国会议员在本周收到了可怕的警告有关的事情(IOT)所谓的互联网的安全漏洞,因为网络专家警告说,数十亿的新设备来上网的,协调的黑客攻击可能成为 - 字面 - 的问题生与死。
众议员召集响应上个月在物联网安全的听证会是分布式的拒绝服务攻击在互联网上的寻址提供商的Dyn,这导致在热门网站如Twitter和Spotify临时停运。
[ Related:How the Dyn DDoS attack unfolded]
但是,事件,而对于互联网用户的滋扰,影响了公司的尴尬,可能仅仅是一个前奏,在物理世界可能带来的灾难性后果更为严重的攻击,警告布鲁斯,安全专家,并在哈佛大学肯尼迪讲师政府管理学院。
"This is more dangerous as our systems get more critical," Schneier says. "The Dyn attack was benign -- a couple of websites went down. IoT affects the world in a direct, physical manner -- cars, appliances, thermostats, airplanes -- there's real risks to life and property."
[ Related:从缺乏认识物联网安全遭受]
施奈尔和其他证人给的爆炸物联网,其中十亿台设备预计将在未来几年内联机,其中有许多是日常生活中的物体,如家用电器的安全状态的评估醍醐灌顶一般的低利润产品质量 -通过不使用在像苹果或谷歌的高科技公司发现的安全专家的军队制造商生产。
物联网不足,安全可能有可怕的后果
施奈尔描述条件的“市场失灵”,他们认为经济根本就没有在设计和生产阶段激励制造商建立在严格的安全。
So soft entry points in the waves of new products coming online create an environment where those devices can be compromised and marshaled into powerful botnets that could be turned against physical infrastructure.
“总之,物联网安全仍然是远远不够的,”网络安全公司Virta实验室和密歇根大学副教授的首席执行官Kevin富说。“这些攻击没有从根本上新的,但老辣,破坏的规模和基础设施的影响是前所未有的。”
Fu is particularly concerned about the implications of an IoT hack in the healthcare space, where new networked devices are deployed in sensitive environments with self-evident real-world implications.
“我们将有一些严重的麻烦,如果我们不回答这些问题,”富说。“我担心,每一个系统是医院了,比如一天,因为物联网的攻击带来了整个医疗体系。”
政府应该在物联网安全方面发挥作用
政府的适当角色在夯实物联网的安全问题是非常棘手。两边立法者走道承认,调节个人技术是一种非首发,由于技术的发展,以及如何快速安全威胁发展速度迅猛。
Witnesses suggested that organizations like the National Institute of Standards and Technology or the National Science Foundation could play a helpful role by formulating principles-based specifications that could help manufactures and application developers incorporate strong security protections from the outset.
"I think the best place to start is with standards," says Dale Drew, senior vice president and chief security officer at Level 3 Communications, an Internet backbone provider.
施奈尔是同样的,可以被延伸到了全球生产和供应链强大的安全性标准的支持者。但是,在考虑政府的角色,他更进了一步,认为与预期的攻击只恶化,可能要承担人员伤亡,联邦政府将不得不采取行动迟早的事。
[ Related:之后DDoS攻击参议员寻求物联网设备为主导产业的安全标准]
"I see the choice as not between government involvement and no government involvement, but between smart government involvement and stupid government involvement," Schneier says.
他回忆的911恐怖袭击,国会迅速采取行动,授权国土安全部,你会成为一个笨重的官僚主义在网络领域拥有丰富的权威的创建后立即。
虽然他自称自己是没有政府过度监管的风扇,施奈尔从网络攻击看待现实世界的潜在危害视为行动的呼吁。简单地说,“我们规范危险的事情,”他说。
“在危险的事情的世界里,我们限制了创新。你不能只建立坐飞机吧。你不能,因为它可能落在别人的房子,”施奈尔说。“这可能是有趣的游戏和互联网时代已经结束了,因为现在互联网危险的。”
This story, "IoT attacks could bring real-world damage" was originally published byCIO 。