Alex Madison | October 4th, 2016
The Internet of Things

 A “National Treasure,†or a Worldwide Problem of Epic Proportions?
Another wild week on the Internet has led a lot of people to wonder whether their remote security cameras on their home, or their refrigerator, or both, have teamed up to join other household appliances to wage war over the Internet through high powered Distributed Denial of Service (or “DDoSâ€) attacks against high-value targets, like the website of the most famous Cybersecurity blogger today, Brian Krebs. Could this be true? Can your refrigerator be hacked and thereafter weaponized?
Well, not really. But….sort of. As one recent article noted: “Brian Krebs did a simple thing. He reported on the take-down of a distributed denial of service (DDoS) for hire group, vDOS, and the arrest of two of its Israeli teenage operators. The ensuing cyber temper tantrum, which was forensically linked to one of the teenagers, resulted in the largest DDoS attack on record and affected hundreds of businesses and thousands of users.†The IoT has been charged (rightly so) with a lot of things. Game-changer? Yes. Revolutionary? Yes. A Driver of Efficiency and Customer Experience? Of course. Co-conspirator? Well, that is a new one. Pan stage left to an FBI “America™’s Most Wanted†Poster – at No. 3 is ….your toaster.
So here is the problem. According to multiple press reports, two individuals, likely harnessing the power of hundreds of thousands of hacked IoT Devices took down Brian™’s website, which was very well protected and sophisticated. The attack was recorded at 620 gigabyte per second, which was approximately twice the size as the then largest DDoS attack. Then days later, French web hoster OVH reported a DDoS attack of more than double the size of the Krebs attack.
In the necessary (and by the way, very successful) drive to better connect customers over the Internet with their appliances, their sellers, and their manufacturers, some manufacturers forgot one little point. Without sufficient precautions to harden their connections, some of these IoT devices have been found to be as porous to cyber attacks as a near-sighted hockey player. This one article raises the problem exactly better than I ever could:Â
“But by way of illustration for this point, compare a smart phone to an internet enabled-refrigerator. The smart phone can potentially do far more harm (it handles confidential data, banking credentials, passwords, it has a camera/microphone that could be abused, and it provides an ideal staging post to hack other devices, with a full operating system and both Wi-Fi and cellular internet access). However, by its nature, the smart phone is known from the outset to be potentially vulnerable, and not just by the manufacturer but the third party app providers and the users all appreciate that security is paramount. Therefore security measures are built-in and crucially, enabled and operated. Updates to protect against new vulnerabilities are applied automatically, and security beyond passcode protection is augmented with data encryption and cryptographically-signed software. By contrast, the fridge just gets unboxed and powered up. It most likely uses universal plug and play connectivity to make it easy to network and because there was little or no consideration to the need for security during its design, it is highly prone to compromise. But what harm can a fridge do? A Stuxnet takeover isn’t going to do the same amount of damage – maybe the milk will go off if the fridge thermostat is overridden?”Â
The cyber security of the Internet of Things is a complicated subject. The above DDoS attacks are really just the visible part of the iceberg that is floating to our shores. And truly it is an iceberg, because unlike many other types of cyberattacks, an attack on an IoT device (this time maybe it’s in a building, a manufacturing facility, or on the shop floor) could conceivably cause the loss of life or limb. Quite similarly, catastrophic consequences could also result if such an IoT or connected device was perhaps located in an airplane, automobile, or in a weapons system that got hacked and thereafter directed towards the civilian population. Taken to the logical extreme, rather than 150,000 devices, one could conceive of a DDoS commenced by millions of devices arranged in a lethal botnet that strikes “the right place at the wrong time,†causing catastrophe and chaos. Can a DDoS attack of epic proportions take down the Internet?Â
Let™’s leave that question alone for the moment.Â
Fortunately some very smart people in government, like my friend Ronald Ross from the National Institute of Standards and Technology (the “NISTâ€), have prescribed new ideas and concepts for manufacturers of IoT devices that advise and caution them to think about cybersecurity first, and to build their devices so they are “secure by design.†Though the NIST guidelines are only guidelines today (and not law), it is hoped that they will change the way manufacturers think about and design IoT devices. Similarly, there are new initiatives within the Defense Department that require weapons and weapons systems to be cyber-hardened and secure by design. But what about the millions of devices already out there that are connected to the Internet? That truly is the problem, and the dilemma. With stronger malware detection capabilities, and strong cyber “assessment protocols,†many existing IoT-related problems can be discovered before they do any harm. For those business that rely on internet connected devices to run their buildings, manufacturing plants, and business that have not assessed their IoT devices, there are many cybersecurity consultants waiting to help and assist you. The cybersecurity of the IoT, however many billions of dollars in wealth and efficiencies of scale it has created, is a problem that we need to reckon with today. It cannot wait till something else bad happens.Â
Alex Madison | October 4th, 2016
The Internet of Things

 A “National Treasure,†or a Worldwide Problem of Epic Proportions?
