Security in a World of Physically Capable Computers

from Schneier on Security

It’s no secret that computers are insecure. Stories like the recent Facebook hack, the Equifax hack and the hacking of government agencies are remarkable for how unremarkable they really are. They might make headlines for a few days, but they’re just the newsworthy tip of a very large iceberg.

The risks are about to get worse, because computers are being embedded into physical devices and will affect lives, not just our data. Security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space.

The primary reason computers are insecure is that most buyers aren’t willing to pay — in money, features, or time to market — for security to be built into the products and services they want. As a result, we are stuck with hackable internet protocols, computers that are riddled with vulnerabilities and networks that are easily penetrated.

We have accepted this tenuous situation because, for a very long time, computer security has mostly been about data. Banking data stored by financial institutions might be important, but nobody dies when it’s stolen. Facebook account data might be important, but again, nobody dies when it’s stolen. Regardless of how bad these hacks are, it has historically been cheaper to accept the results than to fix the problems. But the nature of how we use computers is changing, and that comes with greater security risks.

More here.

Posted in Technology and tagged , , , , , .


  1. This article presents the reality of the less than secure situation we are putting ourselves in everyday as we use computers in many ways. It is scary how much information hackers really are able to get if they are able to hack into someone’s account or into a certain database. This article tells us how this can possibly be getting worse since computers are being embedded into almost anything and how the government should really be getting involved to help make sure things are able to be regulated properly. The article says that one of the reasons computer systems are so insecure and unsafe is because a lot of people are not willing to pay for extra security separately or to be built in, they are left defenseless against hackers trying to steal information and data. He says that while this is bad, no one is dying or getting injured because of a hack into your desktop computer, but that could potentially be happening now that computers are powering things like cars, and hospital wide systems that keep the hospitals operational. Having a hack into one of these systems can do actual harm to people and that is scary, having real lives at the hands of computer software. He also brings up how there are so many people involved in these big tech companies, and everything is so vulnerable, it could just take one person to be able to carry out a massive hack and spread a big or malware. Overall I definitely think one possible solution to all of these issues can be government involvement to try to develop a standard for when a product, system, or database is secure and to be trusted, and when it’s not. Doing this might make the public feel better about this type of thing and hopefully will solve some of the problems with cybersecurity today. This is definitely an issue people need to consider when sharing any kind of personal info into any device or website, because in today’s day and age you never truly know whose hands it could fall into or where it’ll end up.

  2. It seems as though everything in the modern world is more computer than it is anything else. This is one of the main points Schneier gets across as it relates to computer security. With more computers being embedded into everyday products, there is more chance of potential hacks, viruses, and more. This is why we cannot look at computer security the same way as Schneier states. The way I see it, the world of technology and computers has to be protected much better. There have been many recent hackings of major companies and websites. Looking at the consumer world, Schneier brings up a great point about the business of selling computers and software companies. He states “Buyers can’t differentiate between secure and insecure products, so sellers prefer to spend their money on features that buyers can see”. This is a great point because the majority of people have no idea whether a computer is securely sound just by looking at it. Ten years ago, most consumers had a desktop/laptop and a phone. In the present day, most consumers have that along with a tablet, Bluetooth, car with a computer, gaming console, and more. The list goes on and on and making the security of these products should be much more important than it was ten years ago.
    As a solution, Schneier suggests various government influences. He talks about implementing government regulations on businesses regarding cyber security. While he does bring up some very good points, I believe government action is not required to make computer security better. I think that consumers should be more knowledgeable about modern technology. Especially with the rapidly growing world of technology, more and more people should be informed of at least basics of certain software. As computers become more advanced, consumers should have some responsibility of what they purchase. This goes for any other product so it should come into play for software as well. Software developers should be held to a standard as well and arguably should be even more in the current climate. This article should shed a light on how important computer security is and how to possibly go about improving it in the present and future.

  3. The internet is generally a very useful tool for most, however it is almost a major risk every time we use it. Computer hacking has expanded in the past century primarily due to money, such as all these scams that pop up on our computer screens asking us for credit card information, payments for services, etc. I feel that hacking is somewhat overlooked because instances keep occurring, and typically they are the same ones. Facebook, for example, has been hacked multiple times already and unless the hackers are coming up with new ways to breach the service, it must be that the government is careless in fixing the issues. If the government really wanted to solve or fix something no matter what, they most definitely have the full power to. Like the article says above, finances play a big part in it. As long as the government themselves is safe, then they are not too concerned with the rest of the general public. Our information is seen to them as small and not very important. With that being said, us as consumers should be more aware of what we do, what we sign up for, and who we give our information to across the internet. Hackers are typically good at what they do, but there are definitely ways we can take action and prevent it as much as we can.

