Is Government Regulation Needed to Improve Cyber-Security? | eWeek

IBM’s Schneier: It’s Time to Regulate IoT to Improve Cyber-Security

Bruce Schneier SecTor
Nov 15, 2017
3 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

TORONTO—The time has come for the U.S. government and other governments around the world to start regulating internet of things (IoT) security, according to Bruce Schneier, CTO of IBM’s Resilient Systems.

Schneier delivered his message during a keynote address at the SecTor security conference here Nov. 15. Today everything is basically a computer, whether it’s a car, a watch, a phone or a television, he said. IoT has several parts, including sensors that collect data, computing power to figure out what to do with the collected data and actuators that affect the real world.

“Sensors are the eyes and ears of the internet, actuators are the hands and feet of the internet, and the stuff in the middle is the brain,” Schneier said. “We’re creating an internet that senses, thinks and acts—that’s the classical definition of a robot.


“We’re building a robot the size of the world, and most people don’t even realize it,” he said.

What that means is that internet security is now becoming “everything” security, according to Schneier. As such, he noted that computer security expertise is now needed in the auto industry because cars are now computers and all the lessons of the cyber-world are applicable everywhere.

“Availability and integrity threats are important as real risks to life and property now,” he said. “So now vulnerabilities have very different consequences. There is a difference between when a hacker crashes a computer and you lose your data and when a hacker hacks your car and then you lose your life.”

In Schneier’s view, many of the existing security paradigms fail in the new world of IoT. Whereas traditional software firms and big mobile vendors like Apple and Google have dedicated security teams, the same is not always true for IoT vendors. As such, Schneier said that IoT devices are often not patched quickly, if at all.

“A home DVR could have been part of the Mirai botnet, and likely most people just don’t care so long as the device works,” Schneier said. “Defending against Mirai is hard because it’s not just dropping a patch on Windows and making it go away.”


Time for Regulation

The challenge of cyber-security cannot be effectively solved by industry alone, according to Schneier. Instead, he advocated for government involvement to help regulate technology security. As internet connected devices move into regulated industries, Schneier expects that computer software that has largely been regulation-free will need to change. There are also historical precedents for new technology usage leading to new government agencies and regulations. For example, the emergence of cars, airplanes, radio and television have all led to government agencies and regulation.

“In the 20th century, new technology led to the formation of new agencies all the time,” he said.

There are a lot of problems that markets cannot solve on their own, since markets are typically short-term profit motivated and can’t solve collective action problems, he said. Additionally, Schneier said there is a need to have a counter-balancing force for corporate power.

“Government is how we solve problems like this,” he said. 

Schneier expects that there will be a lot of issues that will need to debated and resolved about connected technology regulations, but in his view there really isn’t a better alternative to ensuring cyber-security safety than government regulations. That said, the reason why he was speaking at SecTor was to help raise awareness and get cyber-security professionals engaged in government policy conversations, he said.

“As technologists, we need to get involved in policy, since IoT brings enormous potential and enormous risks,” Schneier said. “As internet security becomes everything security, all security has strong technological components.

“We’ll never get policy right if policy makers get technology wrong,” he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.