Another wild week on the Internet has led a lot of people to wonder whether their remote security cameras on their home, or their refrigerator, or both, have teamed up to join other household appliances to wage war over the Internet through high powered Distributed Denial of Service (or “DDoSâ€) attacks against high-value targets, like the website of the most famous Cybersecurity blogger today, Brian Krebs. Could this be true? Can your refrigerator be hacked and thereafter weaponized?
Well, not really. But….sort of. As one recent article noted: “Brian Krebs did a simple thing. He reported on the take-down of a distributed denial of service (DDoS) for hire group, vDOS, and the arrest of two of its Israeli teenage operators. The ensuing cyber temper tantrum, which was forensically linked to one of the teenagers, resulted in the largest DDoS attack on record and affected hundreds of businesses and thousands of users.†The IoT has been charged (rightly so) with a lot of things. Game-changer? Yes. Revolutionary? Yes. A Driver of Efficiency and Customer Experience? Of course. Co-conspirator? Well, that is a new one. Pan stage left to an FBI “America™’s Most Wanted†Poster – at No. 3 is ….your toaster.
So here is the problem. According to multiple press reports, two individuals, likely harnessing the power of hundreds of thousands of hacked IoT Devices took down Brian™’s website, which was very well protected and sophisticated. The attack was recorded at 620 gigabyte per second, which was approximately twice the size as the then largest DDoS attack. Then days later, French web hoster OVH reported a DDoS attack of more than double the size of the Krebs attack.
In the necessary (and by the way, very successful) drive to better connect customers over the Internet with their appliances, their sellers, and their manufacturers, some manufacturers forgot one little point. Without sufficient precautions to harden their connections, some of these IoT devices have been found to be as porous to cyber attacks as a near-sighted hockey player. This one article raises the problem exactly better than I ever could:Â
“But by way of illustration for this point, compare a smart phone to an internet enabled-refrigerator. The smart phone can potentially do far more harm (it handles confidential data, banking credentials, passwords, it has a camera/microphone that could be abused, and it provides an ideal staging post to hack other devices, with a full operating system and both Wi-Fi and cellular internet access). However, by its nature, the smart phone is known from the outset to be potentially vulnerable, and not just by the manufacturer but the third party app providers and the users all appreciate that security is paramount. Therefore security measures are built-in and crucially, enabled and operated. Updates to protect against new vulnerabilities are applied automatically, and security beyond passcode protection is augmented with data encryption and cryptographically-signed software. By contrast, the fridge just gets unboxed and powered up. It most likely uses universal plug and play connectivity to make it easy to network and because there was little or no consideration to the need for security during its design, it is highly prone to compromise. But what harm can a fridge do? A Stuxnet takeover isn’t going to do the same amount of damage – maybe the milk will go off if the fridge thermostat is overridden?”Â
The cyber security of the Internet of Things is a complicated subject. The above DDoS attacks are really just the visible part of the iceberg that is floating to our shores. And truly it is an iceberg, because unlike many other types of cyberattacks, an attack on an IoT device (this time maybe it’s in a building, a manufacturing facility, or on the shop floor) could conceivably cause the loss of life or limb. Quite similarly, catastrophic consequences could also result if such an IoT or connected device was perhaps located in an airplane, automobile, or in a weapons system that got hacked and thereafter directed towards the civilian population. Taken to the logical extreme, rather than 150,000 devices, one could conceive of a DDoS commenced by millions of devices arranged in a lethal botnet that strikes “the right place at the wrong time,†causing catastrophe and chaos. Can a DDoS attack of epic proportions take down the Internet?Â
Let™’s leave that question alone for the moment.Â
Fortunately some very smart people in government, like my friend Ronald Ross from the National Institute of Standards and Technology (the “NISTâ€), have prescribed new ideas and concepts for manufacturers of IoT devices that advise and caution them to think about cybersecurity first, and to build their devices so they are “secure by design.†Though the NIST guidelines are only guidelines today (and not law), it is hoped that they will change the way manufacturers think about and design IoT devices. Similarly, there are new initiatives within the Defense Department that require weapons and weapons systems to be cyber-hardened and secure by design. But what about the millions of devices already out there that are connected to the Internet? That truly is the problem, and the dilemma. With stronger malware detection capabilities, and strong cyber “assessment protocols,†many existing IoT-related problems can be discovered before they do any harm. For those business that rely on internet connected devices to run their buildings, manufacturing plants, and business that have not assessed their IoT devices, there are many cybersecurity consultants waiting to help and assist you. The cybersecurity of the IoT, however many billions of dollars in wealth and efficiencies of scale it has created, is a problem that we need to reckon with today. It cannot wait till something else bad happens.Â
- Brand
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- Corporate Revolt Over Campaign Donations Shakes Political World
- What Happens Next?
