There’s a rising risk of denial of service attacks due to the widespread use of smart devices like thermostats, TVs and fridges, which are often built “with no thought to security,” according to former Department of Homeland Security Director Michael Chertoff.
It’s a serious threat, as companies like Mastercard and Amazon partner with appliance makers like Samsung and Whirlpool to enable refrigerators and dishwashers to restock themselves by placing orders over the Internet.
Chertoff, who is now in private practice, warned participants at the Structured Finance Industry Group’s annual conference that these devices are being built with no way to update passwords or employ security patches. This makes it easy for cyber criminals to use them devices to build “zombie” networks that can forward transmissions such as spam or viruses to other computers on the internet.
He said there may be no way to prevent hackers from getting into a network, though companies can take steps to manage and mitigate attacks. “The biggest vulnerability of our networks is people,” so train and educate employees on cybersecurity, and test them.
Beware of the vulnerability of vendors and other business partners.
Beware of adding new devices.
Restrict access within a network to prevent people from going into areas where they don’t belong.
And have a response plan to shut it down with minimum damage.
Chertoff said that criminal activity on Internet is not that different from criminal activity in the physical world, “except it is scaled up vastly more powerful than [it would be] in a physical space.”
He noted that there is a debate going on as to the appropriate point for the government to step in to assist a private company that could be overwhelmed in a cyberattack sponsored by a foreign government. “It’s difficult to expect the private enterprise to take this on, on their own.”