Ransomware has most commonly infected desktop and laptop computers, but the DEF CON demonstration provides a glimpse into ransomware’s impact on the Internet of Things (IoT) and the future of crime in cities. As consumers continue to buy Internet-enabled TVs, locks, thermostats and cars, the threat landscape will continue to compound. Today, the promise of our connected future is riddled with security vulnerabilities that can easily be taken advantage of. Unfortunately, the worst is yet to come; even an article in the Wall Street Journal speculated that ransomware would soon make its way to your connected vehicle.
What Are the Underlying Issues?
1. Lack of StandardsBecause there's no unified industry standard for the Internet of Things, this has led to massive fragmentation in the market. Although there are security overlays that will work on multiple standards, most consumers work with what comes right out of the box.
Massive fragmentation poses a challenge because each IoT standard must be updated separately to fix security vulnerabilities and add new functionalities. A close example of this challenge can be seen with the Android operating system, which is also heavily fragmented due to carrier controls and a massive hardware ecosystem with varying specifications. Eventually with Android, consumers will update their physical phone to get access to the latest software and features, but a smart thermostat is more complex to physically replace each year.
2. Consumer Behavior
Poor security practices also contribute to increased risk. A good portion of consumers do not change default administration passwords when purchasing Internet-enabled devices, which makes the device even more susceptible to attack.
3. Pace of Change
Our research shows that the pace of change and technology diffusion is increasing exponentially. This increase creates an opportunity for rapid innovation and quicker consumer product development — but it comes at the expense of additional market fragmentation and security vulnerabilities.
How Will This Impact Government?
When an exploit or hack occurs on one of these smart devices, the first place most people will turn is to their local police department. We saw this firsthand with the rise of online identity theft and even the first nanny camera hacks. The challenge that's quickly emerging, however, is that not every agency will have access to the technical capacity for investigating and prosecuting these new forms of crime.What’s a Government Agency to Do?
There is no silver bullet that will solve this emerging challenge, but there are some simple steps agencies can take to stay ahead of the curve:- Prepare: Ensure your public safety and information technology teams have access to the tools and knowledge necessary to research these new types of crime. There are a lot of certifications and courses that can help you bridge any knowledge gaps.
- Read: Keep up with the latest security vulnerabilities online and offline. You can follow alerts directly from Community Emergency Response Teams (CERT), but don’t stop there.
- Educate: Educate your constituents on how to mitigate cyber-risks and serve as an outlet to proactively inform them about new risks. There are many great resources online you can point constituents to, such as StaySafeOnline.org.
- Partner: Find agencies to partner and collaborate with on threat intelligence and other cybersecurity practices.