In the wake of a string of high-profile distributed denial of service (DDoS) attacks there now a lot more awareness of the potential threat created by connecting millions of devices to the Internet. The issue now is what to do about it.
IT security professionals are now calling for more regulations that would require manufacturers of the types of devices that are being hijacked by hackers to launch DDoS attacks. While that may be a good idea, the current political climate suggests there won’t be any new regulations in the U.S. any time soon. However, president-elect Donald Trump has said that cybersecurity would be a higher priority in his administration. It’s just that rather than shoring up cybersecurity defenses, the tenor and tone of those statements has been focused on increasing the ability of the U.S. government to proactively respond to those attacks.
While it remains to be seen how cybersecurity policies in the U.S. will evolve, there have been some significant advances in terms of IoT security at the processors and software levels that are worthy of note. A new generation of processors from Intel and ARM aimed at IoT devices are significantly more secure than previous generations. On the software side, there’s now a lot of focus on using container software such as Docker in IoT environments to make it simpler to isolate software functions using a lighter weight form of virtualization.
But it may still be a while before Docker containers are sufficiently hardened to address a range of IoT security issues. The furthest along appears to be a resion.os open source project lead by Resion.io.
Another factor is that the processors that are being offered up to better secure IoT environments add more cost to the device. That tradeoff may not be much of a concern in industrial environments where the perceived risks are high. But when it comes to consumer products that were used to launch the latest round of DDoS attacks there’s always resistance to anything that increases a manufacturer’s costs.
In fact, it may be the only way this issue gets addressed in the short term is by making the consumer more aware of the issue. If demand for consumer products that securely connect to the Internet increases, then manufacturers of these devices will inevitably respond. It’s just not clear who has the resources or motivation to create that awareness.
In the meantime, that may mean things will get worse before they get better. Everyone from activists opposed to the Trump administration to terrorist organizations such as ISIS is figuring out how to use the Internet as weapon. Governments might be more motivated to go after the people that created the botnets that are being used to launch cyberattacks. But chances are high that could also lead to an escalation of attacks at a time when many devices on the Internet today have little to no defense mechanisms.
IT security professionals, naturally, are caught on the front lines of this battle. The first order of business for many of them will be to craft a more robust approach to deploying Domain Name Servers (DNS) that are the focal point of DDoS attacks. But the Internet itself becomes more secure, it doesn’t look like there will be any respite from DDoS attacks any time soon.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard berichtet seit mehr als 25 Jahren über Themen aus dem IT-Bereich und hat eine Reihe von Publikationen im Bereich Technologie herausgegeben oder zu diesen beigetragen – darunter InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet und Digital Review. Derzeit bloggt er für IT Business Edge und wirkt bei CIOinsight, The Channel Insider, Programmableweb und Slashdot mit. Mike bloggt außerdem über aufkommende Cloud-Technologie für SmarterMSP.