Can we secure the "Internet of Things" from hackers?

Those of you who live on the east coast of the United States (and to a lesser extent, parts of the west coast) probably remember a day back in October of last year when large segments of the internet suddenly stopped working for you. Sites and web services including Spotify, Reddit, the New York Times website, Netflix and HBO went down. It was all caused by a massive DDoS attack targeting Dyn, an Internet infrastructure company located in New Hampshire. They provide Domain Name System (DNS) services to companies all over the world, but they were effectively shut down when hackers unleashed a tsunami of artifical requests from literally tens of millions of IP addresses bringing many systems to their knees. The hackers weren’t using infected laptops and personal computers in most cases, however. They had created an army of zombie devices referred to as a “Botnet” and the slave devices were a collection of refrigerators, toasters and other innocuous home devices which are connected to the web over what’s referred to as the Internet of Things.

This has created a great deal of justifiable concern in security circles and now Congress is looking at ways to prevent that from happening again. For better or worse this would be done through yet another round of government regulations. (Reuters)

A bipartisan group of U.S. senators on Tuesday plans to introduce legislation seeking to address vulnerabilities in computing devices embedded in everyday objects – known in the tech industry as the “internet of things” – which experts have long warned poses a threat to global cyber security.

The new bill would require vendors that provide internet-connected equipment to the U.S. government to ensure their products are patchable and conform to industry security standards. It would also prohibit vendors from supplying devices that have unchangeable passwords or possess known security vulnerabilities.

I’d normally be rebelling against the idea of yet more government regulation, but this area definitely ties into the field of national security so we at least have to consider it. Reports indicate that as many as 50 billion such “dumb” devices will be connected to the internet by the end of this year. That’s a lot of temptation for hackers and an unmanageable number of bots for them to employ if there isn’t sufficient security in place.

The legislation under discussion would also provide for additional resources to have “friendly hackers” try to crack their way into systems and report back with the results so security can continue to be improved. That’s a double edged sword as far as I’m concerned, because in order to keep up with the cutting edge of the hacking community it’s going to be an interesting vetting process to find actual “white hat” hackers who are up to the job. But, again, I’m not sure if there’s a way around it.

One of my favorite maxims over the past several years is that the internet eventually ruins everything it touches. I originally meant that more in societal terms because of the reactions internet activity can induce in far too many people. But from the tech side, it does seem to me that as we become more and more dependent on the internet for virtually every aspect of our lives we’re handing over our fate to a system that the vast, vast majority of us don’t know the first thing about. (Beyond booting up our devices and posting selfies, anyway.) If it all comes crashing down one of these days it’s going to bring on a new version of the dark ages, and that’s not hyperbole. Cross your fingers and hope it doesn’t happen in your lifetime.