6 votes

Potential impact of two IoT security and privacy laws on tech industry

1 comment

  1. guywithhair
    Link
    Every single IoT talk I've been to has probably spent at least 40% percent of the allotted time on security. I'm very interested in working in IoT (particularly the industrial sector), and it's...

    Every single IoT talk I've been to has probably spent at least 40% percent of the allotted time on security. I'm very interested in working in IoT (particularly the industrial sector), and it's clear there is much work to be done for cybersecurity.

    One of the hard parts is that for such small and generally simplistic devices, the more robust approaches are going to require additional hardware and decreased performance in order to ensure integrity of the system. Honestly, it's such a hard problem that I don't even know where exactly to start, but I think bringing the issue closer to the public's eye is the right move. We need to be valuing the security of these devices almost as much as the basic service it provides. On top of that, we need to know who gets the blame when a device is compromised due to poor implementation of security. Every company is afraid of litigation; that threat could be a good motivator for solid security. It seems lazy devs are common offenders.

    I'm apprehensive about letting congressmen have a lot of control over this, as it's quite clear that the majority of them are tech illiterate (although those in CA may be slightly better due to prevalence of tech). I think one of the best moves would be to create an organization backed by many IoT or similarly interested companies so they can produce an open source (HW and SW) standard for IoT security. A well trusted standard could act as a stamp-of-approval so that distributors would be less willing to sell electronics without proper security.

    And due to the nature of IoT devices (i.e. internet connectivity), patching vulnerabilities could be a nightmare for many applications, and the ability to do so opens another avenue of attack. I honestly cannot believe Australia wants to outlaw encryption... I am just hoping the industry improves their self-regulation on this matter because it stresses me the hell out as someone who is aiming to build a career in this growing field.

    Just my two cents...

    3 votes