The sustainability of safety, security and privacy
21 April 2022
- Mendel Museum´s Augustinian Abbey Refectory at Mendel Square
Ross Anderson is a Professor of Security Engineering at the Computer Laboratory at Cambridge University, and a Fellow of the Churchill College, Cambridge. As he puts it, “Security Engineering is about building systems to remain dependable in the face of malice, error or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement and test complete systems, and to adapt existing systems as their environment evolves.”
He is an author of the widely cited book “Security Engineering – A Guide to Building Dependable Distributed Systems”, co-author of the ‘Serpent’ cipher that was a finalist in the Advanced Encryption Standard contest, and a contributor to various security subsystems installed in (at least) hundreds of millions installations. Prof. Anderson has also been a chair of the Foundation for Information Policy Research, an elected member of Cambridge University’s Council, and the Principal Investigator of the Cambridge Cybercrime Centre.
He has been working with various staff members of the Faculty of Informatics, Masaryk University, since 1996, hosting several staff members for longer research stays, as well as PhDs and staff for research visits, and visiting Brno for cybersecurity events like Security Protocols Workshop several times.
Now that we’re putting software and network connections into durable safety-critical goods such as cars and medical devices, we’ll have to patch vulnerabilities, as we do with phones and laptops. But we can't let vendors stop patching after three years! So in 2019, the EU passed Directive 2019/771, which gives the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect. In my talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects. As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains. It will also pose a grand challenge for computer scientists. What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?
Mendel Museum's Augustinian Abbey Refectory at Mendel Square