In my last post I talked about zombies and warnings and such (and, ok, a little bit about security). I'm not too surprised at the press the sign changing is getting, since traffic and driving are things the vast majority of us deal with. However, I'm disappointed that very few people in the mainstream media are taking the opportunity to talk about broader security issues.

I searched, and did not find one interview with a sign manufacturer to talk about how physical or keypad/password security will be improved in the future, or with DOT management about purchasing better locks and changing default passwords. Sadly, there are tons of articles talking about the applicable laws and crimes a person could be charged with if caught tampering with these devices.

Additionally, some of the reports are talking about removing information from the internet. Take this Associated Press article:

Some Web sites, such as Jalopnik.com, have published tutorials titled "How to Hack an Electronic Road Sign" as a way to alert security holes to traffic-safety officials. [snip] [Ray] Wert [Jalopnik's editor-in-chief] said he had no immediate plans to take down Jalopnik's how-to guide.

Has removing information from the internet ever actually succeeded in either keeping that information private or protecting a resource? There have been a few cases where it was a complete and notable failure (DECSS T-Shirt, anyone?). Kudos to Mr. Wert for keeping the information on the web site--it's already in several other places already. The horse is already out of the bag.

Mitch Wagner over at InformationWeek wrote:

It's easy to scold those government agencies for failing to take basic safety measures, and I suppose it's justified -- but, still, road departments have other things to do. Like, y'know, taking care of the roads.

No! No! No! It is completely justified to "scold" them, and it is absolutely their responsibility (and the manufacturer's) to secure their equipment and job sites. Mr Wagner says their job is "taking care of the roads," which implies keeping them safe, which means keeping hooligans from changing road signs. It's not a giant leap.

It's everyone's job to take basic security precautions. How different would this story would be if the first widespread misuse of this information was as part of a terrorist attack?