At a time when massive DDoS attacks are exploiting poorly designed IoT devices, researchers from the Institute for Critical Infrastructure Technology are calling for regulation to combat "negligence" in the design of Internet of Things (IoT) devices. James Scott and Drew Spaniel argue that IoT represents a threat yet to be fully understood.
"National IoT regulation and economic incentives that mandate security-by-design are worthwhile as best practices, but regulation development faces the challenge of … security-by-design without stifling innovation, and remaining actionable, implementable and binding," Scott and Spaniel say.
"Regulation on IoT devices by the United States will influence global trends and economies in the IoT space because every stakeholder operating in the United States works directly with United States manufacturers or relies on the United States economy.
"Nonetheless, IoT regulation will have a limited impact on reducing IoT DDoS attacks, as the United States government only has limited direct influence on IoT manufacturers and because the United States is not even in the top 10 countries from which malicious IoT traffic originates."
The researchers published their findings in a report available online.