Government regulation of IoT coming, SecTor conference told

Government safety regulation of the Internet of Things is coming, warns a prominent security expert, so technologists have to start pushing their way into the offices of legislators to have a voice in what happens.

That was the message privacy specialist and author Bruce Schneier gave infosec pros Wednesday at the annual SecTor conference in Toronto.

Bruce Schneier

“We’re creating a world where everything is a computer,” he said, referring to the wide range of IoT devices from smart phones to connected medical devices and refrigerators to smart cities. Many of these devices have an impact on the physical world – sensors in cars that prevent crashes, for example.

Yet these increasingly interconnected devices can harm people if they are hacked – disabled sensors in cars that make the brakes inoperative, for example.

Meanwhile companies make insecure devices that can’t be patched, like connected video cameras, that can be chained into botnets.

“Governments are already involved in [regulating] physical systems [such as the automotive, transportation, health and other industries] and when the Internet actually starts killing people there will be a call for action,” he predicted. “And nothing motivates government like fear.”

However, far from fearing government regulation, Schneier welcomes it.

“A lot of our security paradigms are going to fail in this new world” of connected devices, he pointed out. “It’s a combination of different technologies — mobile computing, cloud computing, IoT, AI …” but it’s “smart things that affect the world in a direct physical manner.”

Meanwhile the makers of many devices don’t build in security, and buyers don’t care.

“I’m not convinced there’s an alternative,” to regulation. “To me, governments are going to get involved regardless because the risks are too great and the stakes are too high.”

“We need some counterbalance to corporate power”… “Government is how we solve problems like this.”

Canada, the European Union, Japan and Korea – countries where governments play a big role – will likely be ahead of the U.S. on this, he said, admitting that when he raises the idea in his country he gets a negative reaction.

He implied the regulator might be one big agency because connected devices cross so many sectors.

“Our choice is no longer between government involvement and no government involvement. It’s between smart government involvement and stupid government involvement. so we need to start thinking about these things. Otherwise it will be done to us.”

“As technologists we need to get involved in policy. IoT is going brings enormous potential but enormous risks. But as Internet security becomes everything security, Internet security technology will be more important to overall security policy.”

And the policy will never be right if legislators don’t understand how technology works, he warned. He notes the current debate on forcing product manufacturers with encryption to install backdoors to help police investigations, which has prompted experts – like Schneier – to point out that such a backdoor could also be used by criminals and nation states.

“It is our job to fix this. Technologists need to get involved in policy discussions. We have to be in the offices of legislators, we need to be in federal agencies, at NGOs (non-government agencies), part of the press. In companies working on policy…. we need to be in their offices .

“Either we get involved, or this is going be done to us — and I think that would be worse.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now