Dyn attack: US Senator wants to know why IoT security is so anemic

Dyn attack: US Senator wants to know why IoT security is so anemic

Sen. Mark Warner sent letters to FCC, FTC and DHS to find out what can be done to prevent attacks like the one that hit Dyn; how defend against botnet attacks like Mirai’s.

The security around the development of Internet of Things products is weak and U.S. Sen. Mark R. Warner (D-Va.) today sent a letter to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS) to ask why and what can be done to fix the problem.

Sen. Mark Warner (D-VA)
Sen. Mark Warner (D-VA)

In the letter Warner, who is member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, asked questions such as: What types of network management practices are available for internet service providers to respond to DDoS threats? And would it be a reasonable network management practice for ISPs to designate insecure network devices as “insecure” and thereby deny them connections to their networks, including by refraining from assigning devices IP addresses?

+More on Network World: DoJ: What does it take to prosecute federal computer crimes?+

“The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic,” Sen. Warner said in a statement.  “I am interested in a range of expert opinions and meaningful action on new and improved tools to better protect American consumers, manufacturers, retailers, Internet sites and service providers.”

Weak security features in many of IoT products can enable access to user data by hackers, create easy entry points to home or work networks, and allow hackers to hijack devices into enormous botnets used to send crippling amounts of data to specific internet sites and servers, Warner said. “Botnets are frequently referred to as ‘zombie computers,’ the metaphor is appropriate: bad actors infect unsuspecting computers and network devices with malware, sending remote commands to hordes of compromised computers to maliciously cripple parts of the Internet. Experts say that is what occurred on [last] Friday, temporarily affecting Twitter, Netflix, PayPal and other popular sites.”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s