By Taylor Armerding
June 9, 2017
These problems are solvable, he said, "but we're not focused on them." He said he fears that needed focus won't come until there are more high-profile incidents - a bit like water pollution wasn't taken very seriously until the Cuyahoga River in Ohio caught fire several times decades ago.
There are some encouraging signs from government, he said, noting the two-year amendment to the Digital Millennium Copyright Act (DMCA) that allows (with rigorous restrictions) the unlocking of copyrighted software for research purposes.
He also cited the recent Food and Drug Administration's publication of post-market security guidelines for medical devices, which requires flaws to be acknowledged within 30 days and patched within 60 days.
Some regulation, he agreed, could conceivably put a drag on innovation. "Some of these things I hate," he said, "but the tradeoff is between doing something or nothing."
And doing nothing, he said, could lead to something more serious than websites going down due to a distributed denial-of-service attack.
"The consequences of failure involve death," he said.