On February 23rd 2000, Vincent Cerf, one of the fathers of the Internet, stated, “Most of the [Internet] vulnerabilities arise from those who…do not practice what I refer to as good cyber hygiene. They are not sufficiently sensitive to the need to protect the security of the Internet community of which they are a part. The openness of the Internet is both its blessing and its curse when it comes to security.” The Internet was a very different place back in 2000, only 5% of the global population had access to it, and IoT, smart phones and broadband speeds were things of the distant future. But eighteen years later, this quote couldn’t be more urgent and relevant, when over half of the population relies on Internet connectivity and malicious actors do not rest. As new scenarios continue to emerge, it is imperative for all stakeholders to recognize and be prepared to execute their roles and responsibilities, including governments, service providers, device manufacturers and consumers.
Many recent, major breaches could have been reduced if fundamental principles of cyber hygiene had been followed, but human stupidity is always the weakest link, and consumer cyber hygiene remains a much-needed patch. Cyber hygiene practices include, but are not limited to, setting strong passwords, managing the network and performing security and software updates. Unfortunately, these seemingly simple practices are tedious and difficult to maintain for most, and are often overlooked by the latest, greatest security solutions that promise to keep us safe. Consequently, we are living in an era of Internet of Insecure Things. However, consumer cyber awareness and cyber hygiene can go a long-way to fixing the Internet, even creating the consumer confidence necessary to increase IoT adoption and reach its potential.
The private sector is best suited to the creation and maintenance of lightweight and simple solutions to facilitate cyber hygiene at home, but the government’s convening power to enforce standards is what will incentivize all stakeholders. We are happy to report that there are loud signals that this is already happening. Following an executive order signed in May of 2017 by US President Donald J. Trump to strengthen the cyber security of federal networks and critical infrastructure, a first draft has already been published recommending, among other things, that the American government fund a public awareness campaign on IoT security, and make cybersecurity a compulsory part of future engineering degrees. Also, in November of 2017, the National Institute of Standards and Technology (NIST) and the National Cybersecurity Center of Excellence (NCCoE) began to actively seek proposals by technology vendors to provide an example solution to mitigate IoT-based DDoS attacks.
Consequently, service providers, router manufacturers, and technology vendors are now rushing to market with innovative products and solutions aimed at increasing consumer cyber hygiene. In a way, secure devices and services are a marketing opportunity for companies to differentiate themselves and add value in the Smart Home and IoT marketplace, because nobody wants their devices to be easily hacked. The Wi-Fi alliance is leading this industry trend by announcing that it will be rolling out WPA3 this year to set new security and privacy standards. We believe that cyber hygiene starts at home, but because it is impractical to hold consumers responsible if their devices are used in a botnet or if they’re not secure, we welcome the current industry trend to facilitate consumer cyber hygiene by designing devices with security in mind.
The average number of connected devices at home is increasing exponentially, and the IoT discussion should not be about gloom and doom, but rather about the massive opportunities afforded by this revolution. Yes, there are risks, but they can be significantly mitigated by the application of proper cyber hygiene by each of us. For its part, Netonomy is joining this fight by providing a lightweight agent-based solution that can be deployed over-the-air and at scale to all home routers, including legacy, at a low cost. Our agent boosts the router –the gateway to all your devices, with Artificial Intelligence and Machine Learning to provide network visibility, security and management controls in an easy to use and friendly white-label app. Securing the Internet of Insecure Things will be no easy task and we all have a role to play.
Tune in every Wednesday for cyber hygiene tips you can implement in your network!