  4. Throughout the semester, I have mentioned the necessity for cybersecurity in my comments many times. However, the limitations that I put on the argument was strict to the Internet. Now that technology is quickly becoming more and more incorporated in our daily lives, the use for security increases proportionally. Like Schneier said, technology is becoming more than the internet. It is currently being incorporated into areas where we didn’t think that technology existed. An example of this would be Tesla. By making an efficient electric car, Tesla was able to instill modern technology into the engine and the dashboard, making the entire car reliable on a single tablet. When more parts of the car rely on technology, there are exposed to more incrimination that happens on the internet due to their connectivity with it. But with new technological products comes more clever hacking abilities. Originally, hackers wanted to hack in order to breach data about certain companies and businesses in order to tarnish their reputation or benefit the reputation of another business. However, as the advancement of technology in a car gets better, the original hacking methods don’t apply to the technology of a Tesla because there are no excel documents found in a Tesla.
    The reason why this is important to keep in mind is that if hackers learn how to breach a car, it could override the manual controls and make the car do anything since its connectivity reaches to all levels of the car. This applies to more than cars as well, however. As we begin to improve the connectivity of objects in everyday activities, the chance of us getting incriminated increases too. That is why we must be socially aware of common concepts of cyber security so we can keep watch of the things that could potentially harm us in the long run. In fact, Seton Hall has recently come out by saying that October is Cybersecurity awareness, and gives us some information about common cybersecurity terms and tips in order to actively protect your technology. If you don’t protect ourselves, there is a good chance that your information will be exposed. As more stuff becomes technological, the more steps you would have to take in order to fully protect yourself.

  5. I felt that Bruce Scheiner brought forth a convincing argument in his article “Security in a World of Physically Capable Computers”. He ultimately argues that cybersecurity is something that needs to be regulated by the government and enforced, so that everyone is properly protected. Prior to reading his article I likely would have thought that idea was wrong: I would have felt that where that kind of protection is needed, it is already in place, and that government regulation would be unnecessary. However, after reading his article thoroughly I believe he may have a point.
    First of all, by opening his article by referencing hacks on Facebook, Equifax, and government agencies he is introducing examples of the problem that he is advocating a solution for. This is one way he got me to be more open minded to hearing his solution. Another strategy he used that worked well on me, was the way he listed other areas that did not have proper security before the involvement of government regulation. These areas included vehicles, airplanes, pharmaceuticals, restaurants, and medical devices. I am used to these things being safe, and benefit from that, but haven’t really thought closely about the involvement of government regulation in that benefit, or how that compares to computer security. A second strategy he used that also was helpful in convincing me to seeing his point of view was how he demonstrated how broad computers are. They are not just the personal computers, laptops, and other devices used by all people for the work education, entertainment, or other aspects of their life. To name some examples from the article they are also modern made cars, refrigerators, medical equipment, and technology used to control traffic lights, power plants, and more. Failure in these areas have such drastic consequences in the event of a computer failure, or cyber attack that their security truly should be of the utmost importance.
    One other statement made by Scheiner in his article that I found interesting was “Buyers can’t differentiate between secure and insecure products, so sellers prefer to spend their money on features that buyers can see”. While this may be true to an extent, sellers can absolutely market their products on the basis that they are more secure than their competitors. This could be particularly effective considering buyers would be drawn to secure products after seeing things like hacks, viruses, scams, and computer failures in the news, and desiring to remain safe from things of that nature. This type of desire from their customers could be the additional push that some companies need to invest more in the security of their products.
    At the end of the article I was impressed by the effectiveness of Scheiner’s argument, and can truthfully say that it was effective on myself, as a reader. Being personally impacted by an author’s argument is always something that I value in a reading, and that being combined with the importance of this article’s topic, I can conclude that I am happy to have read it.

  6. In the world, over 3.2 billion people since 2015 use the internet daily. This has all been possible from the technological advances of computers. This means every day we put our personal information out there on the daily and we forget how prone we are. Our computer systems are so prone to hacking. In this article says, “The primary reason computers are insecure is that most buyers aren’t willing to pay in money, features, or time to market for security to be built into the products and services they want. As a result, we are stuck with hackable internet protocols, computers that are riddled with vulnerabilities and networks that are easily penetrated.
    Reading this made me think about how we have become so used to just living on the edge of possibly letting all our sensitive information become public. We have become so used to just giving up our privacy and we do not even recognize the problem until it is too late.
    According to information released in earlier this year, it is estimated that nearly 30,000 websites are infected with some type of malware every single day. Some attacks from recent history you may remember is the Target hack, where 70 million people had their information stolen, JP Morgan Chase where over 76 million households were affected and 7 million small businesses were compromised and finally the big one Facebook which has had multiple attacks in the past few months.
    Computer safety is something I think needs to be incorporated in schools nowadays. This is because technology is going to always go to be present in our lives. I feel as if we teach the younger generation on how to protect themselves earlier on in life they will be more cautious and develop their own ways to keep sensitive information private on their computers.

  7. Our modern world is consisted of the internet of things and physically cable computers. A small depiction of the terror hackable vehicles can bring was shown in a scene of “The Fate of The Furious”. As mentioned, these computers which run many aspects of our everyday life are vulnerable to attacks. These attacks can steal important information and can even cause death. For example, the pentagon lost thousands of files to foreign hackers. The data that was stolen was classified and sensitive which potentially can fall into the wrong hands. The enemy in this case would have access to surveillance systems, satellite systems, and more. These smart missiles may be a threat in the near future if they are ever hacked and launch on areas where thousands of people can suffer. These attacks make the military spend an increasingly lump sum of money each year to protect their data, but they are not 100% secure. On a smaller scale, people have been affected by hacks as stated, such as the Equifax Scandal. I personally suffered from the hack and had my credit card used simultaneously throughout different states. Again, this may have been avoided if banks or credit score companies would invest more on security.

  8. Reading this blog, I was dumbfounded by all the information that Mr Schneier. I knew the extent of hacking and placing a bug in computers, big companies, or software. At first, I agreed that we, the people, need to pay a little extra for the internet or computer security. The reason why is because so one does not get hacked and all your information is leaked or used for the wrong purposes. However, I did not know that it could affect robot vacuum cleaners to a hospital that had its internet and software at hostage until a ransom was paid. I was even petrified to read that the security of our supply chain could be at risk. To read this in the blog, “Bloomberg reported that China inserted eavesdropping chips into hardware made for American companies like Amazon and Apple”. This is what shook me because I need my privacy and every human being deserves his or her own privacy. Even though the tech companies have denied the report’s accuracy; Mr Schneier draws a strong point that everyone involved in the making of the computer or phone needs to be fully trusted. After reading the different solutions, it seems that government regulations are something he stresses. I agree with many of his points, but it would very difficult to do so. I understand that regulations are not meant to be feared especially with protecting our computers or internet privacy, but many people are still doubtful of the government. It is 2018, people are suspicious of what the government is doing putting regulations on these internets. Secondly, I wonder if our American government does put regulations on technology and the internet, how will companies respond to it? Will they be against it or for it? It is hard to say because they want to make the most money without cutting corners. All in all, our government needs to act fast on putting critical and structural law around our technology and the internet. It is to ensure the citizen’s safety and our country or else it could turn into another mishap. I also encourage more citizens and especially my peers to advocate for regulations on our technology. It is something that needs to happen immediately.

  9. The danger of internet security will only compound as technology continues to expand. The internet of things is becoming more and more popular. Without even considering the type of device, just the sheer number of devices connected to the internet per household should be a red flag alone. Now, when one considers what these devices can do, there is a necessity for even more security. Security cameras, doorbells, and even door locks are connected to the internet, and if the cloud service was to be hacked, millions of people’s houses can become vulnerable. This is not just a case of someone’s social security information may or may not be released. If an internet-connected lock is compromised, that could mean the physical security of the home, and the family inside it, is in danger. Criminals can use this information to target homes for burglarizing, or any number of other reasons. In essence, as the internet of things and related internet connected devices increase, the security must be emphasized just as much if not more so. I think this is a good opportunity for the government to regulate what can be considered acceptable security. The issues lies not with the ability to secure the devices, but with the manufacturers trying to keep operating costs low, and if the government, and in turn the consumers, demand higher and better security, companies will be forced to comply if they want to stay in the market.

