[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.00,0:00:19.22,Default,,0000,0000,0000,,{\i1}prerol music{\i0}
Dialogue: 0,0:00:19.22,0:00:25.18,Default,,0000,0000,0000,,Herald: Our next speaker, he's a professor\Nof security engineering at Cambridge
Dialogue: 0,0:00:25.18,0:00:31.25,Default,,0000,0000,0000,,University. He is the author of the book\NSecurity Engineering. He has done a lot of
Dialogue: 0,0:00:31.25,0:00:39.89,Default,,0000,0000,0000,,things already. He has been inventing semi\Ninvasive attacks based on inducing photo
Dialogue: 0,0:00:39.89,0:00:45.58,Default,,0000,0000,0000,,currence. He has done API attacks. He\Nhas done a lot of stuff. If you read his
Dialogue: 0,0:00:45.58,0:00:50.52,Default,,0000,0000,0000,,bio is it feels like he's involved in\Nalmost everything we like related to
Dialogue: 0,0:00:50.52,0:00:57.08,Default,,0000,0000,0000,,security. So please give a huge round and\Na warm welcome to Ross Anderson and his
Dialogue: 0,0:00:57.08,0:01:01.50,Default,,0000,0000,0000,,talk, The Sustainability of safety,\Nsecurity and privacy.
Dialogue: 0,0:01:01.50,0:01:02.75,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:01:02.75,0:01:16.12,Default,,0000,0000,0000,,Ross Anderson: Thanks. Right. It's great\Nto be here, and I'm going to tell a story
Dialogue: 0,0:01:16.12,0:01:23.98,Default,,0000,0000,0000,,that starts a few years ago and it's about\Nthe regulation of safety. Just to set the
Dialogue: 0,0:01:23.98,0:01:31.40,Default,,0000,0000,0000,,scene, you may recall that in February\Nthis year there was this watch Enox's
Dialogue: 0,0:01:31.40,0:01:37.71,Default,,0000,0000,0000,,Safe-Kid One suddenly got recalled. And\Nwhy? Well, it's unlikely that unencrypted
Dialogue: 0,0:01:37.71,0:01:42.79,Default,,0000,0000,0000,,communications with the backhand server\Nallowing an authenticated access and
Dialogue: 0,0:01:42.79,0:01:47.01,Default,,0000,0000,0000,,translated into layman language that meant\Nthat hackers could track and call your
Dialogue: 0,0:01:47.01,0:01:52.26,Default,,0000,0000,0000,,kids, changed the device ID and do\Narbitrary bad things. So this was
Dialogue: 0,0:01:52.26,0:01:57.45,Default,,0000,0000,0000,,immediately recalled by the European Union\Nusing powers that it had under the Radio
Dialogue: 0,0:01:57.45,0:02:02.39,Default,,0000,0000,0000,,Equipment Directive. And this was a bit of\Na wake up call for industry, because up
Dialogue: 0,0:02:02.39,0:02:07.51,Default,,0000,0000,0000,,until then, people active in the so-called\NInternet of Things didn't have any idea
Dialogue: 0,0:02:07.51,0:02:11.47,Default,,0000,0000,0000,,that, you know, if they produced an unsafe\Ndevice, then they could suddenly be
Dialogue: 0,0:02:11.47,0:02:20.37,Default,,0000,0000,0000,,ordered to take it off the market. Anyway,\Nback in 2015, the European Union's
Dialogue: 0,0:02:20.37,0:02:25.84,Default,,0000,0000,0000,,research department asked Eireann Leverett,\NRichard Clayton and me to examine what I
Dialogue: 0,0:02:25.84,0:02:32.33,Default,,0000,0000,0000,,would see implied from the regulation of\Nsafety, because the European institutions
Dialogue: 0,0:02:32.33,0:02:36.86,Default,,0000,0000,0000,,regulate all sorts of things, from toys to\Nrailway signals and from cars through
Dialogue: 0,0:02:36.86,0:02:41.07,Default,,0000,0000,0000,,drugs to aircraft. And if you start having\Nsoftware and everything, does this mean
Dialogue: 0,0:02:41.07,0:02:46.31,Default,,0000,0000,0000,,that all these dozens of agencies suddenly\Nstart to have software safety experts and
Dialogue: 0,0:02:46.31,0:02:51.60,Default,,0000,0000,0000,,software security experts? So what does\Nthis mean in institutional terms? We
Dialogue: 0,0:02:51.60,0:02:57.51,Default,,0000,0000,0000,,produced a report for them in 2016, which\Nthe commission sat on for a year. A
Dialogue: 0,0:02:57.51,0:03:03.00,Default,,0000,0000,0000,,version of the report came out in 2017 and\Nlater that year the full report. And the
Dialogue: 0,0:03:03.00,0:03:07.35,Default,,0000,0000,0000,,gist of our report was once you get\Nsoftware everywhere, safety and security
Dialogue: 0,0:03:07.35,0:03:12.72,Default,,0000,0000,0000,,become entangled. And in fact, when you\Nthink about it, the two are the same in
Dialogue: 0,0:03:12.72,0:03:19.29,Default,,0000,0000,0000,,pretty well all the languages spoken by EU\Ncitizens. {\i1}speaks other languages{\i0}.
Dialogue: 0,0:03:19.29,0:03:23.17,Default,,0000,0000,0000,,It's only English that distinguishes\Nbetween the two. And with
Dialogue: 0,0:03:23.17,0:03:28.26,Default,,0000,0000,0000,,Britain leaving the EU, of course you will\Nhave languages in which safety and
Dialogue: 0,0:03:28.26,0:03:33.58,Default,,0000,0000,0000,,security become the same. Throughout\NBrussels and throughout the continent. But
Dialogue: 0,0:03:33.58,0:03:38.19,Default,,0000,0000,0000,,anyway, how are we going to update safety\Nregulation in order to cope? This was the
Dialogue: 0,0:03:38.19,0:03:44.18,Default,,0000,0000,0000,,problem that Brussels was trying to get\Nits head around. So one of the things that
Dialogue: 0,0:03:44.18,0:03:50.62,Default,,0000,0000,0000,,we had been looking at over the past 15,\N20 years is the economics of information
Dialogue: 0,0:03:50.62,0:03:56.38,Default,,0000,0000,0000,,security, because often a big complex\Nsystems fail because the incentives are
Dialogue: 0,0:03:56.38,0:04:01.53,Default,,0000,0000,0000,,wrong. If Alice guards the system and Bob\Npairs the cost of failure, you can expect
Dialogue: 0,0:04:01.53,0:04:08.37,Default,,0000,0000,0000,,trouble. And many of these ideas go across\Nthe safety as well. Now, it's already well
Dialogue: 0,0:04:08.37,0:04:13.20,Default,,0000,0000,0000,,known that markets do safety in some\Nindustries, such as aviation, way better
Dialogue: 0,0:04:13.20,0:04:18.90,Default,,0000,0000,0000,,than others, such as medicine. And cars\Nwere dreadful for many years for the first
Dialogue: 0,0:04:18.90,0:04:23.24,Default,,0000,0000,0000,,80 years of the car industry. People\Ndidn't bother with things like seatbelts,
Dialogue: 0,0:04:23.24,0:04:28.64,Default,,0000,0000,0000,,and it was only until Ralph Nader's book,\NUnsafe at Any Speed, led the Americans to
Dialogue: 0,0:04:28.64,0:04:32.77,Default,,0000,0000,0000,,set up the National Highways,\NTransportation and Safety Administration
Dialogue: 0,0:04:32.77,0:04:37.41,Default,,0000,0000,0000,,and various court cases brought this\Nforcefully to public attention that car
Dialogue: 0,0:04:37.41,0:04:42.90,Default,,0000,0000,0000,,safety started to become a thing. Now in\Nthe EU, we've got a whole series of broad
Dialogue: 0,0:04:42.90,0:04:49.29,Default,,0000,0000,0000,,frameworks and specific directives and\Ndetail rules and thus overall 20 EU
Dialogue: 0,0:04:49.29,0:04:55.07,Default,,0000,0000,0000,,agencies plus the UNECE in play here. So\Nhow can we navigate this? Well, what we
Dialogue: 0,0:04:55.07,0:05:00.04,Default,,0000,0000,0000,,were asked to do was to look at three\Nspecific verticals and study them in some
Dialogue: 0,0:05:00.04,0:05:06.51,Default,,0000,0000,0000,,detail so that the lessons from them could\Nbe then taken to the other verticals in
Dialogue: 0,0:05:06.51,0:05:17.97,Default,,0000,0000,0000,,which the EU operates. And, cars were one\Nof those. And some of you may remember the
Dialogue: 0,0:05:17.97,0:05:26.60,Default,,0000,0000,0000,,carshark pepper in 2011. Four guys from\NSan Diego and the University of Washington
Dialogue: 0,0:05:26.60,0:05:30.72,Default,,0000,0000,0000,,figured out how to hack a vehicle and\Ncontrol it remotely. And I used to have a
Dialogue: 0,0:05:30.72,0:05:34.48,Default,,0000,0000,0000,,lovely little video of this that the\Nresearchers gave me. But my Mac got
Dialogue: 0,0:05:34.48,0:05:41.37,Default,,0000,0000,0000,,upgraded to Catalina last week and it\Ndoesn't play anymore. So, verschlimmbessern?
Dialogue: 0,0:05:41.37,0:05:44.35,Default,,0000,0000,0000,,Man sagt auf Deutsch? Oder?\NYeah.
Dialogue: 0,0:05:44.35,0:05:49.32,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:05:49.32,0:05:53.72,Default,,0000,0000,0000,,Okay. We'll get it going sooner or later.\NAnyway, this was largely ignored because
Dialogue: 0,0:05:53.72,0:05:59.98,Default,,0000,0000,0000,,one little video didn't make the biscuit.\NBut in 2015, there suddenly came to the
Dialogue: 0,0:05:59.98,0:06:04.64,Default,,0000,0000,0000,,attention of the industry because Charlie\NMiller and Chris Valasek, two guys who had
Dialogue: 0,0:06:04.64,0:06:10.87,Default,,0000,0000,0000,,been in the NSA is hacking team hacks a\Ncheap Cherokee using Chryslers Uconnect.
