Invasion of the killer bots
IoT devices used in the energy sector are vulnerable to cyber threat from malware such as the Mirai and more regulation is needed says US think tank
Report from – Damien Carr
The Institute for Critical Infrastructure Technology (ICIT) has blamed manufacturer negligence for the lack of security Internet of Things (IoT) devices such as broadband routers and has urged for more regulation.
In the report ‘Rise of the Machines’ ICIT authors say that a combination of pressure to decrease production costs, be competitive, and a rush to market, contributed to manufacturers’ decisions to produce IoT devices that lack security.
The Mirai and other malware turns computer systems running Linux into remotely controlled ‘bots’ that can be used as part of a ‘botnet’ in large-scale network attacks. These target IoT devices such as remote cameras and broadband routers and are designed to exploit weak security, default credentials, and hardcoded credentials and settings.
In December 2016 hundreds of thousands of Talk Talk and Post Office broadband customers were prevented from accessing the internet after an attack by Mirai botnet, which targeted routers manufactured by Taiwanese company ZyXEL. It followed similar attacks on other telecoms providers in Europe.
More seriously, perhaps was an attack in late October to 3 November, 2016, when a Mirai botnet caused the failure of central heating system in two housing blocks in Lappeenranta, Finland, highlighting the vulnerability of IoT-enabled sensors and devices used to manage energy and heating systems.
The report authors call for the US to develop national regulation that mandate ‘security by-design’ without stifling innovation and while acknowledging the limitations of national regulation in a global market, the authors believe US regulation can influence global trends.
Author James Scott, Sr highlighted the importance of manufacturers embedding security in their devices.
“Security-by-design is an indispensable prerequisite to the establishment of vital critical infrastructure resiliency. Each device vulnerable to adversarial compromise, inflates and bolsters the exploitable cyber-attack surface that can be leveraged against targets, and every enslaved device grants adversaries carte blanche access that can be utilised to parasitically entwine malware into organizational networks and IoT microcosms,” he said.
Prof. Julie McCann of Imperial College, London will be speaking about IoT and the threats it poses to security at Connected Cities.
Supported by real-world case studies and drawing upon the insights of experts in the world of smart cities, Connected Cities will examine key concepts and provide delegates with practical advice about funding and business models for planning and delivering smart city projects.
When: 26 January, 2017
Book now: www.citiesconvention.com/connected