Cyber security isn't just about big IT; it's about locks, lights, and even a child's plaything
THE MIL & AERO COMMENTARY 11 Oct. 2016. When it comes to cyber security, a lot of us put our blinders on. We tend to think cyber security is a big information technology (IT) issue; if we're not involved in that, then it's someone else's problem.
Certainly cyber security has nothing to do with such things as smart toys, modern thermostats, and Internet-enabled cameras, right? Well, wrong.
As it turns out, the so-called Internet of things (IoT) with its many Internet-connected devices ranging from children's toys, smart phones, cameras, lights, and smart locks on cars and residential homes may represent one of the most potent cyber security threats we face.
A story in PetaPixel entitled "How cameras helped launch one of the largest cyber attacks in history" outlines how hackers were able to commandeer perhaps thousands of Internet-enabled cameras to launch a huge denial-of-service attack on a blogger site called Krebs on Security (
Related: www.krebsonsecurity.com
Related: DARPA eyes cyber security for Internet of Things (IoT) and embedded computing devices
Maybe cyber security isn't just about big IT, after all.
Think of it: there are upwards of 6.4 billion Internet-enabled devices in the world today, and that number is growing exponentially. Many of these devices have little or no security at all. A good number of Internet routers are wide open, or are using default passwords, which is an invitation for hackers.
In the case of the Krebs on Security denial-of-service attack, hackers were able very quickly to identify, contact, and take control of Internet-connected cameras and order the cameras contact the Krebs Website. The magnitude of this coordinated attack reportedly reached 620 gigabits per second, which would crash about anything online.
We're entering a new era of the connected smart toy, which can learn a child's preferences like a favorite color. Moreover, these toys stay connected to the Internet and receive new functionality about every week. Who ever thought that a child's cuddly smart toy could be a conduit for ever-more-serious cyber attacks?
I certainly never did, but here we are. We could say the same about smart thermostats that enable users to control home temperature remotely via smart phone; smart car locks that enable the user to lock and unlock a car remotely.
Anything connected to the Internet -- no matter how innocuous -- represents a potential avenue for hackers to launch denial-of-service attacks. Perhaps in the future cyber criminals will find ways of using these IoT devices to even more dangerous attacks that could disable, take over, or even destroy critical utility infrastructure, the growing number of driverless vehicles, and perhaps even military systems.
Any Internet-connected device without serious protection, such as complicated and rapidly changing passwords and some form of encryption, is an open door for hackers bent on mischief or worse. This offers a whole new perspective on cyber security and the nature of cyber attacks.
We should consider this next time we think cyber security is only about IT. Cyber security isn't someone else's problem; it's everyone's problem, and we all share responsibility for cyber security ... or the lack of it.
Learn more: search the Aerospace & Defense Buyer's Guide for companies, new products, press releases, and videos
John Keller | Editor
John Keller is editor-in-chief of Military & Aerospace Electronics magazine, which provides extensive coverage and analysis of enabling electronic and optoelectronic technologies in military, space, and commercial aviation applications. A member of the Military & Aerospace Electronics staff since the magazine's founding in 1989, Mr. Keller took over as chief editor in 1995.