Researchers James Scott and Drew Spaniel point out in their report Rise of the Machines: The Dyn Attack Was Just a Practice Run [PDF] that IoT represents a threat that is only beginning to be understood.
The pair say the risk that regulation could stifle market-making IoT innovation (like the WiFi cheater-detection mattress) is outweighed by the need to stop feeding Shodan.
“National IoT regulation and economic incentives that mandate security-by-design are worthwhile as best practices, but regulation development faces the challenge of … security-by-design without stifling innovation, and remaining actionable, implementable and binding,” Scott and Spaniel say.
“Regulation on IoT devices by the United States will influence global trends and economies in the IoT space, because every stakeholder operates in the United States, works directly with United States manufacturers, or relies on the United States economy.
“Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates.” …
I have two comments:
To think any agency could actually do this correctly is laughable given complexity and the track record of the gov. Hey they cannot even stop the robo calls from the likes “Card Redemption Services” The trove of treasure, additionally, to be gained from leaks is far too valuable to both gov. and industry to limit it with some solid standard.
But the Wifi Mattress idea may have legs (4 of them at least…) A Wifi enabled mattress — why with the addition of an accelerometer and a gui for to put in your social media credentials – well then your bedroom gymnastics can be posted instantly to your facebook page. A whole new level in selfies! (..or as I to call it the “look at me, look at me mommy” website that dumps all your info in the hungry jaws of advertisers)