Smart Card Alliance Calls for More Secure IoT Devices
In the wake of a massive distributed denial-of-service (DDoS) attack that shut down hundreds of Websites in October, the Smart Card Alliance has issued a warning on the “critical need” to ramp up security on hundreds of thousands of Internet-connected devices. It’s those devices—which range from cars to refrigerators and make up the Internet of Things (IoT)—that hackers are hijacking and incorporating into their botnet attacks, making attacks large enough to overwhelm Websites’ defenses—as was the case in the most recent attack, which affected major Websites including Twitter, Netflix and Spotify, among others. The average attack size has increased by four times over the past year, the trade group noted—and with an estimated 21 billion devices projected to be connected to the Internet by 2020, according to Gartner, attacks will only get larger unless security is improved.
To combat the growing threat, SCA is calling for adding embedded security to IoT devices, similar to that which already is being used in mobile devices, payment chip cards and secure identity tokens. Such measures regulate how communications with IoT devices are authenticated, how access is controlled, how data are protected, how IoT devices are managed and how the IoT device may affect other systems. Such defenses are especially critical for systems that impact safety, such as the functioning of critical infrastructure. SCA has formed an Internet of Things Security Council as a forum where industry stakeholders can discuss security approaches, develop best practices and IoT security standards.
Earlier this year, the Federal Trade Commission recommended that Congress develop new laws to protect consumer security and privacy as more devices becoming connected to the Internet increases the risk that criminals will access personal data or hijack the devices themselves.