U.S. Sen. Mark R. Warner (D-VA), a member of the Senate Select Committee on Intelligence and co-founder of the bipartisan Senate Cybersecurity Caucus, is seeking for solutions to prevent cyber actors from wreaking havoc using consumer IoT products.
Warner sent letters to the Federal Communications Commission (FCC), the Federal Trade Commission (FTC) and the Department of Homeland Security’s National Cybersecurity & Communications Integration Center (NCCIC), with question on how to better mitigate against attacks by cyber criminals.
“The weak security of many of the new connected consumer devices provides an attractive target for attackers, leveraging the bandwidth and processing power of millions of devices, many of them with few privacy or security measures, to swamp internet sites and servers with an overwhelming volume of traffic,” said Warner.
DDoS attacks are escalating on an unprecedented scale, and this will only get worse as events unfold – largely due to the appalling lack of security on the part of IoT devices manufacturers, and a failure to understand basic cybersecurity procedures, such as changing default passwords, on the part of consumers.
Warner mentioned the use of botnets in DDoS attacks, especially the Mirai botnet, which was released into the wilds of the internet on October 1st. This botnet continuously scans the web for insecure devices, such as IoT devices with default manufacturer passwords, infecting and appropriating them to send crippling levels of network traffic to targeted sites, servers and internet infrastructure providers.
“Under the Federal Communications Commission’s (FCC’s) Open Internet rules, ISPs cannot prohibit the attachment of ‘non-harmful devices’ to their networks” said Warner.
“It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the ‘network’ – whether the ISP’s own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area,” he added.