Security Experts Warn Congress That the Internet of Things Could Kill People
Poorly secured webcams and other Internet-connected devices are already being used as tools for cyberattacks. Can the government prevent this from becoming a catastrophic problem?
A growing mass of poorly secured devices on the Internet of things represents a serious risk to life and property, and the government must intervene to mitigate it. That’s essentially the message that prominent computer security experts recently delivered to Congress. The huge denial-of-service attack in October that crippled the Internet infrastructure provider Dyn and knocked out much of the Web for users in the eastern United States was “benign,” Bruce Schneier, a renowned security scholar and lecturer on public policy at Harvard, said during a hearing last month held by the House Energy and Commerce Committee.
No one died. But he said the attack—which relied on a botnet made of hacked webcams, camcorders, baby monitors, and other devices—illustrated the “catastrophic risks” posed by the proliferation of insecure things on the Internet. For example, Schneier and other experts testified that the same poor security exists in computers making their way into hospitals, including those used to manage elevators and ventilation systems. It’s not hard to imagine a fatal disaster, which makes it imperative that the government step in to fix this “market failure,” he said.
The problems with IoT devices are worsening because manufacturers lack incentives to prioritize security. Even if consumers wanted to assess the relative security of Internet-connected thermostats and other devices, there are no established ratings or other measures. There is little disagreement that the government should do something about this, since so many critical systems are vulnerable to attacks like the one that hit Dyn. Exactly how the government should handle the situation, however, is a subject of an intensifying debate in Washington—one that won’t be settled before President-elect Donald Trump takes office...
- Tags:
- botnet
- Bruce Schneier
- Consumer Technology Association
- cybersecurity
- denial-of-service attack
- Donald Trump
- Dyn
- Innovation
- Internet of Things IoT0
- Kevin Fu
- Mike Orcutt
- National Institute of Standards and Technology (NIST)
- post-attack testing
- premarket testing
- survivability and destruction testing
- U.S. Chamber of Commerce
- U.S. Department of Homeland Security (DHS)
- U.S. House Energy and Commerce Committee
- Login to post comments