Distinguished Lecture - 30/10/2020

Title

The sustainability of safety, security and privacy

Abstract

Now that we’re putting software and network connections into cars and medical devices, we’ll have to patch vulnerabilities, just as we do with phones. But we can't let vendors stop patching them after three years, as they do with phones.  So in May, the EU passed Directive 2019/771 on the sale of goods.  This gives consumers the right to software updates for goods with digital elements, for the time period the consumer might reasonably expect.  In this talk I'll describe the background, including a study we did for the European Commission in 2016, and the likely future effects.  As sustainable safety, security and privacy become a legal mandate, this will create real tension with existing business models and supply chains.  It will also pose a grand challenge for computer scientists.  What sort of tools and methodologies should you use to write software for a car that will go on sale in 2023, if you have to support security patches and safety upgrades till 2043?

Bio

Ross Anderson is Professor of Security Engineering at Cambridge University.  He was one of the founders of the discipline of security economics, and is PI of the Cambridge Cybercrime Centre, which collects and analyses data about online wickedness.  He was also a pioneer of prepayment metering, powerline communications, peer-to-peer systems, hardware tamper-resistance and API security.  He is a Fellow of the Royal Society, the Royal Academy of Engineering, and the Institute of Physics, and a winner of the Lovelace Medal.  He has just written the third edition of his textbook "Security Engineering – A Guide to Building Dependable Distributed Systems".