Even if a company were to build cybersecurity into the software of a particular machine, appliance, “thing,” or application, no one can predict how that particular technology will impact other technologies. What might seem fine in one system, when combined with other systems, can prove devastating. Bruce Schneier offers a few examples:

Already we’ve seen Gmail accounts compromised through vulnerabilities in Samsung smart refrigerators, hospital IT networks compromised through vulnerabilities in medical devices, and Target Corporation hacked through a vulnerability in its HVAC system. Systems are filled with externalities that affect other systems in unforeseen and potentially harmful ways . . . Vulnerabilities on one system cascade into other systems, and the result is vulnerability that no one saw coming and no one bears responsibility for fixing.

Companies are also not motivated to secure their products and prefer to hide vulnerabilities. in a recent Motherboard article, The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters, Schneier states,

“The risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public.”

Government and industry are hell-bent on “leading the world” in 5G and have no intention of letting regulations get in the way. Former FCC Chair, Tom Wheeler stated, “Turning innovators loose is far preferable to expecting committees and regulators to define the future.”

In How to Keep the Internet of Things From Killing Us All, Schneier tells us,”It always takes government stepping in to say, ‘You must do this; you can’t do that; if you do these things, we’re allowed to sue.’”

Yet this is not so simple when policy makers have little will to step in, and even if they did, would have great difficulty grasping the intricacies involved in securing the IoT. In The Internet of Things Will Cause The first Ever Large Scale Internet Disaster, Schneier tells us that “The risks and solutions are too technical for most people and organizations to understand; companies are motivated to hide the insecurity of their own systems from their customers, their users, and the public.”

Moreover, the Internet of Things is “growing faster than the ability to defend it” according to Larry Greenemeier from Scientific American and other experts. Basically, government oversight and regulation cannot keep pace with the exceedingly fast rate of change in technology.

The bottom line is that neither government nor industry is securing the IoT. Foreseeing as early as 2013 the dangers the IoT would present, Joshua Corman and fellow researchers set out to discover who the IoT “thinkers and planners” were, and what was being done to prevent hacking or catastrophic cyber attacks. But they soon realized there was no one even attempting to protect the public. As Corman put it:

“We got to the adults in the room and realized there were no adults.”

Please note that in the UK, IoT vulnerability is starting to be addressed. The Secure by Design Code has been introduced and is making its way through the legislative process. Smart devices would carry warning labels informing buyers how insecure the device is. The requirements for certification are very rudimentary, but at least the UK is addressing IoT vulnerability. Once again, the best way to avoid a hack is to not buy into the IoT, and use hard-wired connections whenever possible.

Industry and government predict enormous economic growth from 5G and the IoT. But they forget to factor in the costs to try to secure all these IoT things and the mega financial losses in the wake of cyber attacks.

In 2016, we experienced the first large-scale cyber attack enabled by IoT connected devices, Mirai. Twitter, Reddit, Spotify, and Github were among the many websites and services that were taken down. Since then, there has been a parade of large scale cyber attacks. In 2017 alone there was WannaCry, Petya, Wikileaks CIA “Vault 7”, Cloudbleed, Voter records exposed, Macron Campaign Hack, to name a few. What can we expect in 2018? Many experts are predicting major cyber attacks in 2018.  

Projections indicate cyber crime is on the rise and expected to cost $6 trillion annually by 2021. Steve Morgan from Cyber Security Ventures states,

“Cyberattacks are the fastest growing crime in the U.S., and they are increasing in size, sophistication and cost.”

With government watching from the sidelines as the world goes digital, the situation remains dire.

In We Need to Save the Internet from the Internet of Things, Bruce Schneier tells us,

“This is a market failure that can’t get fixed on its own.” 

Furthermore, even if the US government were to attempt to secure the IoT, this would only affect the Internet in the US. But since the Internet is global, “Attackers can just as easily build a botnet out of IoT devices from Asia as from the United States,” Schneier explains.

Corman sums up the current state of affairs:

If it’s software, it’s hackable — If it’s connected, it’s exposed.

By far, the best way to protect ourselves from cyber attacks is to simply 1) not buy into the IoT, either figuratively or literally; 2) to hardwire devices wherever possible; and 3) to inform policy makers you do not support a tech-infested, Cloud-connected world.

