On 21st October Last Year a variety of major websites including those of Twitter, PayPal, Spotify, Netflix, The New York Times, and The Wall Street Journal stopped working. The cause was a distributed denial-of-service attack, not on these websites themselves but on the provider they and many others used to support the Domain Name System, or DNS, which translates the name of the site into its numerical address on the Internet. The DNS provider, in this case, was a company called Dyn, whose servers were barraged by so many fake requests for DNS lookups that they couldn’t answer the real one.
Distributed denial-of-service attacks are common enough but two things made this attack special. First, it stumbled a large DNS provider, so it disrupted many different websites. Also, the fake requests didn’t come from the usual botnet of compromised desktop and laptop computers. Rather, the attack was orchestrated through tens of millions of small, connected devices, things like Internet-connected cameras and home routers components of what is often called the Internet of Things, or IoT for short.
For several years now, the number of things connected to the Internet including phones, smart watches, fitness trackers, home thermostats, and various sensors has exceeded the human population. By 2020, there will be tens of billions of such gadgets online. The rapidly increasing size of the Internet of Things reflects the fastest economic growth ever experienced in any sector in the history of human civilization. For the most part, this development promises great excitement and opportunity for engineers and society at large. But there is a dark cloud hanging over the IoT: the related threats to security and privacy, which will be on a scale never experienced before.
Our digital systems are vulnerable to malicious hackers attempting to gain unauthorized access, steal personal data and other information, hold the information they steal for ransom, and even bring systems down completely, as happened with the attack on Dyn. The result is an ongoing arms race between hackers and computer-security experts, forcing the rest of the world to live on a treadmill of security updates to the software running on their various computers.
The current paradigm a cat-and-mouse game of increasingly sophisticated hacks and software patches presents a particularly thorny challenge for the Internet of Things. One reason is that security attacks on the IoT can have catastrophic consequences for our power grids, water supplies, and hospitals, to name just a few pieces of critical infrastructure that are vulnerable. The other reason for worry is that mass-produced smart devices may simply not have hardware capable of being programmed to resist all the threats that will arise in their lifetimes. These realities cast into doubt whether we are indeed ready for the regime of pervasive, ubiquitous computing devices. That won’t be easy to engineer, but in our view, it’s the smart way to design smart devices. And yet it’s upon us.