Feds emphasize risks to devices from hacking
WASHINGTON — The Obama administration has urged companies to make millions of devices safe from hacking, underscoring the risks posed by an increasingly bewildering array of internet- connected products permeating daily life, covering everything from fitness trackers to computers in automobiles.
In a report obtained by The Associated Press, the Homeland Security Department described runaway security problems with devices that have been made internet-capable in recent years, a group that includes medical implants, surveillance cameras, home appliances, digital video recorders, thermostats and baby monitors.
It said they posed “substantial safety and economic risks,” recommending immediate action by software and hardware developers, service providers, manufacturers and commercial and government buyers. No spe- cific penalties were proposed for manufacturers failing to comply. No blame was placed on consumers buying and operating such products.
“The growing dependency on network- connected technologies is outpacing the means to secure them,” Homeland Secretary Jeh Johnson said.
The department’s strategy represents an attempt to organize the so-far scattered cybersecurity efforts for the category of devices known as the “internet of things.” It comes less than a month after hackers harnessed an army of 100,000 internet-connected devices around the world to attack Dyn Co., which helps route internet traffic to its destination. It caused temporary internet outages to sites that included Twitter, PayPal, Pinterest, Reddit and Spotify.
Such threats are likely to increase, U.S. officials warn.
“Securing the internet of things has become a matter of homeland security,” Johnson said. Tuesday’s guidance, he added, should help companies “make informed security decisions.”
The report culminates a six-month review by Robert Silvers, the assistant Homeland Security secretary for cyber policy, who coordinated with cybersecurity experts, industry associations and branches of the government such as the Justice and State departments. They spoke about possibly holding companies accountable through product liability principles and how to create a uniform rule book for securing these devices.
“We need to have a very serious national conversation about what the approach is, and we need to do it urgently,” Silvers said.
The internet of things is decentralized and enormously complex, making it difficult to regulate. A camera with online capabilities may be designed in California, manufactured in China with parts from Taiwan and sold to someone who operates it on Germany’s network. Silvers said there is no benefit to “190 different national approaches.”
Robert Silvers, assistant Homeland Security secretary, urges the tech industry to bolster security amid a growing dependency on network-connected technologies.