Menu
US lawmakers balk at call for IoT security regulations

US lawmakers balk at call for IoT security regulations

Compromised IoT devices could be used to launch dangerous attacks, Schneier says

The U.S. government needs to pass regulations mandating internet of things security measures before device vulnerabilities start killing people, a security expert told lawmakers.

A massive distributed denial-of-service attack aided by IoT devices in October "was benign" because a couple of websites crashed, said Bruce Schneier, a veteran cybersecurity researcher and lecturer at Harvard University. But the next attack may be more dangerous.

With cars, airplanes, thermostats, and appliances now connected to the internet, "there's real risk to life and property, real catastrophic risk," Schneier told two House of Representatives subcommittees Wednesday.

While some Republican committee members questioned the need for IoT security regulations, Schneier suggested that sellers and customers of IoT devices have little reason to fix them without a push. 

Many IoT devices are low-profit products with little security built in, no easy avenue to patch vulnerabilities, and no way for customers to know their devices are compromised, he and other experts said. And while users replace smartphones every 18 months, a compromised DVR may be used for five years, a car for 10, and a thermostat may be replaced "approximately never," Schneier said.

This leads to a market failure where regulation is needed, he said. "The market really can't fix this," Schneier added. "Buyer and seller don't care."

Schneier's call for IoT regulations is likely to meet resistance in the Republican-controlled Congress, however. Regulations aren't completely off the table, but they would be a "knee-jerk reaction" to recent attacks, said Representative Greg Walden, an Oregon Republican. "The United States cannot regulate the world."

Many IoT devices are manufactured overseas, Walden noted, and U.S. regulations can't mandate their security measures.

In addition, regulations could limit innovation from U.S. IoT companies and hurt the nation's chances to be a world leader in the IoT industry, Walden said. "We don't want this to be an innovation killer," he added. "I don't think I want my refrigerator talking to some food police."

Other witnesses during Wednesday's hearing called on the U.S. government to push for IoT standards that the industry can adopt. On Tuesday, the U.S. National Institute of Standards and Technology released updated guidance on securing IoT.

IoT security remains "woefully inadequate" even as security experts saw the problems coming, said Kevin Fu, CEO of Virta Labs and a computer science professor at the University of Michigan. "We are in this sorry and deteriorating state because there's almost no cost for a manufacturer to deploy products with poor cybersecurity."

Fu called for national IoT security standards, more federal research on IoT security, and a national testing lab for devices. 

The U.S. should start with standards and "apply pressure" to IoT device makers, added Dale Drew, CSO for Level 3 Communications. "They can be applied globally, and I think we can get some traction and momentum before we start regulating."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments