Klaas & all, At 2016-11-17 10:07:32 +0000 Klaas Tammling <klaas@tammling.hamburg> wrote:
Am Donnerstag, den 17.11.2016, 11:05 +0100 schrieb Johan Helsingius:
On 17-11-16 10:55, Klaas Tammling wrote:
Sounds a bit like common sense but an interesting article.
What was that quote again? "Common sense is less common than you think"...
Ok I agree with you.
I think that I disagree with everyone in this thread so far. I don't think this paper is "common sense", or else we wouldn't be in the mess that we are all in now. (Of course, I think that "common sense" is really just an excuse to mock people who don't share your background or expertise, so maybe I am biased.) While the recommendations in the paper *do* make sense, I think the most crucial issue was identified in this sidebar on pages 14 and 15: Identify and advance incentives for incorporating IoT security. Policymakers, legislators, and stakeholders need to consider ways to better incentivize efforts to enhance the security of IoT. In the current environment, it is too often unclear who bears responsibility for the security of a given product or system. In addition, the costs of poor security are often not borne by those best positioned to increase security. DHS and all other stakeholders need to consider how tort liability, cyber insurance, legislation, regulation, voluntary certification management, standards-settings initiatives, voluntary industry-level initiatives, and other mechanisms could improve security while still encouraging economic activity and groundbreaking innovation. Going forward, DHS will convene with partners to discuss these critical matters and solicit ideas and feedback. Giving people with power to solve problems the responsibility to solve them along with proper rewards if they do seems quite obvious, so maybe that is what you meant by "common sense"? :) I'm glad that DHS seems to "get it", but I am also nervous because I doubt that they can make an impact with legislators and regulators here. Setting up markets so they align with the best interests of society is likely to be considered government meddling by many; especially business folks who instinctively fear and hate any constraints on their activities. Cheers, -- Shane