“The Internet of Things (IoT) is our next big security challenge and I think it’s the way we are going to be colliding with the real world in interesting ways.”
Speaking at Infosecurity Europe 2016 Bruce Schneier said that securing the IoT is a lot about what we already know, and some of what we don’t know.
“It’s one big inter-connected system of systems with threats, attackers, effects; the IoT is everything we’ve seen now, just turned up to 11 and in a way we can’t turn it off.”
As the IoT becomes more connected it also becomes more physical, invading our lives on an unprecedented scale with more real-world consequences when a breach occurs, and it’s something that we can’t afford to fail to secure, Schneier explained.
“I think this is going to hit a tipping point. We’re getting into the world of catastrophic risks as our computers become more physical. As dams and power plants go on the internet; as all of our homes and cars, communities and cities and governments go on the internet, there’s much more of a worry of catastrophic risk.”
“This is the 'too big to scale problem’, where our systems are getting so big that we can’t afford a single failure, and it’s going to happen soon,” he added.
Schneier said that as a result we are going to see greater fear rhetoric along with more demands for government to do something about it.
“I think that more government involvement in cybersecurity is inevitable, simply because the systems are more real.”
“Governments are going to get involved because the risks are too great. When people start dying and property starts getting destroyed, governments are going to have to do something.”
Tackling the issue of securing a continually growing number of physical IoT devices will rely on law and technology working together, Schneier argued.
“We are living in a world where technology can subvert law, and law can subvert technology – if you don’t have both working you end up with neither working.”
“We’re going to need, at both national and international level, some new type of structure to handle these new types of systems.”
To conclude, Schneier urged technology companies to give more consideration to disconnecting systems.
“If we cannot secure complex systems we can’t build a world where everything is connected and computerized,” stating that other models such as localized connection and distributed systems are possible ways forward; so that when things fail, they fail in a safe manner.