Slashdot Mirror
Bruce Schneier Calls for IoT Legislation, Argues The Internet Is Becoming One Giant Robot (linux.com)
"We're building a world-size robot, and we don't even realize it," security expert Bruce Schneier warned the Open Source Leadership Summit. As mobile computing and always-on devices combine with the various network-connected sensors, actuators, and cloud-based AI processing, "We are building an internet that senses, thinks, and acts." An anonymous reader quotes Linux.com:
You can think of it, he says, as an Internet that affects the world in a direct physical manner. This means Internet security becomes everything security. And, as the Internet physically affects our world, the threats become greater. "It's the same computers, it could be the same operating systems, the same apps, the same vulnerability, but there's a fundamental difference between when your spreadsheet crashes, and you lose your data, and when your car crashes and you lose your life," Schneier said...
"I have 20 IoT-security best-practices documents from various organizations. But the primary barriers here are economic; these low-cost devices just don't have the dedicated security teams and patching/upgrade paths that our phones and computers do. This is why we also need regulation to force IoT companies to take security seriously from the beginning. I know regulation is a dirty word in our industry, but when people start dying, governments will take action. I see it as a choice not between government regulation and no government regulation, but between smart government regulation and stupid government regulation."
"I have 20 IoT-security best-practices documents from various organizations. But the primary barriers here are economic; these low-cost devices just don't have the dedicated security teams and patching/upgrade paths that our phones and computers do. This is why we also need regulation to force IoT companies to take security seriously from the beginning. I know regulation is a dirty word in our industry, but when people start dying, governments will take action. I see it as a choice not between government regulation and no government regulation, but between smart government regulation and stupid government regulation."
The thing is, as long as people pay for their own internet themselves, they're in complete control of what gets to connect to their wifi. So, even if all the water heaters on the market had IoT features, it's trivial to keep them offline and harmless. And should they ever come with their own connectivity solution that bypasses the users' router completely, well... it's always possible to encase it in a Faraday cage of some sort.
As for trusting manufacturer with IT security, that's not the only problem: even if they're serious about it and actually qualified to secure your device properly, personally I'm more concerned about what they do with my data - how they snoop on my habits, how they intend to misuse that data, or whom they intend to sell it to.
If there's a buck to be made, company won't even consider moral or ethical use of the data they collect. That's the only thing you can bet on with big data.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I don't think Bruce Schneier is an idiot, but otherwise, I tend to agree with this. Read Jacques Ellul ("The Technological Society", "The Technological System") to better understand this.