I got into an interesting conversation today. Here's the question: if
a vendor rolls out a net-enabled product that features a crypto-
secured interface, what kind of liability do they face if the interface
security is breached? In particular, we were discussing machine
controls and the recent incident where it was discovered that one
manufacturer was fielding a GPIB control card with TCP/IP
Ethernet and no security at all.
If a net-connected and secured machine were hacked and death or
personal injury resulted, does that make the manufacturer an
accessory to manslaughter? Would having a provably good (or
provably bad) security layer mitigate this?
--
Roy M. Silvernail
Proprietor, scytale.com
[EMAIL PROTECTED]