- CSR & Sustainability
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Over the River and Through The Woods
- Why Non-Profits are so Vulnerable to Crisis Risk
- The Threat to Free Markets
- What Happens When Nonprofits Get Caught In The Klieg Lights?
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Communications
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Reflections on a Turbulent Year: 2020
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- Here We Come
- The Ministry of Common Sense
- Why Should I Apologize? Lawyers vs. Communicators
- What Happens Next?
- CSR & Sustainability
- A Conversation with Abbe Lowell
- A New Year’s Resolution
- Public Perception & the Biden Transition
- WATCH: Reputation Management with PRSA
- Company News
- Reflections on a Turbulent Year: 2020
- Here We Come
- Recent Awards & Recognition
- Won’t You Be My Neighbor?
- What’s a Director to Do?
- LEVICK Announces Partnership with BCG
- A New Look
- Albert Krieger, 1923-2020
- LEVICK Announces Partnership with Jipyong
- Speaking to In-House Counsel
- Childhood Lessons
- LEVICK Announces New Webinar Series with Turbine Labs
- Crisis
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Reflections on a Turbulent Year: 2020
- 3 Tech Lessons Businesses Must Learn From COVID-19
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Finance
- Here We Come
- The Threat to Free Markets
- Advisory & Insurance Services
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Consumer-Focused Solutions for Financial Health
- Event: Consumer-Focused Solutions for Financial Health
- Sports: Power and Money in a New Age of Social Justice
- The Balancing Act: The Role of Whistleblowers in American Commerce and Government
- The Evolving and More Powerful FARA
- FCPA & Compliance in a Time of Uncertainty
- Shareholders vs. Stakeholders: Is the Paradigm Shifting?
- Guest Column
- Guest Blog: The Mainstream Media Gets an A for Intellectual Arrogance, an F for Journalism
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- Buckle up Directors: Cybersecurity Risk and Bankruptcy Risk Are Not Mutually Exclusive
- South Africa: The Slow Decline of the ANC
- Why CSR Fails and How to Fix It
- What to Expect Following the European Elections?
- Buhari Inaugurated. What Now for Nigeria?
- Marketing- It’s Up To You…
- Crisis Management lessons from the air-crash investigation model
- The Future of War
- Health
- Reflections on a Turbulent Year: 2020
- Food Issues & the Biden Administration
- Covid-19: The Pandemic that Never Should Have Happened
- Pharma’s Post-Pandemic Policy Outlook
- Keeping Hope Alive
- Real Herd Immunity
- The Fiction of College Sports Amateurism
- Mac Summit: Crisis Communications in a Post-Covid, Post-Election World
- Travel Industry Communications in the Age of Covid-19
- Track of Time
- Is C-19 Taking Women Lawyers’ Careers Back to the 1950s?
- Post-Pandemic PR Strategy
- In Memoriam
- Snider’s Super Foods: Locally World Famous
- Speak Truth With Love, Not Anger
- In Memoriam: Stephen Susman
- Letter to the Movement
- John Lewis’ Life Bridged the Best of America
- Albert Krieger, 1923-2020
- In Memoriam of Marcia Horowitz
- Jim Lehrer Passes Away
- Martin Luther King, Jr.
