Not too long ago major social media platforms (i.e. Reddit, Twitter, PayPal. etc) were struck by an unprecedented DDOS attack rendering most if not all of their services inoperable. This attack caused a paradigm shift in the minds of the masses, with most now realizing that their world can be brought to a halt through a simple cyber-attack. Now that a cyber-crime of this magnitude has occurred, what should be done to prevent another attack or rather should any prevention techniques be implemented at all?

I fear that following an ex post liability approach would not be sufficient in this scenario as attacks of this magnitude can result in major losses of profit and indirect costs such as business reputation would experience a severe blow if customers are to be harmed in the process — likely through the loss of time. With this I would advocate for software liability and forcing vendors to properly evaluate their products before distributing them. An efficient checking/analysis system should thus be implemented to avoid major failures of any IoT devices.

This brings me right along to my next point of graceful degradation. Policies should be enacted to push software vendors into introducing graceful degradation within their products to prevent a complete failure during any catastrophic attack. As devices are becoming increasingly more interconnected, the failure of one device could lead to the failure of other pertinent devices within the same network. Instead of having the consumer of said product pay for all the damages inflicted, the vendor of the failed, insecure device should be forced by the government to compensate the consumer.

In the end — without government intervention — it is all up to the senior executives and their respective corporations to implement ex ante software regulations to prevent any devastating attacks that may be carried out against their customers. The least we can do is provide them with the incentive to enact such practices (i.e. indirect costs). With government intervention, practices can be better enforced amongst vendors, however lasseiz-faire may be critically threatened by such intervention.

Advertisements