  10. As computers find their way into more and more everyday items, the problems they can cause when accessed by the wrong people multiply. As the article explains, it used to be that all computers did was handle data. When they were hacked, all that could be done was the theft of some info. In some ways, this is still the case, like when we hear about Facebook account information is stolen. This is bad, especially when sites like Facebook track our every move online and store information about us that we do not know they have access to. But even worse is when hackers get access to physical objects and take control of them.
    Personally, I remember watching a video a couple of years ago where a police department was able to remotely access a car’s engine and make it pull over on the side of a busy highway. This was just part of their job, as the car was reported stolen, but this sort of unprecedented power can very easily be used for evil. This sort of attack can happen on an even larger scale, as the author points out, like how power plants have been shut down by hackers before.
    Another issue here is that consumer’s cannot typically tell how secure an item is when buying it. They don’t come with a sign that says “super secure!” or anything like. Instead, manufacturers focus on building products with more features that are instantly noticeable, and skimp out on security. In our society, where the focus is on making money, this problem cannot solve itself. Companies will always look for a solution that makes them more money instead of creating a more secure product. The author says that the only way to change this is to make a policy change, and I agree. The government needs to step in. Companies who make products that are not secure should be punished, and those who buy said products deserve some sort of restitution.
    As our lives become even more intertwined with the internet, we also need to have a level of personal responsibility. I understand the author’s point of government intervention, and even agree to a certain extent, but the government cannot be expected to handle all our problems for us. When we buy products that have internet access, we should do our due diligence and make sure that they are secure. This can pretty easily be done by looking up reviews or learning the basics behind how these items work. At this point, it is reasonable to expect everyone to understand how the internet works and how our personal computers work as well, and this expectation needs to extend to all internet connected devices, whether they be cars or refrigerators or anything else.

  11. As someone who is admittedly addicted to his phone, I too have wondered what this is all doing to my mind. I look at my phone every minute either consciously or subconsciously. If I switched my phone screen to grayscale I think that would honestly help me awful problem. And I’m not the only one; many of my other friends and peers have similar problems. It is mind boggling to think that technology companies have purposely tricked us into staying addicted to our phones. Whenever I don’t have my phone, I freak out too. I honestly think that I could develop some type of brain disorder as I continue to age because of this.
    After reading this article I will begin taking the necessary steps to fix this addiction.

  12. Bruce Schneier’s article provides some extremely valuable insight on what further security measures need to be implemented as our society continually creates new seamless technology into our daily lives. However some points seem to be counterproductive and even more terrifying than the current circumstances, and there is little to no focus on what easy steps people can take to ensure complete privacy of their information.

    First when touching on how as technology becomes more and more involved with simple everyday tasks such as computers within cars, Shneier states “security is not a problem the market will solve. The government needs to step in and regulate this increasingly dangerous space.” My initial reaction to this statement was that would mark a historical moment in the history of mankind, as it would be commonly accepted amongst the public that the government is constantly monitoring and analyzing every instrument being utilized with any sort of smart technology or computer(as if this isn’t the case already). If this were to be the case, who would provide checks on the government and provide regulation that they would not be using their power to invade the privacy of their citizens?

    Regardless of what comes in the future, I felt it would have been beneficial for Schneier to focus on how people can protect their information as we speak. It’s fairly simple, first individuals should never use the same password for various accounts whether it be online banking, paypal, facebook, etc. To ensure their safety whenever creating a new account, write the username and password on a non digital device (pen and paper) and keep it stored in a safe place. Next, beware of phishing websites. Always be cautious when a website asks for a password and take necessary steps to guarantee you are not giving it to a potential threat. Next, an easy way to feel peace of mind about my personal photos and videos throughout the years I consistently upload anything of importance to my computers hard drive, then create a copy on an external hard drive. This allows me to not have to store things in a cloud that can potentially be hacked, while also giving myself the ability to completely wipe anything from my phone that could be stolen or worse, bugged/hacked. Last and most importantly, I feel as if people need to be more cautious about posting pictures, updates, locations, etc. on social media platforms. People tend to forget, when you click that “post” or “send” button, there is no taking it back. That information is out in the digital web somewhere, forever. This article starts by saying computers are insecure however it fails to note that first and foremost, the person behind the screen should be the first line of defense.