Dialogue: 0,0:06:10.87,0:06:14.17,Default,,0000,0000,0000,,And this meant that they could go down\Nthrough all the Chrysler vehicles in
Dialogue: 0,0:06:14.17,0:06:18.55,Default,,0000,0000,0000,,America and look at them one by one and\Nask, where are you? And then when they
Dialogue: 0,0:06:18.55,0:06:21.68,Default,,0000,0000,0000,,found the vehicle that was somewhere\Ninteresting, they could go in and do
Dialogue: 0,0:06:21.68,0:06:26.88,Default,,0000,0000,0000,,things to it. And what they found was that\Nto hack a vehicle, suddenly you just
Dialogue: 0,0:06:26.88,0:06:34.54,Default,,0000,0000,0000,,needed the vehicle's IP address. And so\Nthey got a journalist into a vehicle and
Dialogue: 0,0:06:34.54,0:06:38.65,Default,,0000,0000,0000,,they got into slow down and had trucks\Nbehind them hooting away, and eventually
Dialogue: 0,0:06:38.65,0:06:43.10,Default,,0000,0000,0000,,they ran the vehicle off the road. And\Nwhen the TV footage of this got out,
Dialogue: 0,0:06:43.10,0:06:47.50,Default,,0000,0000,0000,,suddenly, people cared. It made the front\Npages of the press in the USA, and
Dialogue: 0,0:06:47.50,0:06:52.36,Default,,0000,0000,0000,,Chrysler had to recall 1.4 million\Nvehicles for a software fix, which meant
Dialogue: 0,0:06:52.36,0:06:58.27,Default,,0000,0000,0000,,actually reflashing the firmware of the\Ndevices. And it cost them billions and
Dialogue: 0,0:06:58.27,0:07:02.17,Default,,0000,0000,0000,,billions of dollars. So all of a sudden,\Nthis is something to which people paid
Dialogue: 0,0:07:02.17,0:07:10.68,Default,,0000,0000,0000,,attention. Some of you may know this chap\Nhere, at least by sight. This is Martin
Dialogue: 0,0:07:10.68,0:07:15.85,Default,,0000,0000,0000,,Winterkorn, who used to run Volkswagen.\NAnd when it turned out that he had hacked
Dialogue: 0,0:07:15.85,0:07:20.29,Default,,0000,0000,0000,,millions and millions of Volkswagen\Nvehicles by putting in evil software that
Dialogue: 0,0:07:20.29,0:07:26.78,Default,,0000,0000,0000,,defeated emissions controls. That's what\Nhappened to Volkswagen stock price. Oh,
Dialogue: 0,0:07:26.78,0:07:33.77,Default,,0000,0000,0000,,and he lost his job and got prosecuted. So\Nthis is an important point about vehicles
Dialogue: 0,0:07:33.77,0:07:37.67,Default,,0000,0000,0000,,and in fact, about many things in the\NInternet of things for Internet of
Dialogue: 0,0:07:37.67,0:07:42.25,Default,,0000,0000,0000,,targets, whatever you want to call it. The\Nthread model isn't just external, it is
Dialogue: 0,0:07:42.25,0:07:47.10,Default,,0000,0000,0000,,internal as well. There are bad people all\Nthe way up and down the supply chain. Even
Dialogue: 0,0:07:47.10,0:07:54.60,Default,,0000,0000,0000,,at the OEM. So that's the state of play in\Ncars. And we investigated that and wrote a
Dialogue: 0,0:07:54.60,0:08:03.78,Default,,0000,0000,0000,,bit about it. Now, here's medicine. This\Nwas the second thing that we looked at.
Dialogue: 0,0:08:03.78,0:08:08.79,Default,,0000,0000,0000,,These are some pictures of the scene in\Nthe intensive care unit in Swansea
Dialogue: 0,0:08:08.79,0:08:13.34,Default,,0000,0000,0000,,Hospital. So after your car gets hacked\Nand you go off the road, this is where you
Dialogue: 0,0:08:13.34,0:08:19.92,Default,,0000,0000,0000,,end up. And just as a car has got about 50\Ncomputers in it, you're now going to see
Dialogue: 0,0:08:19.92,0:08:34.04,Default,,0000,0000,0000,,that there's quite a few computers at your\Nbedside. How many CPUs can you see? You
Dialogue: 0,0:08:34.04,0:08:39.81,Default,,0000,0000,0000,,see, there's quite a few, about a\Ncomparable number to the number of CPUs in
Dialogue: 0,0:08:39.81,0:08:47.24,Default,,0000,0000,0000,,your car. Only here the systems\Nintegration is done by the nurse, not by
Dialogue: 0,0:08:47.24,0:08:55.53,Default,,0000,0000,0000,,the engineers at Volkswagen or Mercedes.\NAnd does this cause safety problems? Oh,
Dialogue: 0,0:08:55.53,0:09:06.72,Default,,0000,0000,0000,,sure. Here are pictures of the user\Ninterface of infusion pumps taken from
Dialogue: 0,0:09:06.72,0:09:13.50,Default,,0000,0000,0000,,Swansea's intensive care unit. And as you\Ncan see, they're all different. This is a
Dialogue: 0,0:09:13.50,0:09:17.74,Default,,0000,0000,0000,,little bit like if you suddenly had to\Ndrive a car from the 1930s an old
Dialogue: 0,0:09:17.74,0:09:22.45,Default,,0000,0000,0000,,Lanchester, for example, and then you find\Nthat the accelerator is between the brake
Dialogue: 0,0:09:22.45,0:09:27.42,Default,,0000,0000,0000,,and the clutch, right? Honestly, there\Nused to be such cars. You can still find
Dialogue: 0,0:09:27.42,0:09:33.32,Default,,0000,0000,0000,,them in antique car fairs or a Model T\NFord, for example, for the accelerator is
Dialogue: 0,0:09:33.32,0:09:39.00,Default,,0000,0000,0000,,actually a lever on the dashboard and one\Nof the pedals is as a gear change. And yet
Dialogue: 0,0:09:39.00,0:09:44.33,Default,,0000,0000,0000,,you're asking nurses to operate a variety\Nof different pieces of equipment and look,
Dialogue: 0,0:09:44.33,0:09:50.64,Default,,0000,0000,0000,,for example, at the Bodyguard 545. The one\Non the top to increase the doors. Right,
Dialogue: 0,0:09:50.64,0:09:54.53,Default,,0000,0000,0000,,this is the morphine that is being dripped\Ninto your vein once you've had your car
Dialogue: 0,0:09:54.53,0:09:58.95,Default,,0000,0000,0000,,crash, to increase the dose you have to\Npress 2 and to decrease that, you have to
Dialogue: 0,0:09:58.95,0:10:06.88,Default,,0000,0000,0000,,press 0. Under the Bodyguard 545 at the\Nbottom right, to increase the dose you
Dialogue: 0,0:10:06.88,0:10:14.37,Default,,0000,0000,0000,,press 5 and to decrease it, you press 0.\NAnd this leads to accidents, to fatal
Dialogue: 0,0:10:14.37,0:10:21.18,Default,,0000,0000,0000,,accidents, a significant number of them.\NOkay. So you might say, well, why not have
Dialogue: 0,0:10:21.18,0:10:25.58,Default,,0000,0000,0000,,standards? Well, we have standards. We've\Ngot standards which say that liter should
Dialogue: 0,0:10:25.58,0:10:30.51,Default,,0000,0000,0000,,always be a capital L, so it is not\Nconfused with a one. And then you see that
Dialogue: 0,0:10:30.51,0:10:37.52,Default,,0000,0000,0000,,and the Bodyguard on the bottom right.\NMILLILITERS is a capital L in green. Okay.
Dialogue: 0,0:10:37.52,0:10:43.28,Default,,0000,0000,0000,,Well done, Mr. Bodyguard. The problem is,\Nif you look up two lines, you see 500
Dialogue: 0,0:10:43.28,0:10:49.17,Default,,0000,0000,0000,,milliliters is in small letters. So\Nthere's a standard problem. There's an
Dialogue: 0,0:10:49.17,0:10:53.78,Default,,0000,0000,0000,,enforcement problem and there's extra\Ninanities because each of these vendors
Dialogue: 0,0:10:53.78,0:10:58.28,Default,,0000,0000,0000,,will say, well, everybody else should\Nstandardize on my kit. And there are also
Dialogue: 0,0:10:58.28,0:11:04.74,Default,,0000,0000,0000,,various other market failures. So the\Nexpert who's been investigating this is my
Dialogue: 0,0:11:04.74,0:11:09.52,Default,,0000,0000,0000,,friend Harold Thimbleby, who's a professor\Nof computer science at Swansea. And his
Dialogue: 0,0:11:09.52,0:11:14.60,Default,,0000,0000,0000,,research shows that hospitals safety,\Nusability failures kill about 2000 people
Dialogue: 0,0:11:14.60,0:11:22.21,Default,,0000,0000,0000,,every year in the UK, which is about the\Nsame as road accidents. And safety
Dialogue: 0,0:11:22.21,0:11:29.57,Default,,0000,0000,0000,,usability, in other words, gets ignored\Nbecause the incentives are wrong. In
Dialogue: 0,0:11:29.57,0:11:33.49,Default,,0000,0000,0000,,Britain and indeed in the European\Ninstitutions, people tend to follow the
Dialogue: 0,0:11:33.49,0:11:39.19,Default,,0000,0000,0000,,FDA in America and that is captured by the\Nlarge medical device makers over there.
Dialogue: 0,0:11:39.19,0:11:45.15,Default,,0000,0000,0000,,They only have two engineers. They're not\Nallowed to play with pumps, etc, etc, etc.