- Harold Burson Passes Away
- Interviews
- CommPRO: Ruth Bader Ginsberg’s Life & Legacy
- Richard Levick on “My Wakeup Call”
- Primerus Webinar: Into the Wind
- The Future of Baseball Post-Pandemic
- Webinar: The End of Brand Neutrality
- Thought Leadership & Organic Growth
- Man & Superman
- LEVICK Announces New Webinar Series with Turbine Labs
- Navigating Coronavirus Challenges in the Insurance Industry
- VIDEO: How to Anticipate & Avoid a Crisis
- What’s Next? with Julie Chase
- What’s Next?: California Electoral Behavior
- Law Firms
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- A First Look at the Google Antitrust Suit
- The Latest Top Class Actions
- Trust on Trial: How Communicators Succeed in a World No Longer Trusted
- The Latest Settlements, Class actions, Investigations & More
- Litigation
- Fighting for the Rule of Law with Marshall Harris
- Why Should I Apologize? Lawyers vs. Communicators
- A Conversation with Abbe Lowell
- Leveraging Legal Expertise in Communications
- You Took a PPP Loan. Now Get Ready to Talk About It.
- Beyond Black Swan: Positioning the law firm for the new normal
- A Salute to Personal Courage and the Rule of Law
- Cyber Risk Institute Expands Its Profile
- When a client becomes a law firm’s PR nightmare
- The General Counsel’s Dilemma
- WATCH: Revolutionizing Litigation Finance
- Litigation Finance: Revolutionizing Litigation
- Our Work
- Recent Awards & Recognition
- The Cyber Bad Guys Are Getting Worse
- Crisis Communications & The Age of Cancel Culture
- Standing on the Shoulders of Giants
- Video: Conversations with American Legends
- Staying Ahead of the Crisis
- A New Era of Insurance Marketing
- Infographic: Judgment Free Zone
- Infographic: Barriers to Entry
- Infographic: History Meter
- Assistance for Law Firms Engaged in Pro Bono
- Webinar: The End of Brand Neutrality
- Public Affairs
- “Crooked Dominion Machines,” Impeachments, Insurrections & The First 100 Days
- Trump’s pardons undercut a decade of foreign lobbying law enforcement. What now?
- Fighting for the Rule of Law with Marshall Harris
- The Fifth Estate: A Business Guide for Surviving “The Troubles”
- What to expect as the clock approaches midnight
- How to Stop the Madness
- Corporate Revolt Over Campaign Donations Shakes Political World
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- Food Issues & the Biden Administration
- The Cost of Government Regulation and the Threat to Free Enterprise
- Risk
- Ingredients of Decency
- ESG Performance and Credit Markets
- The Coronavirus Saga is Just Beginning
- No. 1 Risk of the Decade
- The Risk Evolution of Corporate Risk
- Extend Risk Management Reach
- Collective Action
- Risk Identifying Software
- The New Risk of Doing Nothing
- Political Unrest In Hong Kong
- High-Profile Kidnaps in African National Parks
- Cyber Resilience
- Social
- The Ministry of Common Sense
- How to Stop the Madness
- A Remembrance of Tommy Raskin
- No ‘justice’ in rep’s vote
- A Call for Orderly & Peaceful Transition of Power
- Recovering from the Greatest Sacrifice
- CSR & Sustainability
- A New Year’s Resolution
- Dropping the Mic
- Won’t You Be My Neighbor?
- Crisis, Covid, DEI & the Election
- MLK’s Memphis Address
- Technology
- 3 Tech Lessons Businesses Must Learn From COVID-19
- Constella Intelligence Announces Hunter for Improved Investigation Capability
- Cyber Risk Institute Expands Its Profile
- Digital Politics: The Future of Voting Technology
- Ethics in Electronics
- The Cyber Bad Guys Are Getting Worse
- A First Look at the Google Antitrust Suit
- The Pause
- Cybersecurity Incidents of the Summer
- The Changing Digital Economy and Cyber Risks
- The Future of U.S. Manufacturing
- Tech CEO Summer Superbowl hearing
- This Week
- A Remembrance of Tommy Raskin
- A New Year’s Resolution
- Over the River and Through The Woods
- Dropping the Mic
- Won’t You Be My Neighbor?
- The Cyber Bad Guys Are Getting Worse
- What We Hear
- Track of Time
- Video: Conversations with American Legends
- Conversations with American Legends
- A New Era of Insurance Marketing
- American Legend