> actually makes sense for life-and-death fields such as automotive/medical.
I cannot imagine a worse idea.
IoT devices are the richest source of hosts available for botnet operators to compromise because they are numerous and famously insecure. Today it's lightbulbs and security cameras. Tomorrow you wish it to be pacemakers and Toyotas?
We already know it is functionally impossible to write bug-free code which is also useful. We also know that attackers relentlessly probe systems until (that is a _when_, not an _if_) a weakness is found to exploit to gain control of that device. It is possible to write provably-correct code, but so far only for somewhat trivial applications.
Until this fundamental problem of software security can be solved, an air gap is the _only_ reliable thing that can protect life-critical software from external remote attack.
I cannot imagine a worse idea.
IoT devices are the richest source of hosts available for botnet operators to compromise because they are numerous and famously insecure. Today it's lightbulbs and security cameras. Tomorrow you wish it to be pacemakers and Toyotas?
We already know it is functionally impossible to write bug-free code which is also useful. We also know that attackers relentlessly probe systems until (that is a _when_, not an _if_) a weakness is found to exploit to gain control of that device. It is possible to write provably-correct code, but so far only for somewhat trivial applications.
Until this fundamental problem of software security can be solved, an air gap is the _only_ reliable thing that can protect life-critical software from external remote attack.