The government needs to intervene in the internet of things market to avoid the kind of cyberattacks that caused internet outages last month or potential physical-world damage, a panel of security experts told a House committee Wednesday.
Both manufacturers and consumers seem unwilling to bear the cost of stronger security measures for connected devices they either see as nearly disposable or not worth upgrading.
“The government has to get involved. This is a market failure,” security technologist Bruce Schneier told the House Energy and Commerce Committee on Nov. 16.
To keep costs low, many IoT manufacturers don’t invest in the kind of security features and protocols consumers expect from computer and smartphone makers. They often skip good cyber hygiene practices, too. Some devices feature default or easily identifiable passwords or hard-coded credentials users can’t change, and others require consumers to watch out for security updates, Level 3 Communications Chief Security Officer Dale Drew said in written testimony.