By Julio Gil-Pulgar,
In October, using new techniques and new cyber weapons, attackers disrupted several major websites all over the U.S. As a result, legislators have been hearing calls for regulating the Internet of Things (IoT). In fact, the Chair of the National Republican Congressional Committee has shown an openness to regulating IoT devices.
IoT Devices Pose Risks to Users
Specifically, regarding regulating IoT devices, U.S. Representative Greg Walden (R) of Oregon said, “While I am not taking a certain level of regulation off the table the question is whether we need a more holistic approach.”
The unparalleled, massive Distributed Denial of Service (DDOS) attack against Dyn’s managed infrastructure severely disrupted major websites, such as Amazon, CNN, HBO, Netflix, The New York Times, and Twitter. The attack took place on Friday, October 21, 2016.
Consequently, worried lawmakers have been debating about introducing regulation for the IoT. For example, Walden chaired a joint hearing entitled “Understanding the Role of Connected Devices in Recent Cyber Attacks.” This hearing took place before the Energy and Commerce subcommittees on communications and technology, and commerce, manufacturing, and trade, on November 16, 2016.
Calls for Government to Provide Regulation Guidance
At the hearing, Dale Drew, Chief Security Officer, Level 3 Communications, testified,“Estimates suggest there are already billions of IoT devices in operation and their use is growing dramatically. However, the lack of adequate security measures in these devices also poses significant risks to users and the broader internet community.”
Drew called on the government to provide guidance, because “The current lack of any security standards for IoT devices is certainly part of the problem that ought to be addressed. In particular, IoT manufacturers and vendors should embrace and abide by additional security practices to prevent harm to users and the internet.”
Another call for further government intervention came from Bruce Schneier, Special Advisor to IBM Security and CTO of Resilient. Schneier declared, “If we want to secure our increasingly computerized and connected world, we need more government involvement in the security of the ‘Internet of Things’ and increased regulation of what are now critical and life-threatening technologies. It is no longer a question of if, it is a question of when.”
The Cyber Attack Against Dyn
The New York Times described the attack against Dyn as follows: “In a troubling development, the attack appears to have relied on hundreds of thousands of Internet-connected devices like cameras, baby monitors and home routers that have been infected – without their owners’ knowledge – with software that allows hackers to command them to flood a target with overwhelming traffic.”
Dyn is a cloud-based company that manages Internet traffic and core services. Dyn’s keyfindings on the October 21 attack are:
- The attack has been analyzed as a complex and sophisticated attack, using maliciously targeted, masked TCP and UDP traffic over port 53.
- The Mirai botnet was confirmed as the primary source of malicious attack traffic.
- The attack generated compounding recursive DNS retry traffic, further exacerbating its impact.
- Dyn is collaborating in an ongoing criminal investigation of the attack and will not speculate regarding the motivation or the identity of the attackers.
Decentralizing the Internet Through Blockchain Technology
Recent cyber-attacks have demonstrated that the need for a less centralized Internet is becoming increasingly imperative. Decentralization eliminates single points of failure.
In this regard, innovative startups are already building various blockchain-based solutions designed to decentralize the Internet.
For example, Nodio is building a blockchain-based router that will allow users to create decentralized applications (dApps). As the blockchain resides on multiple nodes or computers, it is safe from a single point of failure perspective. That is, if one node fails, the other nodes continue operating.
“Nodio enables creating a working connection scheme with no central unit (which, in most cases, gets easily hacked). The main goal of this device is to become a tool for the developers to build end-to-end decentralized applications with a zero-knowledge proof,” according to the Nodio white paper.
ZeroNet also offers technology to facilitate the creation of decentralized solutions using Bitcoin and Bittorrent technology. In effect, ZeroNet provides distribution of content over the Internet without any central server.
Imposing regulations will not make the Internet more secure. Instead, the solution resides in building applications, through Bitcoin and blockchain technology, which are fully distributed and run in decentralized networks.