“This is not a phone [gesturing with his smartphone], this is a computer that makes phone calls, your refrigerator is a computer that keeps things cold, an ATM machine is a computer with money inside, your car is not a mechanical device with a computer but a computer with four wheels and an engine,” Schneier pointed out. “And this is the Internet of Things. And this is what caused the DDoS attack we’re talking about.”
Schneier’s presence on Capitol Hill was for a hearing to examine how connected devices participated in recent hacks such as the October 21 hit on Netflix and Twitter. Congress’ part in the hearing was not only to better understand what happened but also to devise a reasonable solution for protecting smart appliance owners and businesses without overreaching. Texas Republican Rep. Michael Burgess acknowledged that many consumers don’t even realize “they need strong protection on everyday devices,” pointing out how the most regularly used password is “password.”
Unfortunately, it appears as though House Republicans such as Burgess aren’t particularly keen on approving an entirely new agency. Although it would provide Americans with the peace of mind of being protected by their government, the cost to actually create the agency would set the U.S. back a hefty billion or two.
“Regulation needs to be a cop on the beat. People do need to know that they are protected, but there does need to be a light touch,” Burgess added. “We ought to be enforcing current laws before we write new ones.”
Though while the ball appears unlikely to start rolling on a new agency, the hearing did see a bipartisan moment in which both sides of the aisle agreed on the idea that the public needs to practice better online hygiene (as they called it). Instead of settling on a four-digit passcode such as 1234, utilizing a system capable of creating stronger authentication is paramount as cyber warfare becomes more prevalent.
“There’s always been a role for passwords, but in general passwords have outlived their usefulness,” Schneier acknowledged. “There are many other systems that give us more robust authentication. I like the world where the internet can do whatever it wants whenever it wants. It’s fun, but we don’t live in that world anymore.”
What Schneier and (likely) his colleagues want to accomplish is to establish a working set of regulations fit for the long haul, meaning future appliance or device releases would have the ability to remain compliant. Be it mandatory two-step authentication or fingerprint recognition tech, a standard which proves better than a simple typed password could reasonably function as a better set of protections for tens of millions of people.
What makes Schneier’s appearance in the hearing so important is the fact he’s trying to get out in front of the issue before it becomes a full-on disaster. Cyber attacks are constantly on the rise — with almost all of them avoiding discovery of any kind, as Burgess pointed out during the hearing — which means the likelihood of being affected is at an all-time high. While a hearing of this nature represents progress in and of itself, it looks like relevant legislation is far from being agreed upon.
