RSA 2017: The Internet of Things security threat
- 03 February, 2017 11:30
RSA Conference 2017 will take on the threat posed by the internet of things, something that was demonstrated last fall by the DDoS attacks that took down Dyn data centers and many of the high-profile Web sites it supports.
Those attacks, generating peak traffic of 1TByte or more, raise the question of how best to secure these devices, and sessions at the Feb.13-17 conference in San Francisco try to answer it.
+More on Network World: Cisco: Faulty clock part could cause failure in some Nexus switches, ISR routers, ASA security appliances+
The offensive potential is great for compromised IoT devices such as home routers and surveillance cameras because they can readily be hijacked into bot armies that launch these high-volume attacks. The onslaughts are difficult to stem because they come from a wide range IP addresses broadly distributed around the globe.
Akamai, one of the service providers that helped mitigate the first of the large IoT DDoS attacks linked to Mirai malware, is sending Or Katz, one of its researchers to the conference to send a warning. “Once upon a time, the Internet of Things held unimaginable promise,” is how he describes the problem. “Then came Mirai … and all the associated attacks, and suddenly the promise seems more like a threat.”
Attackers can extort money from potential victims by threatening DDoS attacks and demanding payment to call them off. Or they might use the attacks to exact revenge against companies for perceived wrongdoing.
+More on Network World: RSA 2017: Anticipating network security chatter+
But DDoS attacks are just one of the uses to which adversaries can put IoT machines. They can compromise devices that are essential to manufacturing or even human health, where the well-timed attacks on a relatively few devices can damage other equipment, tie up production lines or compromise patients’ well-being.
IoT gear doesn’t exist in isolation, so attackers will seek ways to compromise other devices that they interact with in an effort to affect their usefulness, according to Anthony Gambacorta, the vice president of operations at Synack, who is speaking at the conference. He’ll present specific examples to look out for including products such as IoT’s relationships with cloud servers and mobile applications.
Using data that IoT devices gather as legal evidence poses its own set of problems, which include preserving the data and its integrity, and analyzing it for incident investigations and to present as evidence in court. The nuances of these emerging needs will be examined by attorney Erik Laykin of Duff & Phelps LLC.
Security luminary Bruce Schneier will offer up two sessions about regulating IoT devices, which are woefully insecure, some say because they are not held to any set of security standards. But Schneier says we’d better get ready for them. “Licenses, certifications, approvals and liabilities are all coming,” is how he introduces one of his sessions. “We need to think about smart regulations now, before a disaster, or stupid regulations will be foisted on us.”
+More on Network World: A patchwork quilt of IoT security+
Ransomware – another hot topic at the conference – can be used to lock up IoT devices to cause harm, and its use is projected to continue this year. Ransomware for hire and ransomware kits make this a low-investment, low-skill enterprise that virtually anyone can enter into.
But there is hope. A pair of researchers from Splunk, Rod Soto and Joseph Zadeh, will present a method for detecting and automatically blocking ransomware as it unfolds. Seeking ransomware indicators of compromise, the detection method uses machine learning to head off infections before they take hold and to create policies to block similar ones in the future.
The conference and exhibitors are highlighting endpoint security as well, as described here.
The conference boasts 15 keynotes by vendor executives including Eric Schmidt, CEO of Alphabet, Brad Smith, the president of Microsoft, Zulfikar Ramzan, RSA’s CTO, and Mark McGlaughlin, CEO of Palo Alto Networks.
The cryptographers’ panel, an annual gathering of some of the world’s foremost cryptographers, is scheduled again, with this year’s group made up of Whitfield Diffie (of Diffie-Hellman exchange fame), Ronald Rivest and Adi Shamir (the R and S in RSA encryption), and Susan Landau (as in Landau’s Algorithm). The panel is moderated by Paul Kocher, who developed attacks that can break RSA and Diffie-Hellman.
The list includes speakers from outside tech as well. U.S. Rep. Michael McCaul, chairman of the House Homeland Security Committee, is speaking about “The War in Cyberspace.” He says the U.S. is losing and needs to team up with its allies and the private sector to win.
Astrophysicist Neil deGrasse Tyson will deliver, “An Astrophysicist Reads the Newspaper.” The former head of the U.K.’s MI-5 Stella Rimington will talk about leadership and teamwork. Seth Myers, the host of Late Night with Seth Myers, holds the closing keynote spot.