A recent significant slowdown, and in some cases failure, of prominent internet sites affected a broad spectrum of users. Now, according to cybersecurity expert Brian Krebs, U.S. Sen. Mark R. Warner (D-VA), co-founder of the Senate Cybersecurity Caucus is pushing federal agencies for possible solutions and responses to the security threat from insecure “Internet of Things” (IoT) devices, such as the network of hacked security cameras and digital video recorders that were reportedly used to help bring about last Friday’s major internet outages.
In letters to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security (DHS), Warner called the proliferation of insecure IoT devices a threat to resiliency of the internet.
“Manufacturers today are flooding the market with cheap, insecure devices, with few market incentives to design the products with security in mind, or to provide ongoing support,” Warner wrote to the agencies. “And buyers seem unable to make informed decisions between products based on their competing security features, in part because there are no clear metrics.”
According to Krebs, Warner’s letter notes, last week’s attack on online infrastructure provider Dyn was launched at least in part by Mirai, a now open-source malware strain that scans the Internet for routers, cameras, digital video recorders, and other devices protected only by the factory-default passwords. Once infected with Mirai, the IoT systems can flood a target with junk web traffic.
A copy Warner’s letter is available here. Read more at Krebs on Security.