Bruce Schneier: Governments Have a 'Stark' Lack of Expertise in IoT Security

But government involvement in IoT policies is inevitable, says security expert

  • Roland Moore-Colyer
  • V3
  • June 9, 2016

Governments lack the expertise to define security policy when it comes to the rapidly growing Internet of Things (IoT), according to Bruce Schneier, security technologist and a member of the Infosecurity Europe Hall of Fame.

Schneier explained that that governments approach topics such as the IoT and cyber security without the technical knowledge to understand the challenges.

"It's surprising how stark the lack of expertise in tech is in these debates," he said at Infosecurity Europe in London.

"Expertise in large correlation data bases, algorithmic decision making, IoT, cloud storage and computing, robotics, autonomous agents; these are all things that the government is going to run headlong into and needs to make decisions about.

"A lack of relevant expertise is really going to hurt us. There is a fundamental mismatch between the way government works and the way technology works."

Yet despite this gap in expertise, Schneier warned that government involvement in cyber security is going to happen anyway.

"I think that more government involvement in cyber security is inevitable simply because the systems are more real. I think we are going to see more cyber war rhetoric, more cyber terrorism rhetoric, more calls for surveillance, more calls for use control, more trusting of the government," he said.

"Governments are going to get involved regardless because the risks are too great. When people start dying and properties start being destroyed governments are going to have to do something."

Schneier suggested that the narrative around the IoT and cyber security needs to evolve from a debate about government involvement to ensuring that governments make smart decisions and policies.

A failure to do this will result in governments making poor decisions based on knee-jerk reactions to the IoT and the inevitable security threats it raises.

Earlier involvement means that governments and the technology industry can be more creative in making the IoT secure without hampering its potential.

Until this happens, Schneier said that IoT devices should be isolated to mitigate the threats caused by the sharp rise in connected smart devices that provides a much greater scope for cyber attacks that can cause widespread damage and disruption.

Such a reaction may seem over-cautious, but concerns about IoT security are becoming more pertinent because the threats posed to some connected devices have the potential to cause physical harm.

Categories: Articles, Text

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.