IoT security

Michael Yoon myoon at
Wed Feb 8 15:26:49 UTC 2017

Very clear illustration, thanks for sharing.

It would seem solution would involve non market regulation (EPA for
pollution), or aligning with market forces such as aligning impact to buyer
of security with risk of public access to compromised information (like
videos from IP cameras).

Michael Yoon

On Feb 8, 2017 9:36 AM, "Ed Lopez" <ed.lopez at> wrote:

In a recent article (, Bruce
Schneier sums up the IoT security mitigation issue quite nicely in this

"The market can't fix this because neither the buyer nor the seller cares.
The owners of the webcams and DVRs used in the denial-of-service attacks
don't care. Their devices were cheap to buy, they still work, and they
don't know any of the victims of the attacks. The sellers of those devices
don't care: They're now selling newer and better models, and the original
buyers only cared about price and features. There is no market solution,
because the insecurity is what economists call an externality: It's an
effect of the purchasing decision that affects other people. Think of it
kind of like invisible pollution."

- Ed Lopez
Ed Lopez | Security Architect | Corsa Technology
Email: ed.lopez at
Mobile: +1.703.220.0988

sent from my iPad ... I apologize for any auto-correct errors

More information about the NANOG mailing list