Dialogue: 0,0:11:45.15,0:11:50.32,Default,,0000,0000,0000,,The curious thing here is that safety and\Nsecurity come together. The safety of
Dialogue: 0,0:11:50.32,0:11:55.32,Default,,0000,0000,0000,,medical devices may improve because as\Nsoon as it becomes possible to hack a
Dialogue: 0,0:11:55.32,0:12:02.58,Default,,0000,0000,0000,,medical device, then people suddenly take\Ncare. So the first of this was when Kevin
Dialogue: 0,0:12:02.58,0:12:07.33,Default,,0000,0000,0000,,Fu and researchers at the University of\NMichigan showed that they could hack the
Dialogue: 0,0:12:07.33,0:12:12.27,Default,,0000,0000,0000,,hospital, a symbolic infusion pump over\NWi-Fi. And this led the FDA to immediately
Dialogue: 0,0:12:12.27,0:12:17.24,Default,,0000,0000,0000,,panic and blacklist the pump, recalling it\Nfrom service. But then said, Kevin, what
Dialogue: 0,0:12:17.24,0:12:21.11,Default,,0000,0000,0000,,about the 200 other infusion pumps that\Nare unsafe because of the things on the
Dialogue: 0,0:12:21.11,0:12:27.76,Default,,0000,0000,0000,,previous slide? Also, the FDA, we couldn't\Npossibly recall all those. Then two years
Dialogue: 0,0:12:27.76,0:12:33.12,Default,,0000,0000,0000,,ago, there's an even bigger recall. It\Nturned out that 450 000 pacemakers made by
Dialogue: 0,0:12:33.12,0:12:38.94,Default,,0000,0000,0000,,St. Jude could similarly be hacked over\NWi-Fi. And so the recall was ordered. And
Dialogue: 0,0:12:38.94,0:12:42.59,Default,,0000,0000,0000,,this is quite serious, because if you've\Ngot a heart pacemaker, right, it's
Dialogue: 0,0:12:42.59,0:12:47.68,Default,,0000,0000,0000,,implanted surgically in the muscle next to\Nyour shoulder blade. And to remove that
Dialogue: 0,0:12:47.68,0:12:51.74,Default,,0000,0000,0000,,and replace it with a new one, which they\Ndo every 10 years to change the battery,
Dialogue: 0,0:12:51.74,0:12:54.95,Default,,0000,0000,0000,,you know, is a day care surgery procedure.\NYou have to go in there, get an
Dialogue: 0,0:12:54.95,0:12:58.26,Default,,0000,0000,0000,,anesthetic. They have to have a\Ncardiologist ready in case you have a
Dialogue: 0,0:12:58.26,0:13:05.34,Default,,0000,0000,0000,,heart attack. It's a big deal, right? It\Ncosts maybe 3000 pounds in the UK. And so
Dialogue: 0,0:13:05.34,0:13:11.00,Default,,0000,0000,0000,,3000 pounds times 450 000 pacemakers.\NMultiply it by two for American health
Dialogue: 0,0:13:11.00,0:13:18.51,Default,,0000,0000,0000,,care costs and you're talking real money.\NSo what should Europe do about this? Well,
Dialogue: 0,0:13:18.51,0:13:22.97,Default,,0000,0000,0000,,thankfully, the European institutions have\Nbeen getting off their butts on this and
Dialogue: 0,0:13:22.97,0:13:27.65,Default,,0000,0000,0000,,the medical device directors have been\Nrevised. And from next year, medical
Dialogue: 0,0:13:27.65,0:13:31.17,Default,,0000,0000,0000,,devices will have post-market\Nsurveillance, risk management plan,
Dialogue: 0,0:13:31.17,0:13:37.46,Default,,0000,0000,0000,,ergonomic design. And here's perhaps the\Ndriver for software engineering for
Dialogue: 0,0:13:37.46,0:13:41.60,Default,,0000,0000,0000,,devices that incorporate software. The\Nsoftware shall be developed in accordance
Dialogue: 0,0:13:41.60,0:13:45.68,Default,,0000,0000,0000,,with the state of the art, taking into\Naccount the principles of development,
Dialogue: 0,0:13:45.68,0:13:50.81,Default,,0000,0000,0000,,life cycle risk management, including\Ninformation, security, verification and
Dialogue: 0,0:13:50.81,0:13:57.47,Default,,0000,0000,0000,,validation. So there at least we have a\Nfoothold and it continues. Devices shall
Dialogue: 0,0:13:57.47,0:14:02.15,Default,,0000,0000,0000,,be designed and manufactured in such a way\Nas to protect as far as possible against
Dialogue: 0,0:14:02.15,0:14:06.62,Default,,0000,0000,0000,,unauthorized access that could hamper the\Ndevice from functioning as intended. Now
Dialogue: 0,0:14:06.62,0:14:11.04,Default,,0000,0000,0000,,it's still not perfect. There's various\Nthings that the manufacturers can do to
Dialogue: 0,0:14:11.04,0:14:17.09,Default,,0000,0000,0000,,wriggle. But it's still a huge\Nimprovement. The third thing that we
Dialogue: 0,0:14:17.09,0:14:20.99,Default,,0000,0000,0000,,looked at was energy, electricity\Nsubstations and electro technical
Dialogue: 0,0:14:20.99,0:14:25.70,Default,,0000,0000,0000,,equipments in general, there have been one\Nor two talks at this conference on that.
Dialogue: 0,0:14:25.70,0:14:30.48,Default,,0000,0000,0000,,Basically, the problem is that you've got\Na 40 year life cycle for these devices.
Dialogue: 0,0:14:30.48,0:14:35.75,Default,,0000,0000,0000,,Protocols such as Smart Bus and DNP3 don't\Nsupport authentication. And the fact that
Dialogue: 0,0:14:35.75,0:14:41.18,Default,,0000,0000,0000,,everything has gone to IP networks means\Nthat as with the Chrysler Jeeps. Anybody
Dialogue: 0,0:14:41.18,0:14:45.75,Default,,0000,0000,0000,,who knows your IP address can read from\Nand with an actuator's IP address, you can
Dialogue: 0,0:14:45.75,0:14:51.20,Default,,0000,0000,0000,,activate it. So the only practical fix\Nthere is to re-perimeterise and the
Dialogue: 0,0:14:51.20,0:14:56.30,Default,,0000,0000,0000,,entrepreneurs who noticed this 10 to 15\Nyears ago and set up companies like Beldon
Dialogue: 0,0:14:56.30,0:15:00.98,Default,,0000,0000,0000,,have now made lots and lots of money.\NCompanies like BP now have thousands of
Dialogue: 0,0:15:00.98,0:15:06.05,Default,,0000,0000,0000,,such firewalls which isolate their\Nchemical and other plants from the
Dialogue: 0,0:15:06.05,0:15:11.48,Default,,0000,0000,0000,,internet. So one way in which you can deal\Nwith this is having one component that
Dialogue: 0,0:15:11.48,0:15:14.90,Default,,0000,0000,0000,,connects you to the network, you replace\Nit every five years. That's one way of
Dialogue: 0,0:15:14.90,0:15:20.27,Default,,0000,0000,0000,,doing, if you'd like sustainable security\Nfor your oil refinery. But this is a lot
Dialogue: 0,0:15:20.27,0:15:25.28,Default,,0000,0000,0000,,harder for cars, which have got multiple\NRF interfaces. A modern car has maybe 10
Dialogue: 0,0:15:25.28,0:15:31.60,Default,,0000,0000,0000,,interfaces in all those there is the\Ninternal phone. There's the short range radio
Dialogue: 0,0:15:31.60,0:15:37.31,Default,,0000,0000,0000,,link for remote key entry. Those things.\NThere are links to the devices that
Dialogue: 0,0:15:37.31,0:15:41.03,Default,,0000,0000,0000,,monitor your tire pressure. There's all\Nsorts of other things and every single one
Dialogue: 0,0:15:41.03,0:15:48.35,Default,,0000,0000,0000,,of these has been exploited at least once.\NAnd there are particular difficulties in
Dialogue: 0,0:15:48.35,0:15:53.18,Default,,0000,0000,0000,,the auto industry because of the\Nfragmented responsibility in the supply
Dialogue: 0,0:15:53.18,0:15:57.53,Default,,0000,0000,0000,,chain between the OEM, the tier ones and\Nthe specialists who produce all the
Dialogue: 0,0:15:57.53,0:16:03.38,Default,,0000,0000,0000,,various bits and pieces that get glued\Ntogether. Anyway, so the broad questions
Dialogue: 0,0:16:03.38,0:16:08.48,Default,,0000,0000,0000,,that arise from this include who will\Ninvestigate incidents and to whom will
Dialogue: 0,0:16:08.48,0:16:15.89,Default,,0000,0000,0000,,they be reported? Right? How do we embed\Nresponsible disclosure? How do we bring
Dialogue: 0,0:16:15.89,0:16:21.50,Default,,0000,0000,0000,,safety engineers and security engineers\Ntogether? This is an enormous project
Dialogue: 0,0:16:21.50,0:16:25.58,Default,,0000,0000,0000,,because security engineers and safety\Nengineers use different languages. We have
Dialogue: 0,0:16:25.58,0:16:31.04,Default,,0000,0000,0000,,different university degree programs. We\Ngo to different conferences. And the world
Dialogue: 0,0:16:31.04,0:16:35.45,Default,,0000,0000,0000,,of safety is similarly fragmented between\Nthe power people, the car people, the
Dialogue: 0,0:16:35.45,0:16:40.68,Default,,0000,0000,0000,,naval people, the signal people and so on\Nand so forth. Some companies are beginning
Dialogue: 0,0:16:40.68,0:16:44.94,Default,,0000,0000,0000,,to get this together. The first is Bosch,\Nwhich put together their safety,
Dialogue: 0,0:16:44.94,0:16:48.96,Default,,0000,0000,0000,,engineering and security engineering\Nprofessions. But even once you have done
Dialogue: 0,0:16:48.96,0:16:53.64,Default,,0000,0000,0000,,that in organizational terms, how do you\Nteach a security engineer to think safety
Dialogue: 0,0:16:53.64,0:16:58.95,Default,,0000,0000,0000,,and vice versa? Then the problem that\Nbothered the European Union, are the
Dialogue: 0,0:16:58.95,0:17:04.35,Default,,0000,0000,0000,,regulators all going to need security\Nengineers? Right. I mean, many of these
Dialogue: 0,0:17:04.35,0:17:10.25,Default,,0000,0000,0000,,organizations in Brussels don't even have\Nan engineer on staff, right? They are
Dialogue: 0,0:17:10.25,0:17:16.26,Default,,0000,0000,0000,,mostly full of lawyers and policy people.\NAnd then, of course, for this audience,
Dialogue: 0,0:17:16.26,0:17:21.28,Default,,0000,0000,0000,,how do you prevent abuse of lock-in, you\Nknow, in America if you've got a chapter
Dialogue: 0,0:17:21.28,0:17:25.20,Default,,0000,0000,0000,,from John Deere? And then if you don't\Ntake it to a John Deere dealer every six
Dialogue: 0,0:17:25.20,0:17:29.79,Default,,0000,0000,0000,,months or so, it stops working. Right. And\Nif you try and hack it so you can fix it
Dialogue: 0,0:17:29.79,0:17:34.74,Default,,0000,0000,0000,,yourself, then John Deere will try to get\Nyou prosecuted. We just don't want that
Dialogue: 0,0:17:34.74,0:17:41.10,Default,,0000,0000,0000,,kind of stuff coming over the Atlantic\Ninto Europe. So we ended up with a number
Dialogue: 0,0:17:41.10,0:17:46.77,Default,,0000,0000,0000,,of recommendations. We thought that we\Nwould get vendors to self-certify for the
Dialogue: 0,0:17:46.77,0:17:52.16,Default,,0000,0000,0000,,CE mark that products could be patched if\Nneed be. That turned out to be not viable.
