IoT Threats: Whose problem is it?

by Ron Winward

If you think about it, 2016 was a year that will forever change the way many people think about cyber security and some fundamental best practices. After the attacks on Dyn shook the internet in October, many organizations will forever deploy redundant DNS services or providers. Further, people now use 1 Tbps as their high watermark for DDoS protections and more organizations are adopting hybrid DDoS protections.

Not long after the Dyn attack, there was a congressional hearing on the state of Internet of Things (IoT) security and its threat to Internet. Among others, the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) have both recently published IoT security guidelines. The FTC even sued manufacturer D-Link, claiming they had insufficient protections built into their devices.

Earlier this year, I presented some technical research on the Mirai botnet at NANOG 69 in Washington DC, and I also joined a panel to discuss IoT security. Half of the panel members represented service providers and manufacturers, and the other half represented policy and regulation interests. The consensus of the panel was that we clearly have a huge threat, but how to address the issue is even more difficult.

Read more: