It’s a bit hard to miss all the stories and concerns over IoT security. In some ways it’s reminiscent of the late 1990’s and the endless stream of security failures related to Windows 95, ME, and XP – which ultimately lead to Bill Gates famous companywide memo of 2002 kicking off the companies trustworthy computing initiative. Have we reached an equivalent point for IoT (15 years later) with the need to launch a trustworthy IoT initiative?
This Wednesday (at 10:15am) during the Suits and Spooks 2017 conference I’ll be joining a panel titled “Post DYN DDoS: Is government regulation of the IoT on the horizon?” with Greg Elin (CEO @ GovReady PBC), Brett DeWitt (Subcommittee Staff Director @ U.S. House Homeland Security Committee), and J.C. Herz (COO @ Ion Channel).
“The 2015 DDOS attack on DNS provider DYN exploited vulnerabilities in DVDs and baby monitors to take major websites offline. Considering the harm a botnet running simple code can do, what might be required of manufacturers of Internet connected devices in the future? What are chances of government regulation and which agency be responsible? Is there an appropriate compliance regime needed for IoT? What will organizations have to do without regulation? This panel will provide an update on recent congressional activity on IoT security and some interesting historical examples of early regulation.”
I’m looking forward to being on the panel. The pains being felt through the public failures of IoT technology today and the fears of what the future will hold have obviously rattled a few government bodies with calls for regulation. But is regulation specific to IoT really necessary? I don’t think so.
Yes, there is need for some level of government regulation related to the security and integrity of the connected technologies we use today and in to the future. The gorilla in the room though is handling of personal and private data. I’d prefer that to be “solved” first.
I think that the pains with IoT today are a construct of yesterdays problems and limitations on technology – and are not the constraints the IoT industry will be dealing with in 5 years time. We’re already moving towards an Edge Computing world, and that progress is encapsulating IoT along the way with new and better techniques for securing and protecting the current exposure.
-- Gunter Ollmann, Founder/Principal @ Ablative Security