NIST’s “Mitigating IoT-Based Distributed Denial of Service” Study

The explosive growth of Internet of Things (IoT)-based devices has been a boon for manufacturers and consumers. There seems to be no end to the variety of products we can bring online. You probably never thought egg cartons and waste bins would be connected to the Internet – but they are. However, what starts off as a good thing can quickly turn bad.

Consumer devices come to market quickly and are price sensitive. Cybersecurity-related costs inevitably impact deployment timelines and device prices. Accordingly, manufacturers often skip adding necessary security. This results in poorly secured devices (toys, cameras, monitors, watches, etc.) that can be taken over by hackers. These devices can then be assembled into a “botnet” (a network of remotely controlled devices), becoming a nefarious tool.

The Mirai botnet recently took advantage of weak security in consumer devices, injecting malware and giving the attacker remote control. The attacker then “joined” the devices into one big network and used them to attack other networks by flooding them with packets from the compromised devices.

As a result, NIST’s National Cybersecurity Center of Excellence (NCCoE) has embarked on a study to improve the security of these devices and strengthen the resiliency of businesses. The NCCoE aims to “improve the resilience of IoT devices against distributed attacks and expand the service availability characteristics of the Internet by mitigating the propagation of attacks across the network.”

Several companies, such as Cisco, Symantec and CableLabs, are participating in this project. DigiCert is pleased to provide this mission – and other NCCoE projects currently undergoing research – with digital certificate services. We have a long history of participating in these investigations and recently supported two other NIST projects: TLS Server Certificate Management and Securing Wireless Medical Devices. We plan to continue supporting the NCCoE and its upcoming research.