Today’s mobile device usage and online viewing of entertainment are just the tip of the internet traffic iceberg. The Internet of Things is also expanding dramatically.
Connected devices already outnumber people on Earth two-to-one, and their number could increase to 50 billion by 2020. Within a few years, 90% of the cars on the road will be online. The popularity of domestic devices — Nest thermostats, Philips Hue lights, smart appliances — guarantees that our homes will be as connected as our cars.
On the industrial side, sensor-equipped jet engines, locomotives, and wind farms maximize performance and optimize maintenance — and that’s all by GE. Buildings, transportation, and energy delivery are all getting smarter by capturing and analyzing vast quantities of data in real time.
Imperative to Scale
To realize IoT’s potential for our businesses, our cities, and ourselves, internet services must scale more dramatically and more rapidly than ever before.
- Capacity and performance must scale to handle data movement, transaction volume, and analytics processing.
- Security must scale to protect data and the organizations relying on it when cyber threats are intensifying.
Industrial sensors and local processing devices are commonly produced with security safeguards and are reprogrammable to counter new threats. Many consumer devices — phones, DVRs, home routers, internet-enabled appliances — are not. Yet they may contain powerful processors and access substantial bandwidth. They can be attacked in two ways:
- With sensors tracking so much of what we do, a direct hack of a car or home can compromise the functionality of devices and the privacy and well-being of people.
- When multiple devices are co-opted by an attacker and formed into a botnet, it can unleash high-volume distributed denial of service (DDoS) attacks against enterprises, governments, applications, individual bloggers — any online target.
In August of 2016, Akamai detected and began issuing warnings about what became the best-known, largest scale, and widely felt botnet to date. The Mirai botnet consisted of devices such as IP cameras and DVRs that have easily discoverable default usernames and passwords. At the height of its attacks, it had several hundred thousand devices participating and together generating 623 Gigabits per second of traffic swamping its target sites.
With the projected increase in connected devices plus the rapid growth of bandwidth in the “last mile” — where the devices connect to homes and businesses — we can expect future botnet attacks that make Mirai look small.
No Short-Term Fixes
Standards for the security engineering and automated reprogramming of IoT devices could improve the threat landscape in the long term. But today there are few market incentives to create devices with strong security. Many types of IoT appliances were never meant to be updated and so require recall or replacement to combat newly discovered vulnerabilities. And a growing number of installed IoT devices are no longer supported by their manufacturers, or their manufacturers are out of business. For the foreseeable future, defensive security must aggressively scale up and become more intelligent.
Akamai is already making major investments to prepare for a world where terabit-per-second attacks may be common. Its cloud platform is continuously scaled to maintain 3-5x available capacity over the largest known DDoS attack. It has visibility into 50 million web application attacks and hundreds of DDoS attacks weekly, and its threat intelligence stays on top of vulnerabilities, evolving attack vectors, zero-day attacks, DDoS-for-hire, and threats from IoT-fueled botnets.
More than 6,000 of the world’s largest online properties trust Akamai to keep websites, data centers, applications, and data secure.
To keep up to date with developments on the Internet, see the latest edition of Akamai’s State of the Internet Report.
Related CIO Content