The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers. A massive distributed denial-of-service attack aided by IoT devices in October "was benign" because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous. With cars, airplanes, thermostats, and appliances now connected to the internet, "there's real risk to life and property, real catastrophic risk," Schneier told two House of Representatives subcommittees Wednesday. While some Republican committee members questioned the need for IoT security regulations, Schneier suggested that sellers and customers of IoT devices have little reason to fix them without a push.
Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World • By Bruce Schneier • Norton • 319 pages • ISBN: 978-0-393-60888-5 • £19.99 / $27.95 The Internet of Things is a case in point: today's internet is a mess of security vulnerabilities and coding errors. As the size of data breaches and cost of cyber attacks escalates week by week, now we want to exponentially increase the complexity, attack surface and dangers by wirelessing up billions of ultra-cheap devices, any one of which might bring the whole thing down. Surveying the shape of this monster takes up the first third of Bruce Schneier's latest book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Anyone who follows security can probably skip most of it, as it's largely familiar material.
The mounting number of high-profile hacks related to IoT (Internet of Things) devices should give anyone cause for concern. A big reason the hacks are occurring has to do with a lack of proper security standards for IoT devices -- which a number of prominent experts recently told Congress should be enacted by the government and not the tech industry. Members of the House Energy and Commerce Committee met to discuss last month's DDoS attack on DNS provider Dyn (which has just been acquired by Oracle) and heard from security experts such as Bruce Schneier. There is no way to patch the CCTV cameras and DVRs that are being exploited, and those devices will remain on the Internet for years if not decades. They'll remain in use because of an additional market failure: neither the seller nor the buyer of those devices cares about fixing the vulnerability.
The Nest thermostat is an Internet-connected device. Security technologist Bruce Schneier says while Internet-enabled devices have immense promise, they are vulnerable to hacking. The Nest thermostat is an Internet-connected device. Security technologist Bruce Schneier says while Internet-enabled devices have immense promise, they are vulnerable to hacking. More and more of the things we use every day are being connected to the Internet.