  13. In this modern world, we are surrounded by computers when we might not even realize it. Our smartphones, laptops, home assistants, car radio systems, even refrigerators are all computers, and though they all have different functions, they all have one thing in common: collecting data about us. As we ask these devices to search different topics, change settings how we like them, or where we usually stop for coffee, they learn more about us and will eventually know exactly what we want before we want it, based on habits. We don’t realize how many devices we use that store data based on our commands to them, such as robot vacuum cleaners, or even smart watches. Because we don’t really consider the data these devices collect about us, we don’t consider the possibility of them being hacked. Unfortunately, as stated in this article, “it [is] historically cheaper to accept the results than to fix the problems”, which I do not agree with. There is always an opportunity to improve technology and the defense against hackers, but people are impatient and companies want to sell products when there is demand, so security is a second thought. I believe this should be prioritized as we have seen in recent weeks in the news that there have been widespread hacks on Facebook, and most recently an airline was hacked; the worst airline attack yet. Each breach is unique in how much data is compromised, whether it be names, addresses, emails, credit card numbers, and other personal data. More often than not these breaches and hacks occur, and it is concerning for the privacy and safety of our information. Like many issues in society today, they happen often, almost every day, yet there are no pertinent efforts to make changes towards requiring better security and data protection. A solution could be implementing laws requiring these precautions be taken to a certain extent, and if there has been a breach or hack, that they be heightened. They should also, as mentioned in the article, be held accountable for what occurs in their systems and face fines because their vulnerabilities are putting their customers at risk. Once the information is compromised, it isn’t the users’ fault at all, they are the victim in the situation. It is important that when people agree to the terms of an organization to share their data, that they have the confidence and assurance that their information is protected and safe.

  14. This article gives a different view of all the new technology and the negative effects of these advancements. Hacking is something that happens almost every day and it usually involves something minor but can affects people’s lives. When I make a password or am asked to install more security on my systems I usually don’t take hacking very seriously because I think it won’t happen to me. After reading this article I now know I need to increase the security on all my technology to prevent being hacked. The article discussed how many cars are now automated and could be hacked while driving and I found that very interesting. If companies don’t start securing their products more many people could get seriously hurt.
    The article mentioned that the government needs to step in and create more regulations for technology and I agree with that. I did not know that there was limited government regulation on technology especially in for medical devices and the pharmaceutical industries. Many individuals rely on technology to administer medication every day and should not have to worry about the system being hacked or malfunctioning. Even if securing the products costs more money and takes more time it is more important to make sure the system is secure before selling it to customers. I think government regulation should increase security on a lot of technology to minimize the amount of hacking.
    I recently read an article “Facebook Security Breach Exposes Accounts of 50 Million Users” by Mike Isaac and Sheera Frenkel, the article was about the largest breach in the company history. This hacking was mentioned in the other article along with the other recent hackings of Equifax, and government agencies. Hackers have been able to gain very personal and important information from these hackings. Companies should be held responsible to increase security and prevent hackers from gaining information. The overall security of technology needs to increase for technology to more forward and be completely trusted.

  15. This article makes the problem of device security incredibly real. Before reading this article, I knew about stories of hacking, and how people’s devices can get hacked, but I never really thought about just how large the repercussions can be to hacked computers. Our security is at risk, mostly because it is too expensive for people to insure their devices against hacking. I think this is a scary reality that can only become more of a problem than it already is. As time goes by, this issue is only going to get worse.
    The article makes a strong point in saying how a lot of everyday devices have become computerized, including cars and refrigerators. These devices were once simple concepts but have now been given features that personal computers have, making them viable for those to hack into them. This is scary because technology can be hacked into at any time. The article talked about how hospitals have been shut down because of hacking into servers, which I think is extremely scary. I think the best way to combat this hacking issue is to only put computers where we absolutely need them, rather than only putting them into every device created. I also think companies that sell virus-fighting software for devices need to lower the prices of this protection in order to offer an affordable solution to consumers. This too will cut down on hacking.

  16. My first response to this article was shock at the realization of the number of products today which are remotely controlled. Just the thought of a group of cars all being controlled at the same moment is terrifying. I also did not realize that these manufacturing hacks were taking place. These are just a few things that could prove to be detrimental to our country moving forward, should we not implement regulations similar to what the author of the article was talking about. I remember a few years ago, when Google came out with the self-driving car video, this possible circumstance was all people around me could talk about. Now however, self-driving cars have filtered in and the possible threats have slipped from my mind. This article helped me recall that these crimes and hacks could take place and that if we do not regulate soon, it will be one of those situations where we will look back and think, after the fact, “We should have done something sooner.” Unfortunately, this is just how our society works. Majority of society will not take action or bring attention to issues until after a disaster occurs which starts to affect the “common man”. Therefore I do not think the kind of government regulation, that the article is referring to, will happen anytime soon. Not to mention the obstacles which will ensue should they begin to start putting in place regulations. This would require new agencies, legislation, not to mention politicians who know what they are talking about when it comes to these kinds of things as well as a population that does too. These are huge leaps we as a society and government will need to make. Although I agree with the fact that government regulations should be set into place, I do not think it will be happening anytime soon due to the ignorance of technological security. “Banking data stored by financial institutions might be important, but nobody dies when it’s stolen. Facebook account data might be important, but again, nobody dies when it’s stolen. Regardless of how bad these hacks are, it has historically been cheaper to accept the results than to fix the problems.” Just as the article stated, these crimes/hacks are not taking lives and until this turns into something which appears to the public as something which endangers lives and livelihood no one will pay much attention.

  17. Technology is advancing further than anyone could have imagined. Although there are no flying cars in development, there are cars that can park themselves, assist in breaking, alter you of going outside your lines, and also slowly but surely self-driving cars. Everyone is so excited to have this technology as it is vastly improving life that they forget the consequences of incorporating technology into everything. With technology comes the ability to become hacked, and that could lead to a world of chaos.
    Cars now can be started before one can even see their car. Thanks to remote start. Cars also keys now must be present in the car for it to turn on rather than having to put the key into the ignition and turning it one. That can help people with convinces but it can also cause hassles. The fact that a person can start their car and drive off without keys having to be placed into an engine switch amazes me but also causes anxiety. In the article by the New York Times titled “Keeping Your Car Safe from Electronic Thieves”, it states how criminals are now using technology to steal. Criminals have taken advantage of the fact that keys can be in a house and unlock and start cars. Most people leave their keys near the garage door so they can easily access them on their out. Criminals now have devices that will amplify the signal the keys give off. This means that they can increase the range of the key’s signal and open the doors. Criminals also have devices now that match the frequency of the keys, in order to start the car and drive away with it. (Bilton). As the article states cars are now computers on wheels, is a very true fact. This is not something that many people think about. I have never thought about it like that before, but it does make sense. Almost all parts of a car now are connected to a network in some way. The right people with the right set of skills can go in and hack the network that one’s car uses to communicate. Essentially another person has complete control over one’s car if they want to, and there is nothing you can do except maybe take the battery out. A world where you cannot control your own steering wheel is not a world, I want to live in. Who knows what will happen if one person has the power to control cars, and decides to use it for destruction, and to create fear.
    Not only have criminals been hacking into technology like our cars, cell phones, and computers, they are now targeting business, specifically hospitals. Everything on in a hospital is run by technology now. Patients order food, get nurses, medicine, and more all due to technology. If someone were to hack into that, it could kill innocent people that were going to get help. The thought is disgusting that someone would be so power and money hungry that they could harm people already suffering. No information is safe. Once a hacker is into a hospitals system, they have access to everything and everyone. A hacker can stop dialyze machines from working, breathing tubs, change time intervals that medicine is delivered and so much more. The damage that the hacking of all of this new technology can be disastrous to innocent lives for power, and money.
    Things can be done to prevent hacking; however, it seems that consumers are more concerned with getting the product sooner and cheaper than getting it secure. I agree with the article that people are not willing to pay the high cost that comes with having security on computers. Also, most people do not want to solve the problem, until it is already too late. If each computer were to be manufactured security they would not be as slim and stylish as they, and the price would increase greatly. I believe that these need to be integrated into everything involving technology. There is no reason that people should be harmed because the prices of secure technology are too high. As a society more needs to be done, in order to increase the level of safety in technology. It is time for us to stop taking action after events have happened, and start being proactive. Protecting our self and others, from the threats of technology should be one of this nation’s priority.
    Work Cited
    Bilton, Nick. “Keeping Your Car Safe From Electronic Thieves.” The New York Times, The New York Times, 15 Apr. 2015,

