[OPLIN 4cast] OPLIN 4cast #515: IoT security

OPLIN Support support at oplin.ohio.gov
Wed Nov 9 10:30:01 EST 2016 

Email not displaying correctly? View it in your browser.
<http://www.oplin.org/4cast/>
[image: OPLIN 4Cast]

OPLIN 4cast #515: IoT security
November 9th, 2016

[image: Internet of Things] This is supposed to be the year the Internet of
Things (IoT) becomes the big new thing in our lives. But over the last few
weeks, as many people anticipated <http://4cast.oplin.org/?p=6105>, it has
become the big new scary thing. On the evening of September 20, a
distributed denial of service (DDoS) attack on the Krebs on Security
<https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/>
website was one of the biggest such attacks ever seen, and it was done by
using internet-connected devices in homes and businesses that were very
easy to hack and control. Then on the morning of October 21, many popular
websites were impaired by another DDoS attack
<https://krebsonsecurity.com/2016/10/hacked-cameras-dvrs-powered-todays-massive-internet-outage/>
using poorly-secured IoT devices that targeted Dyn, a major provider of the
DNS services that allow web servers to find each other. These two attacks
got the attention of everyone who has to deal with internet security, and
everyone agrees that the problem is appallingly lax security features on
many internet-connected devices. The question is: Who’s going to fix this?
- Security is fast becoming the achilles heel of consumer Internet of Things
<http://www.forbes.com/sites/janakirammsv/2016/11/05/security-the-fast-turning-to-be-the-achilles-heel-of-consumer-internet-of-things/#7cab7ce01aa5>
(Forbes | Janakiram MSV)  “When an average consumer buys a connected
device, the user manual guides her through the typical process of
connecting and configuring it. There is very little emphasis on protecting
and securing the device and the network. Most of the consumers don’t even
change the default username, password, and the wireless key of the
connected devices. What’s important to understand is that this device can
potentially become the back door to the home network providing access to
the PCs, printers, televisions, and refrigerators, and other appliances.
Once a hacker gains access to your network, he can remote control each of
the connected devices to make them a part of an orchestrated attack.”
- Cybersecurity experts call for ‘internet of things’ standards in wake of
massive attack
<http://www.mercurynews.com/2016/10/24/cybersecurity-experts-call-for-internet-of-things-standards-in-wake-of-massive-attack/>
(Mercury News | Ethan Baron)  “While consumers have a responsibility to buy
safe devices and to set strong passwords, companies making connected
devices must develop standards so their products are ‘secure by design,’
Anscombe said. Some of those standards could govern password strength,
level of encryption and data sharing. ‘The best way for any industry to
have standards is actually to self-regulate,’ Anscombe said. ‘When
governments become involved and have to force regulation, what you find is
the regulation doesn’t allow for innovation.’”
- Why businesses need to secure connected devices to win consumer trust
<http://fortune.com/2016/10/24/internet-of-things-security/> (Fortune |
Jeff John Roberts)  “The issue now is whether the government should do more
to regulate the Internet of things (IoT), or if we can instead trust
companies and the market to solve the problem. You won’t be surprised to
learn companies favor the latter approach. ‘With a brand comes
responsibility, and hacking is a quality and reliability issue,’ said Sami
Nassar, the VP of NXP Semiconductors, who spoke at an event on Monday in
New York, hosted by NASDAQ and the National Cyber Security Alliance. Nasar
pointed out that in the United States, security standards typically emerge
as a result of major companies defining a network ecosystem and requiring
other companies to meet those standards before they can enter it.”
- FCC holds off on security mandates for Internet of Things
<https://morningconsult.com/2016/10/31/fcc-will-hold-off-security-mandates-internet-things/>
(Morning Consult | Brendan Bordelon)  “At issue is whether the FCC’s Open
Internet rules restrict internet service providers’ ability to block
insecure Internet of Things (IoT) devices from their networks and whether
the commission should mandate greater safeguards. But the commissioners
generally believe the Open Internet order already gives ISPs sufficient
leeway to protect their networks from vulnerable internet-connected devices
without additional regulations or standards. And, according to FCC
officials, there isn’t much of an appetite to issue any new mandates now.”

*Articles from Ohio Web Library <http://ohioweblibrary.org>:*

   - Internet of Things becomes Next Big Thing.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=118873042>
   (*Journal of Financial Service Professionals*, Nov. 2016, p.43-46 |
   Richard M. Weber)
   - ForeScout reveals new findings that show common enterprise IoT devices
   are hackable in under three minutes.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=cmh&AN=B2IDMKE1282672>
   (*Marketwire*, 10/25/2016)
   - Handling privacy and security in the Internet of Things.
   <http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=114521106>
   (*Journal of Internet Law*, April 2016, p.3-7 | Katherine Britton)

------------------------------
The *OPLIN 4cast* is a weekly compilation of recent headlines, topics, and
trends that could impact public libraries. You can subscribe to it in a
variety of ways, such as:

   - *RSS feed.* You can receive the OPLIN 4cast via RSS feed by
   subscribing to the following URL: http://www.oplin.org/4cast/
   index.php/?feed=rss2.
   - *Live Bookmark.* If you're using the Firefox web browser, you can go
   to the 4cast website (http://www.oplin.org/4cast/) and click on the
   orange "radio wave" icon on the right side of the address bar. In Internet
   Explorer 7, click on the same icon to view or subscribe to the 4cast RSS
   feed.
   - *E-mail.* You can have the OPLIN 4cast delivered via e-mail (a'la
   OPLINlist and OPLINtech) by subscribing to the 4cast mailing list at
   http://lists.oplin.org/mailman/listinfo/OPLIN4cast
   <http://lists.oplin.org/mailman/listinfo/OPLIN4cast>.

© 2016 Ohio Public Library Information Network
[image: Find us on Slideshare] <http://www.slideshare.net/oplin>  [image:
Find us on Facebook] <http://www.facebook.com/oplin.org>  [image: Find us
on Google+] <https://plus.google.com/107751358238995507967>  [image: Find
us on Twitter] <http://www.twitter.com/oplin>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplin4cast/attachments/20161109/411af5f1/attachment.html>

More information about the OPLIN4cast mailing list