Unless you’ve been living under a rock, you’ve no doubt heard about the recent massive internet outage that brought huge sites like Twitter and Reddit to a screeching halt. And as you likely know, this cyber-attack was executed by exploiting vulnerabilities not in peoples’ computers, but in everyday devices like security cameras that are connected to the internet – a budding industry known as the Internet of Things (IoT).
There are already likely millions of IoT devices in homes and cars, and this number will grow exponentially as time goes on. The methodology of the most recent attack is now well understood: the malicious software that infected the devices exploited those with factory-programmed user names and passwords, which can be easily predicted, that were not changed by consumers. Once the software is able to gain access to a device, it can be controlled remotely by the hackers. Luckily, this login loophole seems like a simple cybersecurity fix that can be shored up at the manufacturer level.
Unfortunately, I’ve seen little discussion about the risk of IoT device hacks at the business level. While an attack like this can most easily be done at the consumer level, businesses are certainly not immune. In fact, utilities may be some of the most vulnerable entities due to the gradual rollout of smart meters, infrastructure sensors, mobile communication tools, and other types of connected devices. For this reason, utility leaders need to be proactive about this. If hackers can use IoT device sabotage to take down large chunks of the internet, it is not out of the realm of possibility that they could take control of utility assets and cause lots of mayhem such as widespread service outages. Hopefully, this is a hot topic amongst utilities and is being discussed behind closed doors; if not, be prepared for a potentially wild ride going forward.