Stanford cybersecurity expert Herb Lin says the Oct. 21 cyber attack that snarled traffic on major websites reveals weaknesses in the Internet of Things that need to be addressed. But stricter security requirements could slow innovation, cost more and be difficult to enforce.
The coordinated cyber attack that crippled parts of the internet on Friday highlighted key policy problems, a Stanford cybersecurity scholar said.
And while the problems were clear, there are no easy solutions, said Herbert Lin, a senior research scholar for cyberpolicy and security at Stanford’s Center for International Security and Cooperation. A research fellow at the Hoover Institution, Lin serves on the President’s Commission on Enhancing National Cybersecurity.
Beginning early Friday morning, several major websites including Twitter and Amazon went down for most of the day, and many other sites were inaccessible. The FBI and the Department of Homeland Security are investigating what is described as a DDoS (distributed denial-of-service) attack. The attacks mainly focused on Dyn, one of the companies that run the internet’s domain name system (DNS).
The Stanford News Service interviewed Lin about the issue:
It was a distributed denial-of-service attack on a major internet services provider. The company operates much of the internet’s infrastructure. It’s not a consumer-facing company, but is in between the user and a company like, say, Amazon. These attacks centered on the domain name system (DNS), which is the service that translates something like a Stanford email address into a numerical IP address.
What new public policies could lessen the likelihood of this happening to such a degree again?
The primary policy recommendation is that we need policy that encourages – or mandates, depending on how strong you want to be about it – at least minimal security measures for devices that connect to the internet, even Internet of Things devices. How you actually promote, encourage or incentivize that without a legal mandate is problematic, however, because nobody quite knows what the market will accept.
Does this show that our November election is even more vulnerable to hacking?
At this point, it looks unrelated … But I don’t know, it is all just speculation.
Contacts and sources:
Herbert Lin, Center for International Security and Cooperation,
Clifton B. Parker, Center for International Security and Cooperation