  18. As technology advances, we have access to new abilities. Cars are now considered smart cars with new features. Refrigerators have new systems that gives them the ability to store data. These examples of advances has made our lives easier. However, the further we go into technological advances, the more we put ourselves at risk. We always want the new and shiny thing that has been released into the market. However, this may not be the best thing. A computer can be hacked whether it be a PC or a smart system implemented in a car. This could put people not only at danger of getting their information stolen but this could physically injure someone. Many of us do not think of those dangers. We think about how to make our lives easier. It is important to bring this to people’s attention rather than advertising the new advanced version of a product. I did not realize how many of products and services could be affected by a potential hack and lead to physically affecting my life. in the article when referring the computers it states “They drive our cars, pilot our planes, and run our power plants. They control traffic, administer drugs into our bodies, and dispatch emergency services. These connected computer and the network that connects them affect the world in a direct physical manor.”If the average person has the capability to hack into a network or server, nothing is stopping them to hacking the computer system that run these appliances. I believe there are not many laws regulating these products because people do not the dangers if they do get hacked. Companies need to implement a system that reduces the chances of being hacked and the user of the product should be alerted if someone is trying to hack into the system. This should be a standard for all products that require a computer system. I believe customers will purchase more of a product if they trust that it will not be hacked and their lives will not be put in danger. The author stated that regulation is inevitable and I agree with him. It is important to regulate these products before something bad happens.

  19. This article is one of the most eye-opening articles I’ve read this year, as the importance of computer security isn’t talked about often as everyone doesn’t notice. However, as things get more technologicallt advanced, we’ll need more security. And a lot of it, at that.

    Bruce Schneier does a great job diving deep into this subject about security and breaks down why a lot of security features are passed up on or forgotten about, and this can range from either the price being too high to bear or it’ll take longer for the product to be ready for the consumer. He also discusses the broadness of the word “computer”, as computer doesn’t just refer to a giant, bulky desktop or the laptop that I’m currently writing my blogpost on; it refers to almost everything, to phones, to newly made cars, to gaming systems, to kitchen appliances, and everything and anything you could think of.

    Not only is it becoming easier to make all of these new-fangled devices as technology evolves, but it becomes easier for hackers to do whatever they want. Look at all the notable companies that have just been hacked within the last year: Facebook, Yahoo, Wells Fargo, Equifax. These are just the bigger companies that are being tampered with. There could be people who could be sadistic enough to hack into cars, household appliances, power grids. Then what? What will we do then?

    The answer is somewhat simple: make securities with our new technologies rather than waiting for the new technology to come out, settle in the market for a month or two, and THEN make security for it. It leaves too much of a gap that leaves hackers bug-eyed and drooling from the mouth. With establishing a basis and standard for great security, we won’t have to worry about the hacks becoming rampant and out-of-control. Take apple for instance. Sure, their products might be expensive as hell and might cause you to skip out on a couple of doctors appointments to afford that MacBook, but that MacBook, more likely than not, is going to be dependable as hell for you.

    Maybe it’s time for our country to take a page out of Apple’s Playbook before everything, from another company all to way to this website, gets hacked.

  20. Government intervention has always and will continue to be debated between parties until the end of time. However, in the past, there have been necessary times where regulations have been implemented into areas such as food, medical devices, consumer goods, etc. due to the corruption of companies taking advantage of its customers. In a world that is now heavily technology based, the question of security is really at hand and needs to get addressed before it is too late. Over the years there have been several breaches that have resulted in millions of people’s information and data getting released. This has not been enough to cause enormous chaos that resulted in some serious change. The latest has been the Facebook hack, the Equifax hack, and government agencies being hacked. To some, it would seem that these are very serious because each one has its own effect on the population in a local and global sense. For instance, Facebook by itself has a huge user base because it can be reached and activated in any part of the world, which means that when a breach occurs it could happen to someone in the United States and also those who live in Europe.
    On top of the lack of laws for just data security, the world has the addition of the “internet of things” making its headway into our lives. Computers are everywhere and that does not just mean the rectangle box you hold in your hand or pocket every day. That means the refrigerator one utilizes multiple times of the day or the car that takes one to his or her desired destination. The same thing goes for cars that have now gone from just being a machine that could transport a person from point A to point B to being computers. This means that “It’s not just that they can be attacked remotely — they can be attacked all at once” (Schneier). It is a reality that everyone needs to be aware of and if it continues without regulation, like this article states it might be too late when we do.
    A very crucial and important standard that needs to be discussed and understood more is cybersecurity. If this standard is put in place more that would mean companies and organizations would not have the accessibility to take advantage of users. With proper cybersecurity that would enable others to learn “how to identify, prevent, recover, and respond to security risks.” Cybersecurity works both ways because organizations need to protect themselves from potential unethical hackers and users need to ensure that they are not going to have their personal data released. This article presents a point that should be implemented which consists of having regulatory agencies fining those companies that do not possess proper security. Not only would this incentivize companies that to do this, but it would, in the long run, it would create a safer environment. The European Union is definitely ahead of the United States in internet and data protection. There GDPR laws are updated to try to stay with how the fast the internet is moving. Although they might need to be changed soon, the U.S. has nothing. Since nothing has been done yet, it is the people’s responsibility to step in and make sure the internet protection and security laws are there to create some safety.

