The explosion of web-connected devices heralded by the Internet of Things risks making us all more vulnerable online, NSA Deputy Director Rick Ledgett warned business leaders Tuesday.
“It is a fundamental truth of cybersecurity that your network is only as secure as the weakest piece of hardware or software on [it],” he told attendees of the U.S. Chamber of Commerce’s 5th Annual Cybersecurity Summit.
“And the connection to our networks of hundreds of thousands, maybe millions, of internet-connected devices that come from multiple vendors and have differing software and hardware upgrade paths — without a coherent security plan — means that there are vulnerabilities [created] in those networks.”
Experts have warned about two separate but related security problems with the Internet of Things, which is slated to connect 20 billion consumer devices — from cars to fridges — to the internet within the next four years.
“The pace of increase in that connectedness is almost a vertical line,” said Ledgett.
First, many IoT devices, like built-in home lighting systems or internet-connected cars, will have lifespans of more than a decade and may not be designed to be regularly patched and updated. Multiple stakeholders — hardware manufacturers, service providers, software developers, consumers themselves — all have to collaborate selflessly to ensure users have the opportunity to keep their products up-to-date and patch newly discovered vulnerabilities.
Ledgett warned that if left unpatched, these devices are vulnerable, providing a network entry point for an attacker.
But vulnerable devices can be exploited in other ways, including the ability to move them into botnets — networks of compromised computers and other devices used to carry out distributed denial of service attacks or other automated attacks.
Ledgett acknowledged the value IoT would unleash, as well as the security risks it creates.
“There are good things about that, and there are bad things about that,” he said of IoT’s explosive growth.
And he predicted, “as the [IoT] technology evolves, the focus on security is going to continue to grow.”