Vint Cerf: CS Programs Must Change To Adapt To Internet of Things

chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."

They can teach whatever they want.

But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.

Re:They can teach whatever they want.

[mlts]

Nail, head, hit. Even if someone had a device that had obvious security failings that were unfixable, the EULA/TOS by opening it up and turning it on would ensure that lawsuits would not proceed (either by forcing arbitration, or just a clause stating that it isn't their fault, no matter what.)

I have no interest in IoT. Realistically, what has to be on the Internet all the time and take commands? Why do we need to give devices full exposure if it isn't needed?

If someone wants status messages from devices, why not just have devices communicate via BlueTooth to a log box, and said log box present the data to where it needs to go? This would force an intruder to have to hack that core box, then use BlueTooth weaknesses to jump to actual devices, rather than just run scripts blindly and hope someone's widget shows up.

Stupid

[hsmith]

You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.

College is about learning theory and how to apply it, it isn't a vocational program.

Re:Stupid

[bmo]

College is about learning theory and how to apply it, it isn't a vocational program.

When you have a $100k bill to pay off that you can't escape through bankruptcy, you'd better have some way to pay it off. When you have a trillion dollar debt problem based upon this (see previous slashdot headlines) you have what they call a "real problem."

What you say is a nice sentiment. It's a sentiment that was only valid 40 years ago, when a summer job every year could pay for tuition at Northeastern.

It is also preposterous to not teach the concepts of security for devices connected to hostile environments (i.e., every network ever), and networking is not a "fad." The only people that thought that the Internet and networking in general for "the great unwashed" were fads were "futurists" like Cliff Stoll who were wildly wrong in 1995.

http://www.newsweek.com/cliffo...

Read that. A 30 year trend is not a fad.

--
BMO

Oh yeah sure.

[istartedi]

My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...