  21. The decision to engage in collaborative communication with others at a moment’s notice and the ability to access information in a split second through the Internet is without a doubt one of the greatest inventions of mankind. However to expect such an advancement without any type of downside or risks is unrealistic, namely malware and the preservation of privacy which has moved itself into the forefront. The question though of who should be held responsible for breaches in security is very difficult. Most of the biggest stakeholders consist of the designers of software and hardware, the businesses and institutions that utilize them, and the participants that choose to engage with the resources provided by these institutions (e.g. customers who choose to buy a certain television). The burden of security cannot solely fall on the manufacturers of these systems. It is a burden that must be shared amongst all participants.

    For example, consumers cannot escape being at least partially responsible for liability of damages. If a phishing email is sent to a user, whether that be a consumer or a stakeholder in a business such as a company manager, if the person is not educated on how to handle the types of security threats associated with such correspondence, then they have not adequately prepared themselves to engage in the activity. In this case the knowledge should come from several places such as a government sponsored educational resource ideally available online to provide resources for those wishing to increase their cybersecurity knowledge. The Department of Homeland Security (DHS) serves a critical role in this mission. The United States Department of Homeland Security Cyber Education Training Assistance Program (CETEP) provides grants to the National Integrated Cyber Education Research Center (NICERC) which actually provides free educational curriculum for students k-12 to make persons more aware of cyber security (

    Bruce Schneier’s aim is to be progressive in his approach and suggestions. For example he argues that there should be some type of “minimal acceptable security” ( The requirement of minimal acceptable security is at least moving society in the right direction. Instituting substantial security might be cause for concern because it may cause a loss in parity. It is well known for example that large companies benefit from economies of scale. Medium and small sized business may not be in a position to put in significant security resources such as IT professionals and security software compared to large companies who have whole information technology divisions ( In fact Schneier’s discussion even invokes questions an anti-trust. Is it fair that a small company developing an internet of things (IOT) device should see its resources eaten up by mandatory cybersecurity policies when their juggernaut counterparts are more than capable of bearing such costs?

    While software makers largely protect themselves through licensing agreements, attempting to expand the liability of designers could have some unintended affects. John Palfrey who is a board member of the Berkman Klein Center for Internet & Society at Harvard University warns that increasing such liability could cause a decrease in innovation. He is instead in favor of targeting the malware developers. (
    Another substantial problem is determining what types of vulnerabilities are the responsibility of the developers and what vulnerabilities were the responsibility of the company using the technology. Policies enacted to increase designer liability would likely see several decisions that needed to be handled with case law and the establishment of precedents based on those cases. Not surprisingly, some of those concerns reflected above have already been realized. Schneier in his article comments about how California passed an IOT bill called SB-327, intended to make IOT device comply with basic security requirements. Robert Graham, who is considered to be a cybersecurity expert argues that the bill is “backwards looking” attempting to mandate security requirements that do not encompass the full range of security implementation measures that would actually be needed to more secure IOT devices (
    While not to take too negative of a view, cybersecurity defense has its limits. When state sponsored individuals or groups decide to target companies eventually they will succeed in penetrating the defense system. This is the opinion of James Lewis of the Center for Strategic and International Studies. Instead of trying to concentrate on building impenetrable walls the better tactical response would be to assume the a breach of secure systems is inevitable and instead to develop countermeasures that will alert companies to breaches so that they can respond immediately (
    Another aspect that is most certainly clear is that the legal landscape will have no choice but to evolve through the passing of additional legislation to handle the increasing cyberseucrity threats. By far the biggest challenge however will be figuring out a way to implement those laws and anticipate potential unintended consequences.

Leave a Reply

Your email address will not be published. Required fields are marked *