At a time where everything needs to be connected to everything everywhere forever ; at a time where enormous amounts of data are being collected, correlated, dissected about us ; at a time where more and more critical decision making processes are being delegated to automated systems, it is probably worth asking ourselves what is our track record in building systems that are secure, reliable, trustworthy ... in a word : dependable.
In this talk, I propose to look at some lessons learned over 30 years of Internet Insecurity. Why wasn't security part of the design criteria of the original Internet? How have we coped with it? Are we better now? A few concrete examples will highlight how we have made progress over the years, in a non satisfying manner.
Having identified the pitfalls of the past, is there a way to avoid them in the future? Now that critical infrastructures, the so called OT world, are being more and more connected to the Internet, the IT world, we must do better at protecting them. Are we? The wave of new IoT devices, which one can see as merging the IT and the OT world together, is bringing with it its load of horrible security stories. This does not look good. Furthermore, cyberphysical systems, by being in direct contact with the world, are increasing the classical attack surfaces that we used to consider.
We will conclude this talk with a few suggestions as to how improve the situation, one of them being a proposal for a major push in favor of a better education of computer scientists and engineers with respect to computer security.
and is available at :