Forbes, July 12, 2020

By David G.W. Birch

Anyone can connect their kettle, car or children to the Internet. And it’s tempting to do it just because it can be done. But keeping them secure? That’s another and altogether more difficult problem. If we are going to make an the IoT a platform for financial services, if we have a vision of luggage that can sort out least-cost routing and lightbulbs that can trade energy derivatives and cars that can buy their own insurance then we’re going to have to pause for breath and rethink the platform, because that botnet is only the beginning.

The noted security expert Bruce Schneier (one of the key thinkers in this space) has rather eloquently likened IoT's market failure (which is that I don’t care that my toaster is insecure and is bringing down your bank, and neither does the manufacturer - it’s cheap and it works) to a kind of post-industrial pollution. It’s an externality that can only be fixed by society as a whole and, as unfashionable as that might be, that means regulation. It’s time to begin a conversation about what that regulation might be, before it’s too late. California’s SB-327 that requires manufacturers to set different passwords for devices is a good example of what’s needed, but it’s only a start. As the Business Software Alliance’s useful principles for “Building a Secure and Trustworthy IoT” say, security policies should “incentivise” security through the IoT life cycle. That means a different mindset and it's a mindset that sees the need for an infrastructure.

Read More >>

Original Posting: https://www.forbes.com/sites/davidbirch/2020/07/12/fintech-needs-idiots/#50e82d2835bd