What the Technology Industry must learn from the Airline Industry
At the time of writing, I’ve just taken my seat for the 2nd flight of the day. I’m reminded by the airline that “Safety is our number one priority”. When do you think the tech industry will proudly make that announcement?
You may argue that airlines need to be held to a different standard. You may argue that the domain in which you operate, is not necessarily safety critical. That may have been a reasonable argument several years ago but things are different in this hyper-connected digital space we live in now.
Shortcuts and ignorance leads to a chain of consequences. One example that springs to mind is the humble baby monitor. What’s the worse that could happen? It’s not safety critical right? Indirectly, as a connected IoT device with valuable compute and network resources and a poor security posture, bad things can indeed happen. They have happened.
In 2016, let’s not forget baby monitors and other IoT devices were weaponized as part of a huge bot-net that brought DNS to it’s knees [¹], causing huge disruption to the Internet across much of Europe and North America in October 2016. That’s quite a chain of consequences don’t you think?
Safety and Security has long been a game of cat and mouse with traditional software. Quite frankly, most software and SaaS services are shockingly vulnerable with the customer carrying the risk exposure. With the dawn of AI, the risk and consequences will increase significantly.
It’s time for the Technology Industry to put safety and security as their #1 priority.
If you are a buyer of technology, ask the vendor if the product is “Secure by Design and Secure by Default”. Ask them to provide evidence.
If you are a producer of technology, get on board and review the “Secure By Design” document drafted by Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS) [²].
As Elvis once said “the world’s a stage and each must play a part”. Indeed it is. Indeed we must.
. . .
[1]: - Wikipedia. DDoS attacks on Dyn https://en.wikipedia.org/wiki/DDoS_attacks_on_Dyn
[2]: - Cybersecurity and Infrastructure Security Agency (CISA), Department of Homeland Security (DHS). Request for Information on “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software” https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for