Question Articles have to be from this site httpswwwschneier

Question: Articles have to be from this site https://www.schneier.com/ Open a new Microsoft® Word document, and enter your answer to one of the prompts below: Select two articles from the RSS feed, one that details a recent attack and one that explains a new stronger security technology or procedure. Summarize each article and include a concluding paragraph that explains how you as a security professional would use this information. Scan the articles that appeared over the last two weeks. Use those articles to create your own one-page summary of the state of security over the last two weeks and the major events that have occurred. Select one article that is of particular interest to you. Perform additional Internet research on that topic and then write a summary of that article. Include why you were interested in the article, what you learned from it, and how you could use it in your career as a security professional.

Solution

Answer:

Security Economics of the Internet of Things

This article mainly talks about the economic aspects of incorporating security features into devices that are part of Internet of Things.

The article starts by describing a DDoS attack on the site of a popular reporter, Brian Krebs, on cybersecurity after he wrote about on online attack-for-hire service resulting in arrest of two persons. Although, DDoS is not a new kind of attack and are performed by attackers every now and then. And when it happens, it is a size vs size game between attackers and defenders. But the thing to be noted in during the attack was the use of devices like CCTV, digital video recorders, home routers and other embedded computer connected to Internet as part of Internet of Things in making the attack instead of using traditional computers.

As Internet of Things is fast emerging as the next big thing after Internet, it becomes important to discuss and evaluate pros and cons of Internet of Things including security.

As per the article, big corporations like Google, Microsoft and Apple can spend big time and money on implementing security features in their solutions. In case, any vulnerability surfaces, they patch it at the earliest.

But patching devices like CCTV, DVRs etc. is also not straight forward. In most of the cases, they are replaced. Moreover, these kind of devices are manufactured by small companies that don’t have resources and money to spend in incorporating security in their devices. And most important, they don’t care at all for it. On the other hand, buyers’ of these devices also don’t care.

In case of an attack, it is also possible that the user and manufacturer of device is not at all aware about the attack.

As more and more devices are becoming part of Internet of Things day by day, they will remain easy target of exploitation in the absence of security.

So what is the solution? As per article, governments need to step in for address this issue. They need to formulate regulations and policies that are to be adhered to by all manufactures. And, in case of any eventuality, manufactures should be held liable. However, this is address the issue not internationally, but locally.