Slashdot Mirror

← Back to Stories (view on slashdot.org)

Vint Cerf: CS Programs Must Change To Adapt To Internet of Things

Posted by samzenpus on from the get-to-learning dept.

chicksdaddy (814965) writes "The Internet of Things has tremendous potential but also poses a tremendous risk if the underlying security of Internet of Things devices is not taken into account, according to Vint Cerf, Google's Internet Evangelist. Cerf, speaking in a public Google Hangout (video) on Wednesday, said that he's tremendously excited about the possibilities of an Internet of billions of connected objects. But Cerf warned that it necessitates big changes in the way that software is written. Securing the data stored on those devices and exchanged between them represents a challenge to the field of computer science – one that the nation's universities need to start addressing. Internet of Things products need to do a better job managing access control and use strong authentication to secure communications between devices."

17 of 163 comments (clear)

  1. They can teach whatever they want. by Anonymous Coward · · Score: 5, Insightful

    But until lawsuits make fixing things more affordable than ignoring the gaping holes, you're going to be playing guinea pig. That's just the free market at work.

    1. Re:They can teach whatever they want. by Cryacin · · Score: 5, Interesting

      This. A thousand times This. I have been in meetings where security has explicitly been regarded as irrelevant, where one way encrypting passwords from plaintext on the client is irrelevant, and where we can trust our employees to always do the right thing with all of our users passwords, and "what could they do with the passwords that is outside of our irrelevant application" was bandied around the room as acceptable.

      They should not be teaching the importance of such things to CS students, but much rather to the MBA's and BBus students. It's not the knowledge of the need for security amongst those that build, but the desire to pay for it from Management.

      --
      Science advances one funeral at a time- Max Planck
    2. Re:They can teach whatever they want. by mlts · · Score: 4, Insightful

      Nail, head, hit. Even if someone had a device that had obvious security failings that were unfixable, the EULA/TOS by opening it up and turning it on would ensure that lawsuits would not proceed (either by forcing arbitration, or just a clause stating that it isn't their fault, no matter what.)

      I have no interest in IoT. Realistically, what has to be on the Internet all the time and take commands? Why do we need to give devices full exposure if it isn't needed?

      If someone wants status messages from devices, why not just have devices communicate via BlueTooth to a log box, and said log box present the data to where it needs to go? This would force an intruder to have to hack that core box, then use BlueTooth weaknesses to jump to actual devices, rather than just run scripts blindly and hope someone's widget shows up.

    3. Re:They can teach whatever they want. by epyT-R · · Score: 3, Insightful

      No thanks. I don't want to be responsible for intractable problems. Security is one of those. See, in this situation the programmers would be the ones canned over any security flaw, regardless whether it's due to programming or misuse by the customer.

      Cleaning toilets is starting to sound like a great job these days. It sure beats cleaning up peoples digital toilets...err computers and networks.

      The best way to be safe from the internet of things is not to have unneeded connectivity. Anything else is a risk.

  2. Stupid by hsmith · · Score: 5, Insightful

    You teach core and theory and you apply it to whatever the current fad is. It is preposterous for a computer science program to be geared directly to some "thing" that is currently popular or will be.

    College is about learning theory and how to apply it, it isn't a vocational program.

    1. Re:Stupid by bmo · · Score: 4, Insightful

      College is about learning theory and how to apply it, it isn't a vocational program.

      When you have a $100k bill to pay off that you can't escape through bankruptcy, you'd better have some way to pay it off. When you have a trillion dollar debt problem based upon this (see previous slashdot headlines) you have what they call a "real problem."

      What you say is a nice sentiment. It's a sentiment that was only valid 40 years ago, when a summer job every year could pay for tuition at Northeastern.

      It is also preposterous to not teach the concepts of security for devices connected to hostile environments (i.e., every network ever), and networking is not a "fad." The only people that thought that the Internet and networking in general for "the great unwashed" were fads were "futurists" like Cliff Stoll who were wildly wrong in 1995.

      http://www.newsweek.com/cliffo...

