Legal Liability for IOT Cybersecurity Vulnerabilities

Black Hat USA 2018

Presented by: Ijay Palansky
Date: Thursday August 09, 2018
Time: 14:30 - 15:20
Location: Lagoon JKL

There has been much discussion of "software liability," and whether new laws are needed to encourage or require safer software. My presentation will discuss how -- regardless of whether new laws are passed -- a tidal wave of litigation over defective IoT cybersecurity is just over the horizon.

The presentation will focus on a well-known example: Charlie Miller and Chris Valasek's 2015 Jeep hack. I'm lead counsel in the ongoing federal litigation over the cybersecurity defects Charlie and Chris exposed, and that are shared by 1.4 million Chrysler vehicles. As far as I know, our case is one of the first, and the biggest, that involves claims that consumers should be compensated for inadequate cybersecurity in IoT products.

This case is the tip of the iceberg. IOT products are ubiquitous, and in general their cybersecurity is feeble, at best. In the event of a cyberphysical IoT hack that causes injury, there are established legal doctrines that can be used to impose liability every company involved in the design, manufacturing, and distribution of an exploited IoT device or even its cyber-related components. Such liability could be crippling, if not fatal, for organizations that don't know how to properly handle and prepare for potential lawsuits.

Taking steps to minimize legal exposure before an accident happens or a lawsuit is filed—in the design, manufacture, product testing, and marketing phases of an IoT product—can be the difference between life and death for IoT companies. Knowing what steps to take and how to take them requires an understanding of the core legal principles that will be applied in determining whether a company is liable.

Ijay Palansky

Ijay Palansky is a partner at the law firm Armstrong Teasdale where he focuses on litigation and trial of large, complex, commercial cases, including consumer class actions and product liability cases. He is lead counsel in the ongoing federal class action lawsuit that followed on Miller & Valasek's Jeep hack. Although he has spent almost his entire career representing large corporate defendants, in this case he represents the plaintiffs - owners of the 1.4 million Chrysler cars and trucks that share the cybersecurity defects that Miller and Valasek exploited in their hack. My full bio can be found at https://www.armstrongteasdale.com/ijay-palansky/.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats