What can we learn about vulnerability analysis, mitigation, and designed-in security for the emerging internet of things from history? In this talk we’ll trace the origin and evolution of a physical-world vulnerability that dates to the late 19th century, and explore whether “building security in” is even always an available option. We’ll also look at how a number of industries have approached the analysis of their safety failures and what that implies for interconnected embedded systems. Along the way we’ll meet Andrew Carnegie and a few other historical figures and events that help illuminate some ideas that presage the future of cybersecurity in a world of smart things.
Allen Householder is a Senior Vulnerability Analyst in the CERT Division of the Software Engineering Institute at Carnegie Mellon University. His recent work includes being the technical lead for the CERT Basic Fuzzing Framework (BFF) and Failure Observation Engine (FOE), and research into the (in)security of the Internet of Things. His research interests include fuzzing, threat modeling, vulnerability disclosure, and modeling information sharing and trust among Computer Security Incident Response Teams (CSIRTs)