not yet.
ossenri
03:47:02
Who has actually used a remote toaster?
Robert Martin
03:47:25
possbily a IoT Agile SDLC?
Troy S.
03:48:32
muterd
Ed Wiley
03:48:41
how to pay for it?
ghi
03:48:50
apply the idea of common criteria for sw?
CAE Forum
03:49:07
I think even if we regulate hereā€¦people will still buy devices from China and other places that do not have the same regulations
Ed Wiley
03:49:13
how about all of us paying through collective
Troy S.
03:49:22
email again?
CAE Forum
03:50:09
https://www.caecommunity.org/content/cae-forum-resources
Michael Losavio, University of Louisville
03:50:18
thank you all !
Robert Martin
03:50:22
thank you!