The recent botnet attack that hit websites on the east coast isn’t scaring the public away from the benefits of the Internet of Things (IoT). Nor is it driving policymakers to take rash actions.
In the aftermath of the October 21 distributed denial of service attack (DDos) attack on domain name servers, I chatted on Facebook Live with Stacey Johnson, director of strategic partnerships with the Chamber Technology Engagement Center (C_TEC) and Matt Eggers, executive director of cybersecurity policy at the U.S. Chamber.
We talked about the attack and the findings from a Morning Consult poll commissioned by C_TEC to glean the public’s views of IoT.
First, most Americans have a nuanced view of the Internet of Things.
According to the Morning Consult poll, a majority of Americans heard about the attack but a small percentage knew that IoT played a role.
More importantly, a majority see the benefits of the Internet of Things (IoT) to our lives and the economy.
As Johnson noted in the chat, while many Americans don’t know the specific term, “Internet of Things,” the poll showed that they understand we will get tremendous value from IoT devices that monitor our heart rates, improve manufacturing safety, allow for a smarter electrical grid, and help farmers grow more food.
The McKinsey Global Institute estimates that IoT will add $4-11 trillion to the global economy by 2025.
Second, the attack wasn’t likely powered by DVRs or baby monitors. Instead, experts believe that hackers used the Mirai botnet to control Internet-connected security cameras, Wired reports:
The zombie webcam army responsible for Friday’s mayhem instead consists of industrial security cameras, the kind you’d find in a doctor’s office or gas station, and the recording devices attached to them. Also? They’re mostly ancient, by technological standards.
“Most of these were developed in 2004 on down the line,” says Zach Wikholm, a research developer at security firm Flashpoint who’s been tracking the root cause of the attack. “Like most of the things built at the beginning of the internet, they were just built to work. There was no real security consciousness.”
It shows that home internet security is pretty good. From the Wired article:
[S]mart home devices are typically tucked behind a firewall, on non-routable networks that don’t interact with the internet at large. “Typically those type of devices aren’t openly exposed to the Internet,” says Rapid7 security researcher Deral Heiland, who cautions that this doesn’t mean they’re beyond being compromised at all. “Obviously, if malware was able to get inside a home network and then identify other devices on the home network, that could be a potential risk.”
As Eggers pointed out in the chat, each attack is unique, so vigilence and continuous collaboration is needed.
Because of cybersecurity legislation passed in 2015, business victims of cyberattacks can share information with each other as well as government agencies to defend themselves without fear of legal actions.
As for policymakers’ reaction, while lawmakers asked the FCC what, if anything, it should do to improve cybersecurity, the agency answered that current regulations suffice, reports Morning Consult Tech.
Tim Day, C_TEC's senior vice president, told me that refraining from any drastic steps in response to any attack is a sound approach.
“The most important thing to do is not stifle innovation. It’s innovation that is bringing us a smart grid for electricity and a medical device that will tell a doctor or nearby EMT that someone has had a heart attack and is in need of help,” Day said.
Public and private sector cooperation is the key to preventing cyberattacks, said Day: “For a more secure and reliable internet, we need to encourage industry and government collaboration to solve security and privacy concerns.”
The potential of the IoT space is tremendous. Sure there are risks to innovation, but the rewards are there and most Americans understand that and know they can be mitigated.