ITEM: Following up on the need for everyone in the Internet of Things value chain to take IoT security more seriously, I recommend this post from security expert Bruce Schneier, which offers some good advice on how to go about creating a security strategy to accomplish that, starting with the realization that traditional computer and network security isn’t going to work.
Traditionally, Schneier writes, most internet security threats have been centered around either stealing data or denying access via DDoS attacks. With the IoT, the bigger threat is hackers taking control of things in the physical world (cars, airplanes, door locks).
Schneier says the increased risk is coming from three basic characteristics of the IoT: making things controllable with software, increased interconnection of all these things (which leads to things like stealing email logon credentials via a connected refrigerator, for example) and automation capabilities that can be leveraged to execute attacks automatically.
All up, the IoT is such a massive complex undertaking that the problem of securing it is too massively complex to solve with patches or corporate best practices, says Schneier – it’s also going to require governments and regulators to get to grips with the problem, set standards and enforce compliance:
This is not something that the market can solve. Like data privacy, the risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public; the interconnections can make it impossible to connect data breaches with resultant harms; and the interests of the companies often don't match the interests of the people.
Read the whole thing here.