Security Experts Warn Congress That the Internet of Things Could Kill People

MIT Technology Review

A growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property, and the government must intervene to mitigate it. That's essentially the message that prominent computer security experts recently delivered to Congress. The huge denial-of-service attack in October that crippled the Internet infrastructure provider Dyn and knocked out much of the Web for users in the eastern United States was "benign," Bruce Schneier, a renowned security scholar and lecturer on public policy at Harvard, said during a hearing last month held by the House Energy and Commerce Committee. But he said the attack--which relied on a botnet made of hacked webcams, camcorders, baby monitors, and other devices--illustrated the "catastrophic risks" posed by the proliferation of insecure things on the Internet. For example, Schneier and other experts testified that the same poor security exists in computers making their way into hospitals, including those used to manage elevators and ventilation systems.

4 Recent Internet of Things (IoT) Developments


In 2017, there will be 8.4 billion connected things in use worldwide, according to Gartner, up 31% from last year. Total spending on endpoints and services will reach almost $2 trillion in 2017. The Internet of Things or IoT has been rapidly adopted for both consumer and business applications and is going through some growing pains. New technologies and attempts at standardization and simplifications are also changing the IoT landscape. The business potential of the IoT and benefits such as higher efficiencies and improved customer relations, largely depend on timely and productive analysis of the mountains of data IoT sensors generate, says PwC.

US lawmakers balk at call for IoT security regulations


The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers. A massive distributed denial-of-service attack aided by IoT devices in October "was benign" because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous. With cars, airplanes, thermostats, and appliances now connected to the internet, "there's real risk to life and property, real catastrophic risk," Schneier told two House of Representatives subcommittees Wednesday. While some Republican committee members questioned the need for IoT security regulations, Schneier suggested that sellers and customers of IoT devices have little reason to fix them without a push.

Bruce Schneier Proposes 'Hacking Society' for a Better Tomorrow


SAN FRANCISCO – Cybersecurity experts have long stayed in their problem-solving lane when it comes to finding vulnerabilities, patching bugs and keeping networks safe. But maybe it is time they applied their defensive skillsets and adversarial understanding of cyberthreats to help solve some of today's most complex social issues. Speaking at the RSA Conference 2020 on Thursday, security technologist Bruce Schneier called for a better cooperation between security experts and government policymakers. The premise being, cybersecurity often requires nonlinear problem-solving, a quality conventional bureaucrats often lack. From education systems to election structures, society is built on conventional "models" that made sense when they were first formed hundreds of years ago, said Schneier, a lecturer at the Harvard Kennedy School.