Thursday, October 27, 2016

Intel IoT Security Maven: Divide the Internet Into Compartments to Save Us From the Internet of Things

From The Register, whose headlines and sub-heads are usually livelier than ours:

Divide the internet into compartments to save us from the IoT fail whale
Intel's chief IoT security bloke puts forward one possible solution
The best way of protecting us from Internet of Things botnets is to compartmentalise the entire internet, Intel’s chief architect for IoT security solutions has said.

Sven Schrecker, speaking exclusively to The Register at IoT Solutions World Congress in Barcelona, also branded the potential impact of IoT botnets as ‘“devastating”, warning that the Krebs website attack was just the tip of the iceberg.

So far IoT botnet miscreants have employed “quiet exploitation followed by loud exploits,” Schrecker said. “They’re just making it difficult for internet services to function.”
If the operators behind these IoT-enabled botnets were to “point them at industry” instead of smaller targets such as individual journalists’ websites, as happened with infosec researcher Brian Krebs, the impact on the world economy could be “devastating”, he added.

The recent high-profile IoT botnet DDoS attacks have, so far, avoided using traditional traffic amplification techniques such as DNS reflection because consumer-grade IoT devices are so easily hacked en masse. This makes it much harder for DDoS mitigation services to cope, as was seen when Akamai threw Krebs off its network with two hours’ notice.

An attack against infrastructure would quickly harden legislators’ attitudes towards the IoT, Schrecker warned, giving them a “very strong will to alter” existing light touch governmental security mandates.

Is self-regulation an option before the same sharp minds that gave us the EU cookie directive omnishambles set their sights on the IoT? Schrecker was quietly confident, though he hedged his bets: “We have the makings of a standard for IIOT [Industrial Internet of Things, the new-fangled term for what used to be called M2M]. If that works, it can go to IoT. Setting standards is not a quick process but consolidated industry opinion saying the same thing, that’s much more strengthened.”...MORE