Latest DDoS attack exposes significant security vulnerability associated with some IoT devices

But my concern is that security is not a high enough priority at the moment for those who may be able to develop solutions. Instead, the security question too often is put on the backburner—or ignored altogether—by companies that are under enormous pressure to get their IoT products on the market quickly at the lowest cost possible to increase adoption and revenues.

It is hard to imagine this security issue being addressed, if this trend continues. And that is disconcerting, if not downright scary.

Last Friday’s DDoS attack was an inconvenience; a massive inconvenience to several high-profile enterprises, but essentially an inconvenience. Next time, we might not be so lucky. Could the next such attack cause drones to fall from the sky or autonomous car sensors to malfunction, leading to fatal accidents? Could an attack cripple a first-responder communications network or a 911 system during an emergency, leading to unnecessary losses of life and property? Certainly it is within the realm of possibility, so taking steps to avoid such occurrences is vital.

Of course, history has proven that taking security measures does not guarantee that a cyberattack cannot be executed successfully. But it should not be something that it is easily executed, because an IoT device with little or no security is connected to a critical-infrastructure system.

As has been mentioned in this space before, it’s not clear who can or should make the rules that are designed to ensure that key networks are secure. But something needs to be done quickly, or the vast promise of IoT capabilities will not be realized fully, because critical-infrastructure entities simply will not be able to trust them enough to be utilized in their day-to-day operations.