• Schneier on Security -- Website and Blog
• Internet of Things: Privacy and Security in a Connected WorldFTC Staff Report | Jan. 2015
• This Teen Hacked 150,000 Printers to Show How the Internet of Things Is ShitCHRISTOPHER MOYER
• Internet of Things security: What happens when every device is smart and you don't even know it?Danny Palmer | Mar. 20th. 2017 | When IoT devices are everywhere, the security headaches just get worse. Danny Palmer
• Researchers Uncover Ongoing Attacks Against IoT DevicesIlia Kolochenko | CEO High-Tech Bridge
• Back to Home Smart Cities? Not until those cyber weaknesses get sortedMay 4th, 2017 | Ellie Burns | Computer Business Review
• This 11 year old stuns experts by turning smart toys into weaponsMay 17th, 2017 | By AFP | The Indian Express
• Can the heart be hacked? Experts find 8,000 security flaws in pacemaker softwareMay 28th, 2017 | RT Question More
• FBI: 8 tips to secure IoT medical devices, wearables from cyberattackersOct. 23rd, 2017 | Jessica Kim Cohen | Health IT and CIO Review
• Why is no one raising a hand to regulate the internet of things?Derek B. Johnson | Mar. 16th, 2018 | FCW
• Targeting power grid is too easy, Energy Department saysMay 14th, 2018 | John Siciliano | Washington Examiner
• Top 5 cybersecurity facts, figures and statistics for 2018Jan. 23, 2018 | Steve Morgan | Cyber Security Business Report
• Cybercrime Damages $6 Trillion By 2021Oct. 16th, 2017 | Steve Morgan | Cyber Security Ventures
• Global Cost of Cybercrime Exceeded $600 Billion in 2017, Report EstimatesFeb. 23rd, 2018 | David Bisson | Security Intelligence
• Cloud computing: Why a major cyber-attack could be as costly as a hurricaneJan. 17th, 2018 | Danny Palmer | ZDNet
• Tweet RSS Feed Share There will be big cyber attacks in 2018, predicts expert
• Russian Hackers Reach U.S. Utility Control Rooms, Homeland Security Officials SayJuly 23rd, 2018 | Rebecca Smith | Wall Street Journal
• Thermostats, locks and lights: digital tools of domestic abuseJune 30th, 2018 | Nellie Bowles | SF Gate
• Internet Hacking Is About to Get Much Worse We can no longer leave online security to the market.Oct. 11th, 2018 | Bruce Schneier | NY Times OpEd
• House passes SMART IoT ActNov. 29th, 2018 | Matt Leonard | FCW
• Prepare Now for Next-Generation Cyber ThreatsApril 2nd, 2019 | Steve Durbin | CFO
• On Smart Cities, Smart Energy, And Dumb SecurityDec. 30, 2016
• Your WiFi-connected thermostat can take down the whole Internet. We need new regulations.Washington Post | Bruce Schneider | Nov. 3, 2016 | The government has to get involved in the “Internet of Things."
• We Need to Save the Internet from the Internet of ThingsMotherboard | Written by Bruce Schneier | Oct. 2016
• How a Bunch of Hacked DVR Machines Took Down Twitter and Reddit … and Spotify, and Github, and The New York TimesThe Atlantic | By Robinson Meyer | Oct. 2016
• After cyber attacks, Internet of Things wrestles with making smart devices saferReuters Technology News | By Jeremy Wagstaff and J.R. Wu | Nov. 2016
• Welcome to Privacy Hell, also Known as the Internet of ThingsFast Company | By Lauren Zanolli | March 2015
• Smart refrigerator hack exposes Gmail login credentialsA bonus feature on a smart home product becomes a security liability.
• Medjacking: How Hackers Use Medical Devices To Launch Cyber AttacksMed Device Online | By Jof Enriquez | June 2015
• The Internet of Things Will Turn Large-Scale Hacks into Real World DisastersMotherboard | By Bruce Schneier | July 2016
• I Am The Cavalry Cyber Safety Outreach
• IoT Growing Faster Than the Ability to Defend ItScientific American | By Larry Greememeier | Oct. 2016
• Cyberattacks on Utah's secure government networks up dramaticallyDesert News Utah | By Shara Park | Feb. 2013
• FBI Warns Internet Online Attacks on Private Industry Will ContinueThe Wall Street Journal | By Lee Hawkins | Nov. 2016
• How the Internet of Things will affect security & privacyBusiness Insider |By Andrew Meola | Aug. 2016
• The Internet of Things Will Be the World's Biggest RobotSchneier on Security | Feb. 2016
• Hacking AirplanesSchneier on Security | April 2015
• Hackers Remotely Kill a Jeep on the Highway - With Me In ItWired | By Andy Greenberg | July 2015
• Source Code for IoT Botnet ‘Mirai’ ReleasedKrebs on Security | Oct. 2016
• Hacking Vulnerable Medical Equipment Puts Millions at RiskInformationWeek | By Liviu Arsene | April 2015
• The Value of EncryptionBruce Schneier
• Krebs on SecurityIn-depth security news and investigation | Brian Krebs Blog