Need for ‘smart’ regulation of IoT security is as obvious as is it unlikely

Security expert Bruce Schneier has a new essay out that makes this case: The only way to prevent the exploitation of insecure internet of things devices from causing catastrophic damage is government regulation, noting “our choice is between smarter government involvement and stupider government involvement.”

His premise would appear unassailable. The problem is we don’t necessarily get to choose; sometimes the difference between smarter and stupider is foisted upon us.

Schneier writes of the growing IoT threat:

It’s a form of invisible pollution. … And, like pollution, the only solution is to regulate. The government could impose minimum security standards on IoT manufacturers, forcing them to make their devices secure even though their customers don’t care. They could impose liabilities on manufacturers, allowing companies like Dyn to sue them if their devices are used in DDoS attacks. The details would need to be carefully scoped, but either of these options would raise the cost of insecurity and give companies incentives to spend money making their devices secure. …

To read this article in full or to leave a comment, please click here

Network World Paul McNamara