Cyber Attacks – the Worst is Still Ahead

Cyber Attacks – the Worst is Still Ahead

This post is also available in: heעברית (Hebrew)

The coordinated cyber attack that crippled parts of the internet on October 21 highlighted key policy problems, a Stanford cybersecurity scholar said.

Herbert Lin, a senior research scholar for cyberpolicy and security at Stanford’s Center for International Security and Cooperation, says there are no easy solutions. A research fellow at the Hoover Institution, Lin serves on the President’s Commission on Enhancing National Cybersecurity.

Several major websites including Twitter and Amazon went down for most of the day, and many other sites were inaccessible. The FBI and the Department of Homeland Security are investigating what is described as a DDoS (distributed denial-of-service) attack. The attacks mainly focused on Dyn, one of the companies that run the internet’s domain name system (DNS).

In an interview to the Stanford News Service, published on the university’s website, Lin said this attack targeted “a major internet services provider which operates much of the internet’s infrastructure. It’s not a consumer-facing company, but is in between the user and a company like, say, Amazon.” These attacks centered on the domain name system (DNS).  

The attack flooded the company’s servers “with millions of fake requests from sources for service to go to those web sites. Being forced to process all these requests, the company can’t service real people trying to use web sites. The millions of sources making these requests appear to have been part of the Internet of Things.”

Most of the devices “weren’t, by and large, products like your computer or mine, but were

mostly smaller things like surveillance cameras, baby monitors and home routers [everyday objects that have network connectivity to the internet]. What makes these things particularly vulnerable is that they are small, they don’t have much computational power in them, and they don’t include many, if any, security features. In fact, a Chinese company just admitted that it didn’t pay enough attention to security, and they recommend users do some things to improve security. But they shipped their products without paying much attention to security, and that’s why this was a vulnerability.”

His primary policy recommendation for the future is that “we need policy that encourages – or mandates, depending on how strong you want to be about it – at least minimal security measures for devices that connect to the internet, even Internet of Things devices. How you actually promote, encourage or incentivize that without a legal mandate is problematic, however, because nobody quite knows what the market will accept. Also, if you’re going to force manufacturers to pay attention to security, you’re going to reduce the rate of innovation for these products. Then there’s the question of who’s going to buy them, because the unsecure ones will probably be cheaper. The fundamental problem here is that guys who use the Internet of Things, like surveillance cameras, will find those cameras work perfectly fine, even if they were compromised. So they don’t care about security. They have no incentive to do so. Why should they pay more to protect me?”

For more details


Subscribe to our newsletter

SIMILAR ARTICLES

image provided by pixabay

image provided by pixabay

photo illus. artificial intelligence by Pixabay

image provided by pixabay

images provided by pixabay

image provided by pixabay

smart city. image by pixabay

image provided by pixabay