House lawmakers convened the hearing on IoT security in response to last month's distributed denial-of-service attack on the internet addressing provider Dyn, which resulted in temporary outages at popular sites like Twitter and Spotify.

But that incident, while a nuisance for Internet users and an embarrassment for the companies affected, might only be a prelude to far more serious attacks with potentially catastrophic consequences in the physical world, warns Bruce Schneier, a security expert and a lecturer at Harvard's Kennedy School of Government.

"This is more dangerous as our systems get more critical," Schneier says. "The Dyn attack was benign — a couple of websites went down. IoT affects the world in a direct, physical manner — cars, appliances, thermostats, airplanes — there's real risks to life and property."

Schneier and other witnesses gave an assessment of the security status of the exploding IoT, where billions of devices are projected to come online over the next few years, many of which are everyday objects such as household appliances, generally low-margin items mass-produced by manufacturers that don't employ the army of security specialists found at tech companies like Apple or Google.

Read Full Article