back to article Teach citizens IoT dangers, engineering students cybersecurity, Uncle Sam suggests

The US Department of Commerce (DoC) and Department of Homeland Security have put out a draft cybersecurity report that recommends, among other things, that the American government fund a public awareness campaign on IoT security, and make cybersecurity a compulsory part of future engineering degrees. The 38-page report [PDF] …

  1. Doctor Syntax Silver badge

    The 38-page report [PDF] titled "Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats" is the first of many that are heading to the president's desk following an executive order signed in May, following a number of abortive attempts.

    Do they really expect him to read 38 pages?

    1. Destroy All Monsters Silver badge
      Go

      Actually it was handed to the desk.

      The prez is too busy whoring for money and less 24/7 condemnation in the well and truly "managed meedja"defending Israel's Self-interest.

      Why isn't there a Gallic Shrug icon?

    2. John Smith 19 Gold badge
      Unhappy

      "Do they really expect him to read 38 pages?"

      Indeed, that would be about 37 and a half pages too long.

      Probably not too bad for the rest of us.

  2. Anonymous Coward
    Anonymous Coward

    Kudos to US Govt Inc.. BUT

    You'd never guess any of this concern from the CES show this year, WTF?

    The pollyannic coverage on the BBC alone, was pretty hard to understand!

    The MSM is blind: LG's robot clusterfuck alone is a screaming warning sign!

    The whole IoT & Smart 'Reality Distortion Field' of Tech is just plain nuts???

    Whereas 'IoT reality' and VTech's recent fine? That hardly gets mentioned!

  3. Yet Another Anonymous coward Silver badge

    This is the same US govt

    That on the same day, also in the name of security, they demanded that a backdoor to everyone's phone be given to 1000s of law enforcement agencies ?

  4. This post has been deleted by its author

  5. Anonymous Coward
    Anonymous Coward

    Make the producers liable

    I know that the USG has this thing about not telling business what it must do and setting sensible requirements stifling innovation, but surely they could legislate for minimum standards to fix defects and automatically update devices for (say) 10 years, and make manufacturers/retailers liable for damages if they don't? Once a few well known names had been sued into oblivion we might see security being taken a bit more seriously.

    1. frank ly

      Re: Make the producers liable

      "Due to its traditional hands-off approach to industry and the fact that the internet mostly resides in private hands, there is little that the DoC or DHS can do in real, solid terms."

      If an electricity supplier switched 11kV onto a domestic feeder, resulting in damage and/or injury; would the attitude be the same?

  6. deadlockvictim

    Dangers of 'Always On'

    Children need to learn from an early age the disadvantages as well as the advantages of devices that are connected to the Internet.

    They need to learn that these devices are being watched, monitored and recorded by organisations [1] known and unknown and that these organisations are operating for their benefit and not for yours.

    Further they need to learn the analogy that an Internet connection is akin to leaving a window open in your house. The longer it is open — and especially when it is left permanently open — the greater the likelihood that someone will come in through it.

    [1] God damn it, El Reg, 'organisation' is a valid spelling in English. Either fix your spell-checker or turn it off. These red-wavy lines are annoying.

    1. Anonymous Coward
      FAIL

      Re: Dangers of 'Always On'

      "[1] God damn it, El Reg, 'organisation' is a valid spelling in English. Either fix your spell-checker or turn it off. These red-wavy lines are annoying."

      Or note that it was written by an American person, reporting on an American subject directly quoting an American publication.

  7. Anonymous Coward
    Anonymous Coward

    Incidental firewalls

    NAT tools act as an incidental firewall, preventing devices in the home from being directly reached by the sort of mass-scanning tools that spread malware and lead to widespread infection.

    The logical answer would be to convert all those "incidental firewalls" into actual firewalls. Sadly, ISP-provided consumer routers have historically been prototypical of IoT security incompetence.

  8. Anonymous Coward
    Anonymous Coward

    FDA of IoT

    I can see this going in several directions, if in fact it goes anywhere at all. One of those would be the creation of a new bureaucratic money pit using the Food and Drug Administration model. The best result of that being the system will still have the occasional bout of digital food poisoning or the worst being that security updates cost as much a cancer treatments.

  9. hellwig

    IPv6 Too Big to Scan?

    Isn't the issue with IPv6 that with dedicated address spaces, it will be easier to guess the addresses for certain organizations or manufacturers? Doesn't matter that the IP space is 128 bits if the first 96 bits are always the same for something you're trying to attack.

  10. Anonymous Coward
    Anonymous Coward

    FAIL

    So even the government doesn’t realize that you can firewall IPv6 without having to use NAT?

  11. Mike 16

    One request

    Could any legislation mandating automatic mandatory updates also include a prohibition of extraneous changes whose purpose is solely to the detriment of the user and benefit of the vendor?

    Of course legislatures are pretty good at ignoring their own rules (if any) about "No unrelated riders on must-pass laws", so if the regulated firms "do as government do, not as they say", we are in for bruising time.

  12. Anonymous Coward
    Anonymous Coward

    Good idea, but...

    ... thanks to Millennial fashion, it's no longer possible to tell who's a citizen and who's an engineering student.

  13. Aodhhan

    20 minutes I'll never get back

    This report is another example of taxpayer funds wasted. This is a snowflake report written by individuals who apparently believe each corporate community should follow best practices and create common standards.

    I believe this sort of thing has been in just about every OMB information security report since 1999.

    More so... it addresses the obvious without any mention of risk assessment.

    Get a clue guys. Every company with a network pulse would love to have a common guideline to go with and purchase the latest/greatest technology. Here is the problem... 1: This is the USA. You can't force a business to do something without creating law. Since companies own politicians... good luck with this. 2: Pocketbooks aren't unlimited. 3: While corporations have been held accountable, the penalties and punitive damages haven't been costly enough to change risk assessments yet. Target, Google, etc... has just been slapped on the wrist while consumers pay huge costs.

    Start chanting accountability and punitive damages along with large legal suit dollars and you just might begin to make traction. Until consumers can overcome political greed from corporate contributions, you will not see a lot of change.

  14. Anonymous Coward
    Anonymous Coward

    Here's an idea

    Teach router manufacturers to not leave UPnP switched on by detault

    This would solve 95% of problems where dumb lusers buying some IoT device they barely understand and just plugging it into the network without a clue what the device is doing.

    How many of these 'masses of morons' have heard of ShieldsUp

    I bet zero, they just dont care, ignorance is bliss, or so they think

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like