Whose job is it to secure the Internet of Things? *
*This is a story about four people: Everybody, Somebody, Anybody, and Nobody. There was an important job to be done and Everybody was asked to do it. Everybody was sure that Somebody would do it. Anybody could have done it, but Nobody did. Somebody got angry because it was Everybody’s job. Everybody knew that Anybody could do it, but Nobody realized that Somebody wouldn’t do it. And it ended up that Everybody blamed Somebody Because Nobody did what Anybody could have done.
Where were you October 21?
The morning of October 21, 2016 may have started off as just another Friday for you. But it wasn’t just another Friday for the Network Ops teams at Airbnb, Box, Github, Reddit, Spotify, and Twitter.
The most popular web services were out. There was a massive Distributed Denial of Service (DDoS) attack underway against the managed DNS infrastructure of a company named Dyn. Now not everyone may have heard of Dyn, but they, along with Google, Amazon and CloudFlare, are the largest providers of managed DNS services, which are essential to translate natural language domain names such as “airbnb.com” to numeric IP addresses.
Rise of the Machines?
Even more stunning, the DDoS attack originated from a “botnet”of malware infected IoT devices (the malware is named Mirai), including network enabled cameras, digital video recorders and even home routers. Many of the individuals and businesses that own these devices may not even be aware that their devices contributed to this botnet attack from within their home or business networks.
In fact, Mirai has infected over 500,000 devices already and the source code has been made freely available by the hackers on popular code sharing sites, making the propagation of copycat malware all but certain.
Already, competing botnets have emerged, including one called Bashlight that has enslaved over a million infected IoT devices.
IoT: The Known Unknown
What’s interesting is that fully a week before the attack, US-CERT, the United States Computer Emergency Readiness team, part of the U.S. Dept. of Homeland Security, had accurately warned of the heightened DDoS threat from Mirai.
Gartner estimates that there are 6.4 billion connected things today, and that number is expected to grow to 20 billion by 2020. In fact, an internet cartographer recently pinged all connected devices to create this stunning map that shows us just what a vast army can be summoned, if compromised, to launch ever more attacks today.
The answer to my question, and no, it’s not 42
It’s inevitable that devices connected to your network, both at home and at work, are infected with malware, without your knowledge. In fact, there are probably devices on your corporate network, yes, the one that you have responsibility to manage and secure that are infected with malware today.
They may not have been used to attack your corporate assets, yet, but they may in fact be used in DDoS attacks against other businesses or services. If not yet, it’s only a matter of time.
We are, all of us, responsible for doing our bit to secure the part of the network we manage or own, from the global IoT threat. Yes, device manufacturers need to up their game, as do ISPs. But within your own sphere of influence, there are many steps you can take to secure your corporate WLAN from the threat of malware-infected things today.
Technologies exist today to securely identify and effectively contain and firewall each Internet connected thing on your LAN. It’s our collective responsibility to learn about these and take steps today to prevent further attacks.
What are those crucial steps? This Thursday, two of my colleagues – Abby Strong and Mat Edwards – and I will be answering questions on this very topic. Join us in an interactive Facebook Live session covering IoT, Wi-Fi technology, and software-defined security techniques.