Securing the internet of things is proving difficult due to vendors cranking out devices with little regard for security, but regulating IoT security aso a knotty problem.
The wildfire growth of IoT is arguably the most important trend happening in technology today, but the ease with which bad actors can exploit its manifold security vulnerabilities has been demonstrated many times in just the past couple of years.
Despite the generally laissez-faire stance the U.S. takes toward regulating technology companies, the severity of the threat – IoT security issues affect healthcare, infrastructure, transportation and many other crucial parts of society – has some calling for regulation of the IoT.
The hands-off approach
Given the speed at which technology, particularly around IoT, develops these days, from drawing board to prototype to production, plenty of people would argue that it’s impossible for a regulatory regime to keep pace.
According to James Waldo, a professor at Harvard’s Paulson School of Engineering and Applied Sciences and that department’s CTO, there’s little hope for a set of regulations that evolves along with the technology.
“The timescale by which regulation and legislation works is immensely different than the timescale that technology development works on,” he said. “The regulators tend to be reactive, and reactive to things that happened four or five years ago.”
That being the case, the simplest way to address many of the most grievous harms that insecure IoT systems can inflict is at a basic engineering level – it’s not unreasonable to expect devices produced today not to have unchangeable default passwords, nor to require them to be changed from the default by consumers once activated.
Nevertheless, current culture in the technology sector – including many of the brand-new entrants that are part of the IoT market, which is projected to reach 45.4 billion Internet-connectable devices by 2021, according to IHS Markit – is to get products out the door and into customers’ hands as quickly as possible.