
Security Economics of the Internet of Things - ComodoHacker
https://www.schneier.com/blog/archives/2016/10/security_econom_1.html
======
philiphodgen
There is another way this problem will be solved. (For certain interpretations
of the word "solved").

Tort law.

Manufacturers negligently sell defective products in the marketplace.
(Reference the litany of weeping by Schneier and others about the sloppy and
amateurish software in the IoT universe).

Harm befalls the customer or a reasonably foreseeable third party (oh,
hypothetically, Dyn? Or anyone who sustains severe economic damage from a DDoS
attack).

Lawsuit against manufacturer, distributor, and retailer ensues. Your favorite
contingency fee tort lawyer at work here. No win? No pay.

Win or settle.

Now distributors and retailers will no longer sell malformed IoT devices
because they have an economic incentive to not do so.

Or their insurance carriers will raise insurance premiums to cover the risk.
Another economic incentive to not sell crappy products that will participate
willingly in a DDoS attack.

In short, Schneier misses the economic incentives and the marketplace at work.
He misses it because law is not his domain of expertise. Time will bring a
lawsuit or two and he will become aware of this.

And we have avoided a Federal Department of Things (Internet) being inflicted
upon us. That, I submit, is a boon of immense value.