Dialogue: 0,0:17:52.16,0:17:57.10,Default,,0000,0000,0000,,We then came up with another idea that\Nthings should be secure by default for the
Dialogue: 0,0:17:57.10,0:18:00.63,Default,,0000,0000,0000,,update to the Ready Equipment Directive.\NAnd that didn't get through the European
Dialogue: 0,0:18:00.63,0:18:06.98,Default,,0000,0000,0000,,Parliament either. In fact, it was Mozilla\Nthat lobbied against it. Eventually we got
Dialogue: 0,0:18:06.98,0:18:11.85,Default,,0000,0000,0000,,something through which I'll discuss in a\Nminute. We talked about requiring a secure
Dialogue: 0,0:18:11.85,0:18:15.21,Default,,0000,0000,0000,,development lifecycle with vulnerability\Nmanagement because we've already got
Dialogue: 0,0:18:15.21,0:18:21.33,Default,,0000,0000,0000,,standards for that. We talked about\Ncreating an European security engineering
Dialogue: 0,0:18:21.33,0:18:25.83,Default,,0000,0000,0000,,agency. So that would be people in\NBrussels to support policymakers and the
Dialogue: 0,0:18:25.83,0:18:30.54,Default,,0000,0000,0000,,reaction to that. A year and a half ago\Nwas to arrange for ENISA to be allowed to
Dialogue: 0,0:18:30.54,0:18:35.04,Default,,0000,0000,0000,,open an office in Brussels so that they\Ncan hopefully build a capability. There
Dialogue: 0,0:18:35.04,0:18:40.20,Default,,0000,0000,0000,,with some technical people who can support\Npolicymakers. We recommended extending the
Dialogue: 0,0:18:40.20,0:18:45.83,Default,,0000,0000,0000,,product liability directive to services.\NThere is enormous pushback on that.
Dialogue: 0,0:18:45.83,0:18:50.43,Default,,0000,0000,0000,,Companies like Google and Facebook and so\Non don't like the idea that they should be
Dialogue: 0,0:18:50.43,0:18:55.62,Default,,0000,0000,0000,,as liable for mistakes made by Google\NMaps, as for example, Garmin is liable for
Dialogue: 0,0:18:55.62,0:19:00.93,Default,,0000,0000,0000,,mistakes made by the navigators. And then\Nthere's the whole business of how do you
Dialogue: 0,0:19:00.93,0:19:05.22,Default,,0000,0000,0000,,take the information that European\Ninstitutions already have on breaches and
Dialogue: 0,0:19:05.22,0:19:10.14,Default,,0000,0000,0000,,vulnerabilities and report this not just\Nto ENISA, but the safety regulators and
Dialogue: 0,0:19:10.14,0:19:14.16,Default,,0000,0000,0000,,users, because somehow you've got to\Ncreate a learning system. And this is
Dialogue: 0,0:19:14.16,0:19:19.05,Default,,0000,0000,0000,,perhaps one of the big pieces of work to\Nbe done. How do you take, I mean, once all
Dialogue: 0,0:19:19.05,0:19:23.55,Default,,0000,0000,0000,,cars are sort of semi intelligent, once\Neverybody's got telemetry and once that
Dialogue: 0,0:19:23.55,0:19:28.05,Default,,0000,0000,0000,,are, you know, gigabytes of data\Neverywhere, then whenever there's a car
Dialogue: 0,0:19:28.05,0:19:34.05,Default,,0000,0000,0000,,crash, the data have to go to all sorts of\Nplaces, to the police, to the insurers, to
Dialogue: 0,0:19:34.05,0:19:40.35,Default,,0000,0000,0000,,courts, and then, of course, up to the car\Nmakers and regulators and component
Dialogue: 0,0:19:40.35,0:19:45.06,Default,,0000,0000,0000,,suppliers and so on. How do you design the\Nsystem that will cause the right data to
Dialogue: 0,0:19:45.06,0:19:49.68,Default,,0000,0000,0000,,get to the right place, which will still\Nrespect people's privacy rights and all
Dialogue: 0,0:19:49.68,0:19:54.90,Default,,0000,0000,0000,,the various other legal obligations? This\Nis a huge project and nobody has really
Dialogue: 0,0:19:54.90,0:19:59.88,Default,,0000,0000,0000,,started to think yet about how it's going\Nto be done, right. At present, if you've
Dialogue: 0,0:19:59.88,0:20:03.78,Default,,0000,0000,0000,,got a crash in a car like a Tesla, which\Nhas got very good telemetry, you basically
Dialogue: 0,0:20:03.78,0:20:07.20,Default,,0000,0000,0000,,have to take Tesla to court to get the\Ndata because otherwise they won't hand it
Dialogue: 0,0:20:07.20,0:20:13.32,Default,,0000,0000,0000,,over. Right. We need a better regime for\Nthis. And that at present is a blank
Dialogue: 0,0:20:13.32,0:20:18.91,Default,,0000,0000,0000,,slate. It's up to us, I suppose, to figure\Nout how such a system should be designed
Dialogue: 0,0:20:18.91,0:20:23.87,Default,,0000,0000,0000,,and built, and it will take many years to\Ndo it, right. If you want a safe system, a
Dialogue: 0,0:20:23.87,0:20:32.94,Default,,0000,0000,0000,,system that learns this is what is going\Nto involve. But there's one thing that
Dialogue: 0,0:20:32.94,0:20:37.92,Default,,0000,0000,0000,,struck us after we'd done this work, after\Nwe delivered this to the European
Dialogue: 0,0:20:37.92,0:20:41.94,Default,,0000,0000,0000,,Commission, that I'd gone to Brussels and\Ngiven a thought to dozens and dozens of
Dialogue: 0,0:20:41.94,0:20:49.06,Default,,0000,0000,0000,,security guys. Richard Clayton and I went\Nto Schloss Dagstuhl for a weeklong seminar
Dialogue: 0,0:20:49.06,0:20:53.01,Default,,0000,0000,0000,,on some other security topic. And we were\Njust chatting one evening and we said,
Dialogue: 0,0:20:53.01,0:21:00.25,Default,,0000,0000,0000,,well, you know, what did we actually learn\Nfrom this whole exercise on
Dialogue: 0,0:21:00.25,0:21:07.09,Default,,0000,0000,0000,,standardization and certification? Well,\Nit's basically this. That there's two
Dialogue: 0,0:21:07.09,0:21:12.79,Default,,0000,0000,0000,,types of secure things that we currently\Nknow how to make. The first is stuff like
Dialogue: 0,0:21:12.79,0:21:17.89,Default,,0000,0000,0000,,your phone or your laptop, which is secure\Nbecause you patch it every month. Right.
Dialogue: 0,0:21:17.89,0:21:22.18,Default,,0000,0000,0000,,But then you have to throw it away after\Nthree years because Larry and Sergei don't
Dialogue: 0,0:21:22.18,0:21:35.92,Default,,0000,0000,0000,,have enough money to maintain three\Nversions of Android. And then we've got
Dialogue: 0,0:21:35.92,0:21:41.46,Default,,0000,0000,0000,,things like cars and medical devices where\Nwe test them to death before release and
Dialogue: 0,0:21:41.46,0:21:46.60,Default,,0000,0000,0000,,we don't connect them to the Internet, and\Nwe almost never patch them unless Charlie
Dialogue: 0,0:21:46.60,0:21:52.75,Default,,0000,0000,0000,,Miller and Chris Fellowship get to go at\Nyour car that is. So what's gonna happen
Dialogue: 0,0:21:52.75,0:21:59.05,Default,,0000,0000,0000,,to support costs? Now that we're starting\Nto patch cars and you have to patch cars
Dialogue: 0,0:21:59.05,0:22:02.89,Default,,0000,0000,0000,,because they're online, I want some things\Nonline, right? Anybody in the world can
Dialogue: 0,0:22:02.89,0:22:06.76,Default,,0000,0000,0000,,attack us. If a vulnerability is\Ndiscovered, it can be scaled and something
Dialogue: 0,0:22:06.76,0:22:11.15,Default,,0000,0000,0000,,that you can previously ignore suddenly\Nbecomes something that you have to fix.