      Read that. A 30 year trend is not a fad.

      --
      BMO

  3. Re:But why do we need the internet of things by ArcadeMan · · Score: 5, Funny

    Your sock drawer would know how many time each sock has been fucked, it would alert your washer to wash two cycles instead of one, it could tell your fridge to order more detergent since it's in charge of the grocery list and it could buy more sexy lingerie on Amazon for your girlfriend since you're obviously ignoring her physical needs.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  4. Re:But why do we need the internet of things by LookIntoTheFuture · · Score: 3, Funny

    What exactly are the upsides of having my fridge, toaster, microwave oven, sock drawer or fork connected to the internet?

    You won't be able to understand the upsides because you aren't part of the "today's busy idiot" demographic.

    --
    Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
  5. Oh yeah sure. by istartedi · · Score: 4, Insightful

    My Internet-enabled fridge needs to be developed using proper security procedures which are ummm.... not applicable to any other field such as SCADA or medical database systems that are already in place. Who's smoking the crack here, the journalists or Cerf? I'm betting it's the journalists and that he's misquoted and/or being quoted out of context. Too lazy to RTFA of course...

    --
    For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
  6. Specifics by phantomfive · · Score: 3, Informative

    If anyone wants to know what specific changes he suggests universities implement, don't bother watching the movie, he doesn't mention it. The interviewer never gives him the chance.

    The interviewer does however ask him who the mother of the internet is.

    --
    "First they came for the slanderers and i said nothing."
  7. You miss the point --- it's about security focus by Morgaine · · Score: 3, Insightful

    You teach core and theory and you apply it to whatever the current fad is.

    He's not really saying that CompSci programmes should be tailored for Internet of Things. What he's saying indirectly but perfectly clearly to those who are aware of the appalling state of networking security in recent years is that university-level tuition needs to buck up and face the music, because the people they have been releasing into the field are totally inept at designing secure systems. The hundreds of thousands of security problems spread right across the whole Internet speak for themselves.

    It's a very important message, and hopefully it will resonate with more than a few CompSci departments. IoT is just being used as an excuse for releasing a high-profile message from a respected person about the very unsatisfactory state of developer competence in the area of secure systems.

    Regarding your second point about education versus vocational training, you are right about that, but secure software design and cryptogtaphy are not subjects for vocational training, but very strongly in the domain of CompSci. You have to understand the fundamentals, not just know which functions to call.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
  8. Wrong, Expectations Must Change by TrollstonButterbeans · · Score: 3, Insightful

    The most explosive *recorded* invention in the history of mankind was the printing press.

    And it set Europe on fire.

    But this led to the Renaissance.

    You can't put the genie back in the bottle.

    What is going on now with the internet and mobile devices and communication in general --- like the printing press or like radio or television --- is going to upset the status quo in 57 different ways.

    Embrace these ways, understand how they will be used for good (yes --- if you think citizens are upset, just imagine how upset tyrants and governments are --- people in power hate change) ----

    Communication advances always causes flowers to bloom --- any heartache always looks dumb and old fashioned in a decade of hindsight, because it yields new freedoms and rights that were never expected. If you doubt this, why do civil right continue to grow and governments to ever more tend to the welfare of their people?

    --
    Priest: "Universe from nothing, no laws of physics, sped up time"+ huge discrepancies. Creationism? No. Big Bang Theory
  9. Re:But why do we need the internet of things by sexconker · · Score: 3, Informative

    What exactly are the upsides of having my fridge, toaster, microwave oven, sock drawer or fork connected to the internet?

    Well a smart oven can be set to cook your meal when you hit a button on an app before you head home. A smart fridge can keep track of what food you have when it expires what you use then compile meal plans and grocery lists add to it a link to your smart bathroom scale, and smart shoes to measue the amount of physical activity you have throughout the day and it it opens up dynamic dieting meal plans. A houses light and sound system could detect what room you are in and turn on and off lights and speakers as you enter/leave. Given time I could come up with more applications but those were just the first ones to pop into my head.

