Encryption expert Bruce Schneier warns of IoT cyber-security threat

Encryption expert Bruce Schneier warns of IoT cyber-security threat

Security expert says world would face ‘large-scale internet disaster that kills multiple people'

Cyber-criminals targeting the Internet of Things (IoT) could result in disasters in the physical world, according to security expert Bruce Schneier.

Writing in Motherboard magazine, Schneier said that the Internet of Things had given the internet “hands and feet” and the ability to “directly affect the physical world”.

“What used to be attacks against data and information have become attacks against flesh, steel, and concrete,” he said.

He said that threats such as hacking cars while they drive on a motorway, remotely killing a person by hacking a medical device, or taking control of missile systems were all possibilities.

“The Internet of Things will allow for attacks we can’t even imagine,” he warned.

Government action required on IoT

Schneier, who is CTO of Resilient Systems, which is part of IBM, said that security engineers are working on technologies that can mitigate much of this risk, but many solutions won’t be deployed without government involvement.

“This is not something that the market can solve. Like data privacy, the risks and solutions are too technical for most people and organisations to understand.”

He said that governments needed to play a larger role in combatting the threat of hacking within IoT.

“The next president will probably be forced to deal with a large-scale internet disaster that kills multiple people. I hope he or she responds with both the recognition of what government can do that industry can’t, and the political will to make it happen,” he said.

Roy Fisher, a security consultant at MWR InfoSecurity told Internet of Business that IoT in an enterprise environment – i.e. the theory of multiple systems across a large or potentially multinational organisation, has multiple implications in terms of security controls.

“For this to be viable, organisations may need to segregate off environments to localise the risk posed through a potential flaw in one of the components. This will not only require a large overhead from implementation but could also hinder the benefits of IoT,” he said.

Related: Major security bug affects thousands of connected devices