How secure is the Internet of Things? This question is now also before the United States Congress, whose Energy and Commerce Committee is holding hearings at which IT security guru Bruce Schneier was among those asked to testify. The catalyst was the events of a few weeks past, when hackers used hijacked web cameras to instigate one of the biggest DDoS (distributed denial of service) attacks ever seen, disrupting Amazon, Netflix and other major Internet players for several hours.
These events were still relatively "benign," said Schneier to the committee, with "just a few websites collapsing." But that could change rapidly, according to him. When cars, airplanes, thermostats and other devices are connected to the Internet, "there is a real risk to lives as well as property, a truly catastrophic risk," Schneier urgently warned the committee members in his testimony.
Because neither users nor manufacturers are really interested in more security for the Internet of Things – "they're satisfied with how things are" – legislators must step in, concluded Schneier. "The market can't regulate something that neither sellers nor buyers are interested in."
Schneier's call for regulation is likely to have fallen on deaf ears for many representatives. New laws would be a purely "reflexive response" to the DDoS attacks, according to Greg Walden, Republican Representative from Oregon. "The United States can't regulate the world," he added. After all, most of the devices that are connected to the Internet are manufactured abroad. And there is no desire to hinder economic growth at home. "We don't want this to become an innovation killer," says Walden.