A thought crossed my mind, as they do constantly: SCADA is over the hype hill already, qua setting information security as a requirement abstraction. Not yet onto enlightenment, implementation. But still, gefundenes Fressen. And methodologies are available, if one searches well and close enough.
For the Internet of Things (including domotics), not so much. Here, we see much more societal and philosophical discussions still going on, whilst the first traces of implementation, the earliest of early adoptions [that’s why they’re called ‘early adoptors‘, not ‘adaptors’ you fool; they’re actively adopting, not passively adapting like a micro-HDMI-to-VGA connector] are spreading. But security as in getting that implemented from the start, not so much.
Which would be OK if the first true piloting would await the results of the discussions, after which the implementations of the outcomes would still have to be done before roll-out. But no, the discussions are of no use now that Big Corp start pushing its ‘solutions’ quod non.
The more intersting thing is: Any wider-scale implementation will be a cross-over of SCADA and IoT, OR we give devices, robots, full control from the start; sorcerer’s apprentices when it comes to operating IRL.
In that space, we still stand very much empty-handed, don’t we, when it comes to methods to do methodologically sound work. Where (information/privacy/societal) security would be integral and important part of the ‘sound’.
Any thoughts, anyone ..?
[Edited to add: This link, with a discussion on the same (ex security)]