Slashdot Mirror

← Back to Stories (view on slashdot.org)

Bruce Schneier: We Need To Save the Internet From the Internet of Things (vice.com)

Posted by msmash on from the internet-of-shit dept.

Bruce Schneier, writing for Motherboard:What was new about the Krebs attack was both the massive scale and the particular devices the attackers recruited. Instead of using traditional computers for their botnet, they used CCTV cameras, digital video recorders, home routers, and other embedded computers attached to the internet as part of the Internet of Things. Much has been written about how the IoT is wildly insecure. In fact, the software used to attack Krebs was simple and amateurish. What this attack demonstrates is that the economics of the IoT mean that it will remain insecure unless government steps in to fix the problem. This is a market failure that can't get fixed on its own.

3 of 164 comments (clear)

  1. Re:The only way this will get fixed by DickBreath · · Score: 5, Interesting

    Maybe the cost needs to be a government fine. That way it has a guarantee of financial impact. No uncertainty about whether a lawsuit will be filed, or whether it will be won. And a private party does not have to bear the cost of initiating the lawsuit.

    Simply have a statutory damages for manufacturing an IoT device that has been used in an attack. The device you made was used in an attack. You have to pay the fine. Simple as that.

    Now to make devices more secure there could be something like a process of getting an "Underwriter's Laboratories" type seal of approval. The seal doesn't mean an appliance won't burn your house down, just that it is very, very unlikely. Unlikely enough to suit the insurance underwriters. Which raises the subject of insurance -- for liability of getting fined for building an unsafe device.

    It seems like this would work. Just like electrical devices are pretty safe -- even though manufacturers have a built in incentive to build them as cheaply and unsafely as possible.

    --

    I'll see your senator, and I'll raise you two judges.
  2. Re: The only way this will get fixed by Dadoo · · Score: 4, Interesting

    Fines wont work unless they are income based

    So fine the people who own the devices. Start with a small fine, like $10, then double it for each repeat offense. Eventually, the word will get out, people will stop buying products from that vendor, and sales will suffer. They won't have any choice but to make their products secure.

    --
    Sit, Ubuntu, sit. Good dog.
  3. Re: The only way this will get fixed by bestweasel · · Score: 3, Interesting

    I know this goes against everything you believe but sometimes government has to step in because people and corporations with a vested interest can't always be trusted to do the right thing. That's why you have mandatory requirements for electrical goods and many others, from water to food. Do you think those laws should be repealed? There should be mandated security standards for internet devices, checked by independent researchers and paid for by the manufacturer.