Bruce Schneier on dangers of IoT: 'We're building a world-sized robot that's getting more powerful'

The queue to see Bruce Schneier snakes round the conference hall at Infosecurity Europe 2017, with many attendees clutching copies of his book "Data and Goliath" in their hands, hoping to get a mark of ink from the so-called "security guru". Here, he needs no introduction.

His gospel comes at breakneck pace, warning about the inevitable dangers of the Internet of Things (IoT) technology – connected devices which are typically an easy target for hackers and cybercriminals. He believes the swarm of devices is ever-growing, and may be dangerous.

"The internet now senses, thinks and acts," Schneier said. "That is the classic definition of a robot. To me, the correct way to think about the Internet of Things, and the internet in general, is that we are building a world-sized robot without even realising it," he added.

The computer expert has many roles in life, mainly being chief technology officer at cyber firm IBM Resilient.

But alongside that work, he is a board member of the Electronic Frontier Foundation (EFF) and the Tor Project, the organisation which pioneers government-funded anonymity software.

His vast experience in the field means people pay attention when he talks. Continuing the path of his robot analogy, he said: "This is not a robot in a classical sense.

"We get our conceptualisation of robots from the movies, from Star Wars and other science fiction movies, and we know what a robot is. It has a metal shell, the smarts are on the inside, and the sensors are on the surface. This is not that. It is a distributed robot.

"It is not centrally controlled.

"Parts of it are controlled by different people and processors. It doesn't have a singular goal or focus or intelligence that might achieve consciousness and it's not something deliberately designed, it's an emergent property of the internet we are building.

"Think of it as 'smart things that affect the world in a direct physical manner', that speaks directly to automation and autonomy. It is getting more powerful as we connect things to it."

Schneier believes everything should be looked at these days as being a computer – from ATMs to microwaves to refrigerators to power plants. "This is happening at all levels in our lives," he said. "As everything turns into a computer, computer security becomes everything security."

Unfortunately, IoT products to date have been defined by vulnerabilities, alongside a rush-to-market and a lacklustre approach to security. As such, they have been exploited by cybercriminals to conduct massive digital attacks. This will lead to government intervention, Schneier said.

But looking directly into the faces of the audience, he said this should be embraced.

"I think regulation is coming in a big way," he said. "There is a lot of worry that regulation can stifle innovation, I think if you look at the history that's not the case. The industry always ends up adapting and we are going to have to because governments will get involved regardless.

"The risks are too great and the stakes are too high.

"Governments are already involved with physical security and the real physical threats from the Internet of Things will force governments to act. Because we're talking about fear, and you know that nothing incentivises a government to do something like fear.

"You also know nothing incentivises a government to do something stupid like fear, and this is where we have to get involved. The choice is not between regulation and no regulation like it used to be, the choice is between smart government regulation and stupid regulation."