I was just asked for policy commentary on a secure internet of things (IoT). It's basically identical to considerations about secure AI. I'm not really a security expert, so I'm happy to take comments and feedback on the below:
- I don't believe we can have a completely secure IoT or anything else. Security is always an arms race, and people need to know we cannot guarantee it.
- It is therefore essential that we include public education in any such campaign; public behaviour will in part determine how vulnerable the IoT is.
- It is also essential that we have strong regulation against cheap IoT devices. No one is going to provide security patches for a £3 light bulb.
- It would be dishonest to be involved in any such claim as "secure IoT" at all while the government is mandating that cybersecurity is compromised by backdoors.
|Is anything ever secure?|