Dialogue: 0,0:22:11.15,0:22:14.65,Default,,0000,0000,0000,,And if you, you have to pull all your cars\Ninto a garage to patch them, that costs
Dialogue: 0,0:22:14.65,0:22:18.49,Default,,0000,0000,0000,,real money. So you need to be able to\Npatch them over the air. So all of a
Dialogue: 0,0:22:18.49,0:22:26.92,Default,,0000,0000,0000,,sudden cars become like computers or\Nphones. So what is this going to mean? So
Dialogue: 0,0:22:26.92,0:22:34.03,Default,,0000,0000,0000,,this is the trilemma. If you've got a\Nstandard safety life cycle, there's no
Dialogue: 0,0:22:34.03,0:22:38.15,Default,,0000,0000,0000,,patching. You get safety and\Nsustainability, but you can't go online
Dialogue: 0,0:22:38.15,0:22:43.60,Default,,0000,0000,0000,,because you'll get hacked. And if you get\Nthe standard security lifecycle you're
Dialogue: 0,0:22:43.60,0:22:50.65,Default,,0000,0000,0000,,patching, but that breaks the safety\Ncertification, so that's a problem. And if
Dialogue: 0,0:22:50.65,0:22:54.73,Default,,0000,0000,0000,,you get patching plus redoing safety\Ncertification with current methods, then
Dialogue: 0,0:22:54.73,0:22:58.93,Default,,0000,0000,0000,,the cost of maintaining your safety rating\Ncan be sky high. So here's the big
Dialogue: 0,0:22:58.93,0:23:09.77,Default,,0000,0000,0000,,problem. How do you get safety, security\Nand sustainability at the same time? Now
Dialogue: 0,0:23:09.77,0:23:13.04,Default,,0000,0000,0000,,this brings us to another thing that a\Nnumber of people at this congress are
Dialogue: 0,0:23:13.04,0:23:17.96,Default,,0000,0000,0000,,interested in: the right to repair. This\Nis the Centennial Light, right? It's been
Dialogue: 0,0:23:17.96,0:23:24.23,Default,,0000,0000,0000,,running since 1901. Right. It's in\NLivermore in California. It's kind of dim,
Dialogue: 0,0:23:24.23,0:23:30.20,Default,,0000,0000,0000,,but you can go there and you can see it.\NStill there. In 1924, the three firms have
Dialogue: 0,0:23:30.20,0:23:34.79,Default,,0000,0000,0000,,dominated the light business. GE, Osram\Nand Philips agreed to reduce average bulb
Dialogue: 0,0:23:34.79,0:23:39.59,Default,,0000,0000,0000,,lifetime some 2500 hours to 1000\Nhours. Why? In order to sell more of
Dialogue: 0,0:23:39.59,0:23:46.43,Default,,0000,0000,0000,,them. And one of the things that's come\Nalong with CPUs and communications and so
Dialogue: 0,0:23:46.43,0:23:52.36,Default,,0000,0000,0000,,on with smart stuff to use, that horrible\Nword, is that firms are now using online
Dialogue: 0,0:23:52.36,0:23:58.34,Default,,0000,0000,0000,,mechanisms, software and cryptographic\Nmechanisms in order to make it hard or
Dialogue: 0,0:23:58.34,0:24:03.86,Default,,0000,0000,0000,,even illegal to fix products. And I\Nbelieve that there's a case against Apple
Dialogue: 0,0:24:03.86,0:24:16.79,Default,,0000,0000,0000,,going on in France about this. Now, you\Nmight not think it's something that
Dialogue: 0,0:24:16.79,0:24:20.78,Default,,0000,0000,0000,,politicians will get upset about, that you\Nhave to throw away your phone after three
Dialogue: 0,0:24:20.78,0:24:25.07,Default,,0000,0000,0000,,years instead of after five years. But\Nhere's something you really should worry
Dialogue: 0,0:24:25.07,0:24:31.64,Default,,0000,0000,0000,,about. Vehicle life cycle economics,\Nbecause the lifetimes of cars in Europe
Dialogue: 0,0:24:31.64,0:24:36.99,Default,,0000,0000,0000,,have about doubled in the last 40 years.\NAnd the average age of a car in Britain,
Dialogue: 0,0:24:36.99,0:24:46.53,Default,,0000,0000,0000,,which is scrapped, is now almost 15 years.\NSo what's going to happen once you've got,
Dialogue: 0,0:24:46.53,0:24:54.11,Default,,0000,0000,0000,,you know, wonderful self-driving software\Nin all the cars. Well, a number of big car
Dialogue: 0,0:24:54.11,0:25:00.20,Default,,0000,0000,0000,,companies, including in this country, were\Ntaking the view two years ago that they
Dialogue: 0,0:25:00.20,0:25:06.32,Default,,0000,0000,0000,,wanted people to scrap their cars after\Nsix years and buy a new one. Hey, makes
Dialogue: 0,0:25:06.32,0:25:10.10,Default,,0000,0000,0000,,business sense, doesn't it? If you're Mr.\NMercedes, your business model is if the
Dialogue: 0,0:25:10.10,0:25:13.79,Default,,0000,0000,0000,,customer is rich, you sell him a three\Nyear lease on a new car. And if the
Dialogue: 0,0:25:13.79,0:25:18.37,Default,,0000,0000,0000,,customer is not quite so rich, you sell\Nhim a three year lease on a Mercedes
Dialogue: 0,0:25:18.37,0:25:23.72,Default,,0000,0000,0000,,approved used car. And if somebody drives a\Nseven year old Mercedes, that's thought
Dialogue: 0,0:25:23.72,0:25:31.62,Default,,0000,0000,0000,,crime. You know, they should emigrate to\NAfrica or something. So this was the view
Dialogue: 0,0:25:31.62,0:25:38.07,Default,,0000,0000,0000,,of the vehicle makers. But here's the rub.\NThe embedded CO2 costs of a car often
Dialogue: 0,0:25:38.07,0:25:43.38,Default,,0000,0000,0000,,exceeds its lifetime fuel burn. My best\Nestimate for the embedded CO2 costs of an
Dialogue: 0,0:25:43.38,0:25:48.03,Default,,0000,0000,0000,,E-class American is 35 tons. So go and\Nwork out, you know, how many liters per
Dialogue: 0,0:25:48.03,0:25:53.76,Default,,0000,0000,0000,,100 kilometers and how many kilometers\Nit's gonna run in 15 years. And you come
Dialogue: 0,0:25:53.76,0:25:59.71,Default,,0000,0000,0000,,to the conclusion that if you get a six\Nyear lifetime, then maybe you are
Dialogue: 0,0:25:59.71,0:26:07.18,Default,,0000,0000,0000,,decreasing the range of the car from 300\N000 kilometers to 100 000 kilometers. And
Dialogue: 0,0:26:07.18,0:26:13.08,Default,,0000,0000,0000,,so you're approximately doubling the\Noverall CO2 emissions. Taking the whole
Dialogue: 0,0:26:13.08,0:26:16.71,Default,,0000,0000,0000,,life cycle, not just the scope one, but\Nthe scope two, and the scope three, the
Dialogue: 0,0:26:16.71,0:26:22.32,Default,,0000,0000,0000,,embedded stuff as well. And then there are\Nother consequences. What about Africa,
Dialogue: 0,0:26:22.32,0:26:26.82,Default,,0000,0000,0000,,where most vehicles are imported second\Nhand? If you go to Nairobi, all the cars
Dialogue: 0,0:26:26.82,0:26:31.11,Default,,0000,0000,0000,,are between 10 and 20 years old, right?\NThey arrive in the docks in Mombasa when
Dialogue: 0,0:26:31.11,0:26:35.31,Default,,0000,0000,0000,,they're already 10 years old and people\Ndrive them for 10 years and then they end
Dialogue: 0,0:26:35.31,0:26:39.09,Default,,0000,0000,0000,,up in Uganda or Chad or somewhere like\Nthat. And they're repaired for as long as
Dialogue: 0,0:26:39.09,0:26:43.56,Default,,0000,0000,0000,,they're repairable. What's going to happen\Nto road transport in Africa if all of a
Dialogue: 0,0:26:43.56,0:26:48.66,Default,,0000,0000,0000,,sudden there's a software time bomb that\Ncauses cars to self-destruct? Ten years
Dialogue: 0,0:26:48.66,0:26:56.04,Default,,0000,0000,0000,,after we leave the showroom. And if there\Nisn't, what about safety? I don't know
Dialogue: 0,0:26:56.04,0:27:00.42,Default,,0000,0000,0000,,what the rules are here, but in Britain I\Nhave to get my car through a safety
Dialogue: 0,0:27:00.42,0:27:05.01,Default,,0000,0000,0000,,examination every year, once it's more\Nthan three years old. And it's entirely
Dialogue: 0,0:27:05.01,0:27:09.51,Default,,0000,0000,0000,,foreseeable that within two or three years\Nthe mechanic will want to check that the
Dialogue: 0,0:27:09.51,0:27:15.88,Default,,0000,0000,0000,,software is up to date. So once the\Nsoftware update is no longer available,
Dialogue: 0,0:27:15.88,0:27:24.58,Default,,0000,0000,0000,,that's basically saying this car must now\Nbe exported or scrapped. I couldn't resist
Dialogue: 0,0:27:24.58,0:27:29.12,Default,,0000,0000,0000,,the temptation to put in a cartoon:\N"My engine's making a weird noise."
