Last week I attended the RSA Security conference in San Francisco. It's the premier conference for security professionals, and more than ever, vendors. Lots and lots of vendors.
In any case, I was there to learn more about security and IoT. One of the speeches I wanted to catch is now available and I encourage you to take time to watch it. It's from Bruce Schneier who we wrote about here and here.
Bruce used the platform to continue his call to the industry to get involved with policy when it comes to security and IoT, arguing that the real world consequences of doing nothing should not be ignored. He stated, "The more we connect things to each other, the more the vulnerabilities affect each other." The Dyn attack, the Mirai botnet and video cameras are a great example of this. Bruce describes this as a cascade of failures, where no one system is at fault, leading to a connected world of residual insecurity.
He believes that a lot of people in the industry are working on it and they are doing good work on IoT security, but as he argued in the past, when it comes to low-cost Internet connected devices (cameras, consumer electronics and other far-flung sensors) neither the buyer or the seller are interested in getting the latest security patch. In short, the cost of failure and the cost to fix does not favor security updates or investment.
Free market idealists hate regulation, but they are becoming necessary, Schneier says. “Governments are going to get involved, regardless. The stakes are too high.”
Full video here.