US lawmakers balk at call for IoT security regulations

PCWorld 

The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers. A massive distributed denial-of-service attack aided by IoT devices in October "was benign" because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous. With cars, airplanes, thermostats, and appliances now connected to the internet, "there's real risk to life and property, real catastrophic risk," Schneier told two House of Representatives subcommittees Wednesday. While some Republican committee members questioned the need for IoT security regulations, Schneier suggested that sellers and customers of IoT devices have little reason to fix them without a push.