Dialogue: 0,0:27:29.12,0:27:32.49,Default,,0000,0000,0000,,"Can you take a look?"\N"Sure. Just pop the hood. Oh, the hood
Dialogue: 0,0:27:32.49,0:27:36.60,Default,,0000,0000,0000,,latch is also broken. Okay, just pull up\Nto that big pit and push the car in. We'll
Dialogue: 0,0:27:36.60,0:27:41.40,Default,,0000,0000,0000,,go get a new one."\NRight? This is if we start treating cars
Dialogue: 0,0:27:41.40,0:27:53.25,Default,,0000,0000,0000,,the way we treat consumer electronics. So\Nwhat's a reasonable design lifetime? Well,
Dialogue: 0,0:27:53.25,0:27:58.26,Default,,0000,0000,0000,,with cars, the way it is going is maybe 18\Nyears, say 10 years from the sale of the
Dialogue: 0,0:27:58.26,0:28:03.66,Default,,0000,0000,0000,,last products in a model range, domestic\Nappliances, 10 years because of spares
Dialogue: 0,0:28:03.66,0:28:09.72,Default,,0000,0000,0000,,obligation plus store life, say 15.\NMedical devices: If a pacemaker lives for
Dialogue: 0,0:28:09.72,0:28:16.41,Default,,0000,0000,0000,,10 years, then maybe you need 20 years. Of\Nelectricity substations, even more. So
Dialogue: 0,0:28:16.41,0:28:22.50,Default,,0000,0000,0000,,from the point of view of engineers, the\Nquestion is, how can you see to it that
Dialogue: 0,0:28:22.50,0:28:27.69,Default,,0000,0000,0000,,your software will be patchable for 20\Nyears? So as we put it in the abstract, if
Dialogue: 0,0:28:27.69,0:28:34.83,Default,,0000,0000,0000,,you are writing software now for a car\Nthat will go on sale in 2023, what sort of
Dialogue: 0,0:28:34.83,0:28:39.09,Default,,0000,0000,0000,,languages, what sort of tool change should\Nyou use? What sort of crypto should you
Dialogue: 0,0:28:39.09,0:28:46.39,Default,,0000,0000,0000,,use so that you're sure you'll still be\Nable to patch that software in 2043? And
Dialogue: 0,0:28:46.39,0:28:50.04,Default,,0000,0000,0000,,that isn't just about the languages and\Ncompilers and linkers and so on. That's
Dialogue: 0,0:28:50.04,0:28:59.49,Default,,0000,0000,0000,,about the whole ecosystem. So what did the\NEU do? Well, I'm pleased to say that at
Dialogue: 0,0:28:59.49,0:29:05.80,Default,,0000,0000,0000,,the third attempt, the EU managed to get\Nsome law through on this. Their active 771
Dialogue: 0,0:29:05.80,0:29:10.44,Default,,0000,0000,0000,,this year on smart goods says that buyers\Nof goods with digital elements are
Dialogue: 0,0:29:10.44,0:29:15.57,Default,,0000,0000,0000,,entitled to necessary updates for two\Nyears or for a longer period of time if
Dialogue: 0,0:29:15.57,0:29:20.88,Default,,0000,0000,0000,,this is a reasonable expectation of the\Ncustomer. This is what they managed to get
Dialogue: 0,0:29:20.88,0:29:24.99,Default,,0000,0000,0000,,through the parliament. And what we would\Nexpect is that this will mean at least 10
Dialogue: 0,0:29:24.99,0:29:29.52,Default,,0000,0000,0000,,years for cars, ovens, fridges, air\Nconditioning and so on because of existing
Dialogue: 0,0:29:29.52,0:29:35.10,Default,,0000,0000,0000,,provisions about physical spares. And\Nwhat's more, the trader has got the burden
Dialogue: 0,0:29:35.10,0:29:39.72,Default,,0000,0000,0000,,of proof in the first couple of years if\Nthere's disputes. So there is now the
Dialogue: 0,0:29:39.72,0:29:48.16,Default,,0000,0000,0000,,legal framework there to create the demand\Nfor long term patching of software. And
Dialogue: 0,0:29:48.16,0:29:54.57,Default,,0000,0000,0000,,now it's kind of up to us. If the durable\Ngoods were deciding today are still
Dialogue: 0,0:29:54.57,0:30:00.03,Default,,0000,0000,0000,,working in 2039, then a whole bunch of\Nthings are gonna have to change. Computer
Dialogue: 0,0:30:00.03,0:30:04.65,Default,,0000,0000,0000,,science has always been about managing\Ncomplexity ever since the very first high
Dialogue: 0,0:30:04.65,0:30:09.78,Default,,0000,0000,0000,,level languages and the history goes on\Nfrom there through types and objects and
Dialogue: 0,0:30:09.78,0:30:14.73,Default,,0000,0000,0000,,tools like git and Jenkins and Coverity.\NSo here's a question for the computer
Dialogue: 0,0:30:14.73,0:30:19.56,Default,,0000,0000,0000,,scientists here. What else is going to be\Nneeded for sustainable computing? Once we
Dialogue: 0,0:30:19.56,0:30:31.44,Default,,0000,0000,0000,,have software in just about everything. So\Nresearch topics to support 20 year
Dialogue: 0,0:30:31.44,0:30:35.67,Default,,0000,0000,0000,,patching include a more stable and\Npowerful toolchain. We know how complex
Dialogue: 0,0:30:35.67,0:30:41.73,Default,,0000,0000,0000,,this can be from crypto with looking at\Nhistory of the last 20 years of TLS. Cars
Dialogue: 0,0:30:41.73,0:30:45.48,Default,,0000,0000,0000,,teach that it's difficult and expensive to\Nsustain all the different test
Dialogue: 0,0:30:45.48,0:30:50.79,Default,,0000,0000,0000,,environments. You have a different models\Nof cars. Control systems teach for that
Dialogue: 0,0:30:50.79,0:30:54.48,Default,,0000,0000,0000,,you can make small changes to the\Narchitecture, which will then limit what
Dialogue: 0,0:30:54.48,0:30:59.64,Default,,0000,0000,0000,,you have to patch. Android teaches how do\Nyou go about motivating OEMs to patch
Dialogue: 0,0:30:59.64,0:31:04.14,Default,,0000,0000,0000,,products that they no longer sell. In this\Ncase, it's European law, but there's maybe
Dialogue: 0,0:31:04.14,0:31:10.84,Default,,0000,0000,0000,,other things you can do too. What does it\Nmean for those of us who teach and
Dialogue: 0,0:31:10.84,0:31:15.09,Default,,0000,0000,0000,,research in universities? Well, since\N2016, I've been teaching safety and
Dialogue: 0,0:31:15.09,0:31:20.49,Default,,0000,0000,0000,,security together in the same course the\Nfirst year undergraduates, because
Dialogue: 0,0:31:20.49,0:31:25.56,Default,,0000,0000,0000,,presenting these ideas together in\Nlockstep will help people to think in more
Dialogue: 0,0:31:25.56,0:31:30.30,Default,,0000,0000,0000,,unified terms about how it all holds\Ntogether. In research terms we've have
Dialogue: 0,0:31:30.30,0:31:34.59,Default,,0000,0000,0000,,been starting to look at what we can do to\Nmake the tool chain more sustainable. For
Dialogue: 0,0:31:34.59,0:31:39.75,Default,,0000,0000,0000,,example, one of the problems that you have\Nif you maintain crypto software is that
Dialogue: 0,0:31:39.75,0:31:44.55,Default,,0000,0000,0000,,every so often the compiler writes, okay,\Nso a little bit smarter and the compiler
Dialogue: 0,0:31:44.55,0:31:48.45,Default,,0000,0000,0000,,figures out that these extra padding\Ninstructions that you put in to make the
Dialogue: 0,0:31:48.45,0:31:53.97,Default,,0000,0000,0000,,the loops of your crypto routines run in\Nconstant time and to scrub the contents of
Dialogue: 0,0:31:53.97,0:31:58.13,Default,,0000,0000,0000,,round keys once you are no longer in use,\Nare not doing any real work, and it
Dialogue: 0,0:31:58.13,0:32:02.84,Default,,0000,0000,0000,,removes them. And all of a sudden from one\Nday to the next, you find that your crypto
Dialogue: 0,0:32:02.84,0:32:07.52,Default,,0000,0000,0000,,has sprung a huge big timing leak and then\Nyou have to rush to get somebody out of
Dialogue: 0,0:32:07.52,0:32:11.90,Default,,0000,0000,0000,,bed to fix the tool chain. So one of the\Nthings that we thought was that better
Dialogue: 0,0:32:11.90,0:32:17.36,Default,,0000,0000,0000,,ways for programmers to communicate intent\Nmight help. And so there's a paper by
Dialogue: 0,0:32:17.36,0:32:21.80,Default,,0000,0000,0000,,Laurent Simon and David Chisnall and I\Nwhere we looked about zeroising sensitive
Dialogue: 0,0:32:21.80,0:32:27.83,Default,,0000,0000,0000,,variables and doing constant time loops\Nwith a plug in and VM. And that led to a
Dialogue: 0,0:32:27.83,0:32:32.81,Default,,0000,0000,0000,,EuroS&amp;P paper a year and a half ago: "What\Nyou get is what you C", and there's a plug
Dialogue: 0,0:32:32.81,0:32:40.77,Default,,0000,0000,0000,,in that you can download them and play\Nwith. Macro scale sustainable security is
Dialogue: 0,0:32:40.77,0:32:45.98,Default,,0000,0000,0000,,going to require a lot more. Despite the\Nproblems in the area industry with the
Dialogue: 0,0:32:45.98,0:32:51.80,Default,,0000,0000,0000,,737Max, the aerospace industry still has\Ngot a better feedback loop of learning
Dialogue: 0,0:32:51.80,0:32:59.28,Default,,0000,0000,0000,,from incidents and accidents. And we don't\Nhave that yet in any of the fields like
Dialogue: 0,0:32:59.28,0:33:05.36,Default,,0000,0000,0000,,cars and so on. It's going to be needed.\NWhat can we use as a guide? Security
Dialogue: 0,0:33:05.36,0:33:13.07,Default,,0000,0000,0000,,economics is one set of intellectual tools\Nthat can be applied. We've known for
Dialogue: 0,0:33:13.07,0:33:18.02,Default,,0000,0000,0000,,almost 20 years now that complex socio-\Ntechnical systems often fail because of
Dialogue: 0,0:33:18.02,0:33:22.49,Default,,0000,0000,0000,,poor incentives. If Alice guards a system\Nand Bob pays the cost of failure, you can
Dialogue: 0,0:33:22.49,0:33:27.74,Default,,0000,0000,0000,,expect trouble. And so security economics\Nresearchers can explain platform security
Dialogue: 0,0:33:27.74,0:33:34.04,Default,,0000,0000,0000,,problems, patching cycle liability games\Nand so on. And the same principles apply
Dialogue: 0,0:33:34.04,0:33:38.75,Default,,0000,0000,0000,,to safety and will become even more\Nimportant as safety and security become
Dialogue: 0,0:33:38.75,0:33:43.94,Default,,0000,0000,0000,,entangled. Also, we'll get even more data\Nand we'll be able to do more research and
Dialogue: 0,0:33:43.94,0:33:51.08,Default,,0000,0000,0000,,get more insights from the data. So where\Ndoes this lead? Well, our papers Making
Dialogue: 0,0:33:51.08,0:33:56.24,Default,,0000,0000,0000,,security sustainable, and the thing that\Nwe did for the EU standardization and
Dialogue: 0,0:33:56.24,0:34:00.50,Default,,0000,0000,0000,,certification of the Internet of Things\Nare on my web page together with other
Dialogue: 0,0:34:00.50,0:34:04.91,Default,,0000,0000,0000,,relevant papers on topics around\Nsustainability from, you know, smart
Dialogue: 0,0:34:04.91,0:34:11.28,Default,,0000,0000,0000,,metering to pushing back on wildlife\Ncrime. And that's the first place to go if
Dialogue: 0,0:34:11.28,0:34:15.54,Default,,0000,0000,0000,,you're interested in this stuff. And\Nthere's also our blog. And if you're
Dialogue: 0,0:34:15.54,0:34:20.79,Default,,0000,0000,0000,,interested in these kinds of issues at the\Ninterface between technology and policy of
Dialogue: 0,0:34:20.79,0:34:25.98,Default,,0000,0000,0000,,how incentives work and how they very\Noften fail when it comes to complex socio-
Dialogue: 0,0:34:25.98,0:34:31.24,Default,,0000,0000,0000,,technical systems, then does the workshop\Non the Economics of Information Security
Dialogue: 0,0:34:31.24,0:34:36.75,Default,,0000,0000,0000,,in Brussels next June is the place where\Nacademics interested in these topics tend
Dialogue: 0,0:34:36.75,0:34:47.40,Default,,0000,0000,0000,,to meet up. So perhaps we'll see a few of\Nyou there in June. And with that, there's
Dialogue: 0,0:34:47.40,0:34:53.25,Default,,0000,0000,0000,,a book on security engineering which goes\Nover some of these things and there's a
Dialogue: 0,0:34:53.25,0:34:56.13,Default,,0000,0000,0000,,third edition in the pipeline.
Dialogue: 0,0:34:56.13,0:34:58.58,Default,,0000,0000,0000,,H: Thank you very much,\NRoss Anderson, for the talk.
Dialogue: 0,0:34:58.58,0:35:08.79,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:35:08.79,0:35:13.29,Default,,0000,0000,0000,,We will start the Q&amp;A session a little bit\Ndifferently than you used to, Ross has a
Dialogue: 0,0:35:13.29,0:35:18.81,Default,,0000,0000,0000,,question to you. So he told me there will\Nbe a third edition of his book and he is
Dialogue: 0,0:35:18.81,0:35:24.74,Default,,0000,0000,0000,,not yet sure about the cover he wants to\Nhave. So you are going to choose. And so
Dialogue: 0,0:35:24.74,0:35:29.54,Default,,0000,0000,0000,,that the people on the stream also can\Nhear your choice, I would like you to make
Dialogue: 0,0:35:29.54,0:35:36.61,Default,,0000,0000,0000,,a humming noise for the cover which you\Nlike more. You will first see Bill's covers.
Dialogue: 0,0:35:36.61,0:35:43.57,Default,,0000,0000,0000,,R: Cover 1, and cover 2.\NH: So, who of you would like to prefer the
Dialogue: 0,0:35:43.57,0:35:52.51,Default,,0000,0000,0000,,first cover?\N{\i1}applause{\i0} Come on.
Dialogue: 0,0:35:52.51,0:36:01.85,Default,,0000,0000,0000,,And the second choice. {\i1}louder applause{\i0}\NOK. I think we have a clear favorite here
Dialogue: 0,0:36:01.85,0:36:04.52,Default,,0000,0000,0000,,from the audience, so it would\Nbe the second cover.
Dialogue: 0,0:36:04.52,0:36:08.69,Default,,0000,0000,0000,,R: Thanks.\NH: And we will look forward to see this
Dialogue: 0,0:36:08.69,0:36:13.73,Default,,0000,0000,0000,,cover next year then. So if you now have\Nquestions yourself, you can line up in
Dialogue: 0,0:36:13.73,0:36:18.87,Default,,0000,0000,0000,,front of the microphones. You will find\Neight distributed in the hall, three in
Dialogue: 0,0:36:18.87,0:36:27.07,Default,,0000,0000,0000,,the middle, two on the sides. Signal Angel\Nhas the first question from the Internet.
Dialogue: 0,0:36:27.07,0:36:31.56,Default,,0000,0000,0000,,Person1: The first question is, is there a\Nreason why you didn't include aviation
Dialogue: 0,0:36:31.56,0:36:36.28,Default,,0000,0000,0000,,into your research?\NR: We were asked to choose three fields,
Dialogue: 0,0:36:36.28,0:36:40.65,Default,,0000,0000,0000,,and the three fields I chose were the ones\Nin which we's worked more, most recently.
Dialogue: 0,0:36:40.65,0:36:46.41,Default,,0000,0000,0000,,I did some work in avionics for that was\N40 years ago, so I'm no longer current.
Dialogue: 0,0:36:46.41,0:36:49.10,Default,,0000,0000,0000,,H: Alright, a question from microphone\Nnumber two, please.
Dialogue: 0,0:36:49.10,0:36:54.10,Default,,0000,0000,0000,,Person2: Hi. Thanks for your talk. What\NI'm wondering most about is where do you
Dialogue: 0,0:36:54.10,0:37:00.75,Default,,0000,0000,0000,,believe the balance will fall in the fight\Nbetween privacy, the want of the
Dialogue: 0,0:37:00.75,0:37:06.58,Default,,0000,0000,0000,,manufacturer to prove that it wasn't their\Nfault and the right to repair?
Dialogue: 0,0:37:06.58,0:37:10.12,Default,,0000,0000,0000,,R: Well, this is an immensely complex\Nquestion and it's one that we'll be
Dialogue: 0,0:37:10.12,0:37:15.10,Default,,0000,0000,0000,,fighting about for the next 20 years. But\Nall I can suggest is that we study the
Dialogue: 0,0:37:15.10,0:37:19.67,Default,,0000,0000,0000,,problems in detail, that we collect the\Ndata that we need to say coherent things
Dialogue: 0,0:37:19.67,0:37:24.28,Default,,0000,0000,0000,,to policymakers and that we use the\Nintellectual tools that we have, such as
Dialogue: 0,0:37:24.28,0:37:28.76,Default,,0000,0000,0000,,the economics of security in order to\Ninform these arguments. That's the best
Dialogue: 0,0:37:28.76,0:37:32.60,Default,,0000,0000,0000,,way that we can fight these fights, you\Nknow, by being clearheaded and by being
Dialogue: 0,0:37:32.60,0:37:35.87,Default,,0000,0000,0000,,informed.\NH: Thank you. A question from microphone
Dialogue: 0,0:37:35.87,0:37:44.84,Default,,0000,0000,0000,,number four, please. Can you switch on the\Nmicrophone number four.
Dialogue: 0,0:37:44.84,0:37:51.38,Default,,0000,0000,0000,,Person3: Oh, sorry. Hello. Thank you for\Nthe talk. As a software engineer, arguably
Dialogue: 0,0:37:51.38,0:37:57.05,Default,,0000,0000,0000,,I can cause much more damage than a single\Nmedical professional simply because of the
Dialogue: 0,0:37:57.05,0:38:04.04,Default,,0000,0000,0000,,multiplication of my work. Why is it that\Nthere is still no conversation about
Dialogue: 0,0:38:04.04,0:38:09.24,Default,,0000,0000,0000,,software engineers caring liability\Ninsurance and being collaborative for the
Dialogue: 0,0:38:09.24,0:38:13.48,Default,,0000,0000,0000,,work they do?\NR: Well, that again is a complex question.
Dialogue: 0,0:38:13.48,0:38:16.87,Default,,0000,0000,0000,,And there are some countries like Canada\Nwhere being a professional engineer gives
Dialogue: 0,0:38:16.87,0:38:21.70,Default,,0000,0000,0000,,you a particular status. I think it's\Ncultural as much as anything else, because
Dialogue: 0,0:38:21.70,0:38:27.36,Default,,0000,0000,0000,,our trade has always been freewheeling,\Nit's always been growing very quickly. And
Dialogue: 0,0:38:27.36,0:38:31.97,Default,,0000,0000,0000,,throughout my lifetime it's been sucking\Nup a fair proportion of science graduates.
Dialogue: 0,0:38:31.97,0:38:35.06,Default,,0000,0000,0000,,If you were to restrict software\Nengineering to people with degrees in
Dialogue: 0,0:38:35.06,0:38:38.38,Default,,0000,0000,0000,,computer science, then we would have an\Nawful lot fewer people. I wouldn't be
Dialogue: 0,0:38:38.38,0:38:43.19,Default,,0000,0000,0000,,here, for example, because my first\Ndegree was in pure math.
Dialogue: 0,0:38:43.19,0:38:46.74,Default,,0000,0000,0000,,H: All right, the question from microphone\Nnumber one, please.
Dialogue: 0,0:38:46.74,0:38:52.65,Default,,0000,0000,0000,,Person4: Hi. Thank you for the talk. My\Nquestion is also about aviation, because
Dialogue: 0,0:38:52.65,0:38:59.40,Default,,0000,0000,0000,,as I understand that a lot of the, all\Nretired aircraft and other equipment is
Dialogue: 0,0:38:59.40,0:39:06.31,Default,,0000,0000,0000,,dumped into the so-called developing\Ncountries. And with the modern technology
Dialogue: 0,0:39:06.31,0:39:12.18,Default,,0000,0000,0000,,and the modern aircraft where the issue of\Nmaintain or software or betting would
Dialogue: 0,0:39:12.18,0:39:19.09,Default,,0000,0000,0000,,still be in question. But how do we see\Nthat rolling out also for the so-called
Dialogue: 0,0:39:19.09,0:39:24.63,Default,,0000,0000,0000,,third world countries? Because I am a\NPakistani journalist, but this worries me
Dialogue: 0,0:39:24.63,0:39:31.92,Default,,0000,0000,0000,,a lot because we get so many devices\Ndumped into Pakistan after they're retired
Dialogue: 0,0:39:31.92,0:39:36.71,Default,,0000,0000,0000,,and people just use them. I mean, it's a\Ncountry that can not even afford a license,
Dialogue: 0,0:39:36.71,0:39:41.46,Default,,0000,0000,0000,,to operating system. So maybe you could\Nshed a light on that. Thank you.
Dialogue: 0,0:39:41.46,0:39:45.55,Default,,0000,0000,0000,,R: Well, there are some positive things\Nthat can be done. Development IT is
Dialogue: 0,0:39:45.55,0:39:50.84,Default,,0000,0000,0000,,something in which we are engaged. You can\Nfind the details of my Web site, but good
Dialogue: 0,0:39:50.84,0:39:55.81,Default,,0000,0000,0000,,things don't necessarily have to involve\NIT. One of my school friends became an
Dialogue: 0,0:39:55.81,0:40:00.70,Default,,0000,0000,0000,,anesthetist and after he retired, he\Ndevoted his energies to developing an
Dialogue: 0,0:40:00.70,0:40:05.69,Default,,0000,0000,0000,,infusion pump for use in less developed\Ncountries, which was very much cheaper
Dialogue: 0,0:40:05.69,0:40:09.34,Default,,0000,0000,0000,,than the ones that we saw on the screen\Nthere. And it's also safe, rugged,
Dialogue: 0,0:40:09.34,0:40:16.08,Default,,0000,0000,0000,,reliable and designed for for use in\Nplaces like Pakistan and Africa and South
Dialogue: 0,0:40:16.08,0:40:22.18,Default,,0000,0000,0000,,America. So the appropriate technology\Ndoesn't always have to be the wiziest?,
Dialogue: 0,0:40:22.18,0:40:29.19,Default,,0000,0000,0000,,right. And if you've got very bad roads,\Nas in India, in Africa, and relatively
Dialogue: 0,0:40:29.19,0:40:33.88,Default,,0000,0000,0000,,cheap labor, then perhaps autonomous\Ncars should not be a priority.
Dialogue: 0,0:40:33.88,0:40:35.80,Default,,0000,0000,0000,,Person4: Thank you.\NH: All right. We have another question
Dialogue: 0,0:40:35.80,0:40:40.69,Default,,0000,0000,0000,,from the Internet, the Signal Angel, please?\NPerson5: Why force updates by law?
Dialogue: 0,0:40:40.69,0:40:45.36,Default,,0000,0000,0000,,Wouldn't it be better to prohibit the\Nimportant things from accessing the
Dialogue: 0,0:40:45.36,0:40:50.35,Default,,0000,0000,0000,,Internet by law?\NR: Well, politics is the art of the
Dialogue: 0,0:40:50.35,0:40:56.64,Default,,0000,0000,0000,,possible. And you can only realistically\Ntalk about a certain number of things at
Dialogue: 0,0:40:56.64,0:41:00.90,Default,,0000,0000,0000,,any one time in any political culture or\Nthe so-called Overton Window. Now, if
Dialogue: 0,0:41:00.90,0:41:05.93,Default,,0000,0000,0000,,you talked about banning technology,\Nbanning cars that are connected to the
Dialogue: 0,0:41:05.93,0:41:10.29,Default,,0000,0000,0000,,Internet as a minister, you will be\Nimmediately shouted out of office as being
Dialogue: 0,0:41:10.29,0:41:14.42,Default,,0000,0000,0000,,a Luddite, right. So it's just not\Npossible to go down that path. What is
Dialogue: 0,0:41:14.42,0:41:19.57,Default,,0000,0000,0000,,possible is to go down the path of saying,\Nlook, if you've got a company that imports
Dialogue: 0,0:41:19.57,0:41:24.32,Default,,0000,0000,0000,,lots of dangerous toys that harm kids or\Ndangerous CCTV cameras are recruited into
Dialogue: 0,0:41:24.32,0:41:28.38,Default,,0000,0000,0000,,a botnet, and if you don't meet European\Nregulations, we'll put the containers on
Dialogue: 0,0:41:28.38,0:41:32.01,Default,,0000,0000,0000,,the boat back to China. That's just\Nsomething that can be solved politically.
Dialogue: 0,0:41:32.01,0:41:36.94,Default,,0000,0000,0000,,And given the weakness of the car industry\Nafter the emission standard scandal, it
Dialogue: 0,0:41:36.94,0:41:40.78,Default,,0000,0000,0000,,was possible for Brussels to push through\Nsomething that the car industry really
Dialogue: 0,0:41:40.78,0:41:46.38,Default,,0000,0000,0000,,didn't like. So, again, and even then that\Nwas the third attempt to do something
Dialogue: 0,0:41:46.38,0:41:52.31,Default,,0000,0000,0000,,about it. So, again, it's what you can\Npractically achieve in real world politics
Dialogue: 0,0:41:52.31,0:41:56.36,Default,,0000,0000,0000,,H: All right. We have more questions.\NMicrophone number four, please.
Dialogue: 0,0:41:56.36,0:42:01.19,Default,,0000,0000,0000,,Person6: Hi, I'm automotive cyber security\Nanalyst and embedded software engineer.
Dialogue: 0,0:42:01.19,0:42:06.90,Default,,0000,0000,0000,,Most the part of the ISO 21434 Automotive\NCyber Security Standard, are you aware of
Dialogue: 0,0:42:06.90,0:42:09.100,Default,,0000,0000,0000,,the standard that's coming\Nout next year? Hopefully.
Dialogue: 0,0:42:09.100,0:42:13.59,Default,,0000,0000,0000,,R: I've not done any significant work with\Nit. Friends in the motor industry have
Dialogue: 0,0:42:13.59,0:42:17.59,Default,,0000,0000,0000,,talked about it, but it's not something\Nwe've engaged with in a detail.
Dialogue: 0,0:42:17.59,0:42:21.48,Default,,0000,0000,0000,,Person6: So I guess my point is not so\Nmuch a question, but a little bit of a
Dialogue: 0,0:42:21.48,0:42:25.83,Default,,0000,0000,0000,,pushback but a lot of the things you\Ntalked about are being worked on and are
Dialogue: 0,0:42:25.83,0:42:32.99,Default,,0000,0000,0000,,being considered over the years updating\Nis going to be mandated. Just 30, a 30, 40
Dialogue: 0,0:42:32.99,0:42:38.22,Default,,0000,0000,0000,,year lifecycle of the vehicle is being\Nconsidered by engineers. Why not? Nobody I
Dialogue: 0,0:42:38.22,0:42:44.63,Default,,0000,0000,0000,,know talks about a six year lifecycle that\Nyou know, that that's back in the 80s,
Dialogue: 0,0:42:44.63,0:42:49.01,Default,,0000,0000,0000,,maybe when we talked about planned\Nobsolescence. But that's just not a thing.
Dialogue: 0,0:42:49.01,0:42:53.70,Default,,0000,0000,0000,,So I'm not really sure where that language\Nis coming from, to be honest with you.
Dialogue: 0,0:42:53.70,0:42:57.59,Default,,0000,0000,0000,,R: Well, I've been to close motor industry\Nconferences where senior executives have
Dialogue: 0,0:42:57.59,0:43:02.99,Default,,0000,0000,0000,,been talking about just that in terms of\Nautonomous vehicles. So, yeah, it's
Dialogue: 0,0:43:02.99,0:43:09.86,Default,,0000,0000,0000,,something that we've disabused them of.\NH: All right. So time is unfortunately up,
Dialogue: 0,0:43:09.86,0:43:14.57,Default,,0000,0000,0000,,but I think Ross will be available after\Nto talk as well for questions so you can
Dialogue: 0,0:43:14.57,0:43:19.30,Default,,0000,0000,0000,,meet him here on the side. Please give a\Nhuge round of applause for Ross Anderson.
Dialogue: 0,0:43:19.30,0:43:20.78,Default,,0000,0000,0000,,{\i1}applause{\i0}
Dialogue: 0,0:43:20.78,0:43:24.21,Default,,0000,0000,0000,,R: Thanks. And thank you\Nfor choosing the cover.
Dialogue: 0,0:43:24.21,0:43:26.38,Default,,0000,0000,0000,,{\i1}36c3 postrol music{\i0}
Dialogue: 0,0:43:26.38,0:43:52.00,Default,,0000,0000,0000,,Subtitles created by c3subtitles.de\Nin the year 2021. Join, and help us!