Page 68 - Cyber Warnings
P. 68
The ability to deploy these large municipal networks is opening the door for companies like
Google, Facebook and Microsoft to work with the Internet Governance Forum to create
municipal networks in developing countries. It’s an initiative they’re calling “Connecting The Next
Billion,” and it’s designed to offer developing nations access to Internet services and
connectivity.
The IoT growth potential with these networks in place are staggering. And again, it highlights the
need for IoT security.
So, how do we fix the IoT security problem? Consumers, vendors and manufacturers all need to
care about securing IoT devices. Unfortunately, right now, they don't. Meaning if you join an
unsecure open Wi-Fi network with your IoT device, there’s a chance you're vulnerable to an
attack.
Because there is a lack of motivation to secure IoT devices, government regulations may be
the fastest way to get manufacturers to prioritize security by design.
This is becoming a hot issue and we’re starting to see industry thought-leaders weigh in on the
topic. For example, Bruce Schneier recently testified in Congress regarding the Mirai botnet
attack. He addressed the growing need for IoT regulation, when he said:
“What this all means is that the IoT will remain insecure unless government steps in and fixes
the problem. When we have market failures, government is the only solution. The government
could impose security regulations on IoT manufacturers, forcing them to make their devices
secure even though their customers don't care. They could impose liabilities on manufacturers,
allowing people like Brian Krebs to sue them. Any of these would raise the cost of insecurity and
give companies incentives to spend money making their devices secure.”
While we may not see government regulations anytime in the immediate future, the industry
(and external researchers) can continue to shed light on IoT security issues by exposing
vulnerabilities in these products.
For example, WatchGuard’s Threat Lab recently discovered a new vulnerability in a cloud-
based management portal for a security camera.
Once the issues were found, the team reported the problems to the manufacturer, which was
able to quickly patch the vulnerability.
While not all manufacturers and vendors today may have the incentive to build secure IoT
devices, organizations offering Wi-Fi can take matters into their own hands to help ensure
consumer safety. If you’re delivering Wi-Fi to customers, employees or partners, consider these
five tips:
1. Deploy a new Wireless Intrusion Prevention System (WIPS) that can easily isolate rogue
APs and stop MiTM attacks in real-time. Yes, these exist (for example, check out
WatchGuard’s new Wi-Fi Cloud).
68 Cyber Warnings E-Magazine – June 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
