Congress Holds IoT Security Hearing

As distributed denial of service (DDoS) attacks continue to make headlines, Congress is stepping in to help address critical security issues. The House Energy and Commerce Committee recently held a hearing about the role that connected devices played in recent attacks and how such incidents can be prevented in the future.

It turns out that a lot of the devices involved in the recent attacks were unsecured DVRs and surveillance cameras. These attacks have brought the vulnerability of IoT devices to the fore, but they are also spurring a technology transformation of the alarm industry.

While experts have been expressing concerns about the potential problems the IoT poses for many years, manufacturers have largely ignored their recommendations to build better security measures into their devices. One computer security expert, Bruce Schneier of Harvard University’s Kennedy School of Government, told Congress at the hearing that a new federal agency might be needed in order to regulate the IoT, although it’s hard to say whether the incoming administration would be willing to create more government oversight.

Catastrophic Event Could Spur Action

Meanwhile, Online Trust Alliance President and Executive Director Craig Spiezle said that it will take a devastating attack – possibly even involving the loss of life – for people to realize just how dangerous compromised devices can be. He says they could cause home fires or even bring down the smart grid or the banking industry. There are a lot of ways things could go seriously wrong, and action needs to be taken now to prevent this from happening.

According to Spiezle, two main issues must be addressed. First, manufacturers need to worry less about how quickly they can get their products to market and spend more time adding basic cybersecurity principles to their products. Second, he feels that ongoing support needs to be offered for products throughout their lifecycle. He thinks that lawmakers now understand what is at stake, but he is not sure whether anything will actually be done about it.

join the supply chain geek network