Another “security” dimension that’s increasingly relevant is whether the
design, configuration or operation might lead to unintended storms. For a
recent example of such a problem, see:
http://www.washingtonpost.com/blogs/capital-weather-gang/wp/2014/08/26/national-weather-service-website-taken-down-by-overzealous-android-app/
In February this year, the US National Science Foundation sponsored a workshop
on Interdisciplinary Pathways towards a More Secure Internet. The report
included several recommendation, two of which seem relevant here.
Create a Framework for Managing Software Updates
The Internet of Things will challenge our current channels for distributing
security updates. An environment must be developed for distributing security
patches that scales to a world where almost everything is connected to the
Internet and many “things” are largely unattended.
Enhance the Security of the Internet of Things by Identifying Enclaves
The security challenges posed by the emerging Internet of Things should be
addressed now, to prepare before it is fully upon us. By identifying specific
use segments, or “enclaves,” Internet of Things infrastructure stakeholders can
address the security requirements and devise event remediations for that
enclave.
Steve
On Aug 29, 2014, at 7:12 AM, Ralph Droms
<rdroms(_dot_)ietf(_at_)gmail(_dot_)com> wrote:
The security section is especially handwavey ... especially considering
security is probably more important for smart objects while there are fewer
resources available for implementing security in smart objects than elsewhere.
Here's a useful take on the security issue that might provide some guidance
for additional tet in the security section:
http://trac.tools.ietf.org/wg/ace/trac/wiki/Questions
If the IAB is not prepared to undertake recommendations on security at this
time, in my opinion security should be tagged as a topic for future work in
addition to the pointers to earlier work.
- Ralph
On Aug 27, 2014, at 2:18 PM 8/27/14, IAB Chair <iab-chair(_at_)iab(_dot_)org>
wrote:
This is a call for review of "Architectural Considerations in Smart Object
Networking" prior to potential approval as an IAB stream RFC.
The document is available for inspection here:
https://datatracker.ietf.org/doc/draft-iab-smart-object-architecture/
The Call for Review will last until 24 September 2014. Please send comments
to iab(_at_)iab(_dot_)org.
On behalf of the IAB,
Russ Housley
IAB Chair