Security by design is becoming less of a case, particularly with the enhancement of the internet of things (IoT).
Speaking at the CodenomiCON 2014 event in Las Vegas, cryptographer and C03 Systems CTO Bruce Schneier, and former Presidential cyber security advisor and chairman of board of Codenomicon, Howard Schmidt, said that security is still something everyone can do, but it still works despite scares, risk and identity theft that goes on.
Schneier said that a lot of security makes sense in airports and online, but often the problem is with policies “as the people do it do not always understand security. “Because of this disconnect, it is hard, but people think they can do it,” he said..
Asked what they would like to see more of, Schmidt said that as technology is used all of the time, there should be more “security by design in what we are doing”. He said: “We see recycled code that is pulled out of a library, and you do stuff to it and compile and push it out. Look at what happens, it is made worse by IoT and the same code is being pushed.”
Schneier said he would like to see more adaptibility and more real time recoverability, and while we try and design security in and be able to update, a look at IoT shows that there is not the same luxury.
“I replace my phone and computer every three years, but never change my thermostat and my refrigerator every 20 years,” he said. “With longer lifetimes there will be serious problems in the device and in future, technology will be 20 generations back and the notion of how we recover and update systems will be out of date.”
Schmidt recalled chips made years ago, and said that no one is replacing them and default access is being used. He said: “It is not a case of pushing a patch, if you do not build it in now it will be on your network for 20-25 years and we will have the same conversation years from now.”