University of Cambridge’s Professor Ross Anderson explains why safety should be higher on the agenda than privacy.  (From the Computerphile YouTube channel)

As we increasingly move towards an IoT world, vendors of safety-critical devices will be patching their systems just as regularly as phone and computer vendors do now. Researchers warn that many regulators who previously thought only in terms of safety will have to start thinking of security as well. From a recent project conducted by a research group at Computer Laboratory of the University of Cambridge for the European Commission, comes a report on what will happen to safety regulation once computers are embedded invisibly everywhere. This will require major changes to safety regulation and certification, the report warns.

— “At present, the regulation of safety is largely static, consisting of pre-market testing according to standards that change slowly if at all. Product recalls are rare, and feedback from post-market surveillance is slow, with a time constant of several years. In the future, safety with security will be much more dynamic; vendors of safety-critical devices will patch their systems once a month, just as phone and computer vendors do now. This will require major changes to safety regulation and certification, made more complex by multiple regulatory goals. For these reasons, a multi-stakeholder approach involving co-vigilance by multiple actors is inevitable.”

— “The EU is already the world’s main privacy regulator, as Washington doesn’t care and nobody else is big enough to matter ... The strategic political challenge facing the European Union is whether it wants to be the world’s safety regulator. If it rises to this challenge, then just as engineers in Silicon Valley now consider Europe to be the world’s privacy regulator, they will defer to Europe on safety too. The critical missing resource is expertise on cybersecurity, and particularly for the European regulators and other institutions that will have to adapt to this new world.”

— “The strategic research challenge will include how we make systems more sustainable. At present, we have enough difficulty creating and shipping patches for two-year-old mobile phones. How will we continue to patch the vehicles we’re designing today when they are 20 or 30 years old? How can we create toolchains, libraries, APIs and test environments that can be maintained not just for years but for decades?”