The US government is worried about the rise of national security risks due to the prevalence of insecure IoT devices, which are expected to near 50 billion in coming years. The US Justice Department is trying to pinpoint the threats and vulnerabilities as accurately as possible to understand how terrorists could use IoT to compromise national security.
U.S. Assistant Attorney General for National Security John P. Carlin informs a group inside his division is strictly focusing on detecting and analyzing IoT-related threats. In Carlin’s opinion, next-generation terrorism should be a top priority for federal agencies, while not investigating IoT opportunities and exploits is a huge mistake, especially in the automotive industry.
“We made that mistake once when we moved all of our data, when we digitally connected it, and didn’t focus on how… terrorists and spies could exploit it,” he said. “We can’t do that again when it comes to the Internet of Things, actual missiles, trucks and cars.”
When asked about the internet of things, CIA Deputy Director Dawn said it has had serious security deficiencies from as early as 2014 that allow hackers to launch malware or DDoS attacks.
“Smart refrigerators have been used in distributed denial of service attacks,” said Meyerriecks, while smart LEDs “are communicating that they need to be replaced but are also being hijacked for other things.”
Next-generation terrorism as portrayed by Carlin is heavily linked to compromised IoT devices. The CIA is not the only federal institution looking for a solution. In 2012, DARPA initiated a program focused on IoT vulnerabilities and now the NSA is looking into this issue as well, describing it as both “a security nightmare” and “a signals intelligence bonanza.”
Following the massive 665G bits per second DDoS attack on popular security blog Krebs on Security, officials worry terrorists may apply the same exploit and turn IoT devices into giant botnets for automated attacks on US infrastructure.
“It is a fundamental truth of cybersecurity that your network is only as secure as the weakest piece of hardware or software on [it],” said NSA Deputy Director Rick Ledgett at the U.S. Chamber of Commerce’s 5th Annual Cybersecurity Summit. “And the connection to our networks of hundreds of thousands, maybe millions, of internet-connected devices that come from multiple vendors and have differing software and hardware upgrade paths — without a coherent security plan — means that there are vulnerabilities [created] in those networks.”