    You'd have to prepare the meal before hand and hope there's only one cooking step.
    Fine if you're doing boxed dinners, but useless if you want to actually cook anything.

    A smart fridge won't know when milk's gone sour before the date or when yogurt and cheese are still good a month after the date. Nor will they have a way to read the damned date on any of the brands I like. I sure as hell am not typing (or touching, or speaking) that shit in to the fridge. Nor would such a smart fridge need to be connected to the internet.

    Every single suggestion I've seen about the "Internet of Things" has been solving problems that don't exist, and it's a long, long stretch to say they're actually solving anything. If you think smart watches bombed, wait til you see how the rest of this shit does in the market.

  10. Re:But why do we need the internet of things by ArcadeMan · · Score: 4, Funny

    I got +1 insightful for that? Scary.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  11. "connectivity meme" is marketing B.S. by globaljustin · · Score: 3, Insightful

    The concept is very important, as it introduces a sea change.

    For far too long, computing has been about desktops and servers. Smartphones and tablets opened it up slightly

    Yeah...just like Telegraph machines "became" telephones...and a whole ***new way of communicating*** was invented!

    You sound like a salesman...like a TED Talk...or maybe a "tech evangelist"

    First, we don't need to invent a new word to describe "sea change"...the words "sea change" or any number of synonymous phrases used daily work just fine.

    2nd, computing has ****never**** been about "just desktops and servers"

    3rd, your understanding of "computing" is fundamentally incorrect

    we design devices to accomplish user tasks...we use all available technology (and maybe invent some new stuff) mitigated by cost

    "the internet of things" is just a B.S. marketing way to say "making devices that use updated technology to its fullest"

    stop it...just stop forever...there is absolutely no reason to ever say the words "the internet of things"...or "connectivity meme"....they are redundant concepts that conjure abstractions needlessly so people who don't understand technology can think they sound smart

    --
    Thank you Dave Raggett
  12. Re:He isn't wrong; but is myopic. by Dynedain · · Score: 3, Interesting

    I think Vint gets that, and is speaking to the higher level and using "security" as an abstract generalization.

    For example, the web was explicitly developed as a "pull" technology with declarative linking by reference with public visibility. Understanding the impact of that to how you build a security model governing access presents unique challenge. By comparison, Usenet is the opposite. It's essentially a syndicated push technology, more similar to a broadcast publishing method. As a result, the security model for how people gain access to resources, and what talks to what, is handled in a very different way.

    Those are just two examples of content on today's general Internet which is an extension of Vint's work. When he talks about the Internet of Things, he doesn't merely mean the fad of sticking a web browser on a toaster. He's talking about the bigger vision of omnipresent computing and direct interaction of common devices to each other. Much like the Internet (specifically TCP/IP and DNS) was conceived as a way for computers to directly talk to each other (not going through a centralized hierarchy for approval and redistribution). We learned a lot of great lessons about how it would be used, the shortcoming, and the security ramifications. Now that we're in the fledgling stages of doing the same thing for a whole new are of automation and computing, there's great opportunity to think about and apply the lessons learned.

    --
    I'm out of my mind right now, but feel free to leave a message.....
  13. The Internet of socket puppets by WaffleMonster · · Score: 4, Interesting

    Apparently what the Internet needs most is yet another buzzword so nebulous, context free and ill defined nobody really understands what it is your talking about.

    If "Internet of things" means home automation the technology has been around for decades yet remains a small niche market. "you can ..." scenarios are fun and cool and functional and all yet tend to impart very little useful value to the owner. I don't need or want Internet connected thermostats, light bulbs and toasters. As for security we can't even communicate securely. Email, Telephone/SMS are wholly insecure and trivially spoofed by anyone. Securing a mythical buzzword is not a problem I chose to spend my time perusing.