Internet of Things Behavioral-Economic Security Design, Actors & Cyber War

Full-Text HTML XML Download Download as PDF (Size:454KB) PP. 25-45
DOI: 10.4236/ait.2017.72003    417 Downloads   579 Views  

ABSTRACT

Using security incident history we identify threats to and using the IoT and other ubiquitous devices emerging since 2012, gaining widespread recognition in 2016, and only lightly addressed in either IoT security literature or the press. We show the IoT has likely already been used in cyber war between major powers. The new threats, most notably “hijack,” are larger than previous threats combined, but only mildly affect suppliers, and only a few clients. Using a successful behavioral-economic model we show that traditional mitigation places responsibility on un-affected parties and likely will not work. For suppliers, there are profit-conflicted motives, as the new threat rides on a profit vehicle. The new threat circumvents conventional security architecture at a behavioral level. We analyze each actor-target pair and evaluate technical strategies. More effective technical strategies are suggested where old ones are overmatched by the budgets, technical prowess or regulatory power of hostile actors, or the technical nature of the threats. Consolidated action may be needed, but regulation is difficult because of conflicts of interest within the national security community.

Cite this paper

Shuler, R. and Smith, B. (2017) Internet of Things Behavioral-Economic Security Design, Actors & Cyber War. Advances in Internet of Things, 7, 25-45. doi: 10.4236/ait.2017.72003.

References

[1] Shuler, R.L. (2015) Optimization of Innovation and Calamity. International Journal of Engineering Innovations and Research, 4, 50-56.
[2] Shuler, R.L. (2016) Economic Optimization of Innovation and Risk. Robert Shuler, Vergne, TN.
[3] Shuler, R.L. (2015) Wealth Inhomogeneity Applied to Crash Rate Theory. Heliyon, 1, e00041.
https://doi.org/10.1016/j.heliyon.2015.e00041
[4] Gan, G., Lu, Z. and Jiang, J. (2011) Internet of Things Security Analysis. IEEE International Conference on Internet Technology and Applications, Chengdu, 16-18 August 2011, 1-4.
https://doi.org/10.1109/itap.2011.6006307
[5] Suo, H., Wan, J., Zou, C. and Liu, J. (2012) Security in the Internet of Things: A Review. Computer Science and Electronics Engineering (ICCSEE), Hangzhou, 23-25 March 2012, 648-651.
[6] Zhao, K. and Ge, L. (2013) A Survey on the “Internet of Things Security”. 9th International Conference on Computational Intelligence and Security, Leshan, 14-15 December 2013, 663-667.
[7] Lu, N. and Shen, X. (2014) Connected Vehicles: Solutions and Challenges. IEEE Internet of Things Journal, 1, 289-299.
https://doi.org/10.1109/JIOT.2014.2327587
[8] Chen, S., Xu, H., Liu, D., Hu, B. and Wang, H. (2014) A Vision of IoT: Applications, Challenges, and Opportunities with China Perspective. IEEE Internet of Things Journal, 1, 349-359.
https://doi.org/10.1109/JIOT.2014.2337336
[9] Gisdakis, S., Giannetsos, T. and Papadimitratos, P. (2016) Security, Privacy, and Incentive Provision for Mobile Crowd Sensing Systems. IEEE Internet of Things Journal, 3, 839-853.
https://doi.org/10.1109/JIOT.2016.2560768
[10] Singh, J., Pasquier, T., Bacon, J., Ko, H. and Eyers, D. (2015) Twenty Security Considerations for Cloud-Supported Internet of Things. IEEE Internet of Things Journal, 3, 269-284.
https://doi.org/10.1109/JIOT.2015.2460333
[11] Staff (2015) Gartner Says 6.4 Billion Connected ‘Things’ Will Be in Use in 2016, Up 30 Percent from 2015. Gartner, Inc., ITxpo, Barcelona.
http://www.gartner.com/newsroom/id/3165317
[12] Goldman, D. (2012) Major Banks Hit with Biggest Cyber Attacks in History. CNN Money.
http://money.cnn.com/2012/09/27/technology/bank-cyberattacks/
[13] Prince, M. (2013) The DDoS That Almost Broke the Internet. CloudFlare Blog.
https://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet/
[14] Staff (2015) Hong Kong Banks Targeted by DDoS Attacks, Bitcoin Payout Demanded. DDoS Attacks.
http://www.ddosattacks.net/hong-kong-banks-targeted-by-ddos-attacks-
bitcoin-payout-demanded/
[15] Staff (2014) Hong Kong: Massive DDoS Attacks Continue, Targeting Pro-Democracy News Site.
https://advox.globalvoices.org/2014/06/20/hong-kong-massive-ddos-attacks-
continue-targeting-pro-democracy-news-site/
[16] Paganini, P. (2014) Largest DDoS Attack Hit PopVote, Hong Kong Democracy Voting Site.
http://securityaffairs.co/wordpress/26030/cyber-crime/popvote-
largest-ddos-attack.html
[17] Young, J. (2015) Hong Kong Banks Targeted By DDOS Attacks, Bitcoin Payout Demanded. Bitcoin Magazine.
https://bitcoinmagazine.com/articles/hong-kong-banks-targeted-ddos-
attacks-bitcoin-payout-demanded-1431985107
[18] Crosman, P. (2015) Banks Lose Up to $100K/Hour to Shorter, More Intense DDoS Attacks. American Banker.
http://www.americanbanker.com/news/bank-technology/banks-lose-up-to-
100khour-to-shorter-more-intense-ddos-attacks-1073966-1.html
[19] Rawlinson, K. (2014) HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. HP Advisory.
http://www8.hp.com/us/en/hp-news/press-release.html?id=
1744676#.WEZYAtRU5_k
[20] Shaw, A. (2016) How Podesta Got Hacked: ‘Password’ Email Revealed in WikiLeaks Dump. Fox News.
http://www.foxnews.com/politics/2016/10/29/how-podesta-got-hacked-
password-email-revealed-in-wikileaks-dump.html
[21] Krebs, B. (2016) KrebsOnSecurity Hit With Record DDoS. KrebsOnSecurity.
https://krebsonsecurity.com/2016/09/krebsonsecurity-hit-with-record-ddos/
[22] Greene, T. (2016) Security Blogger Krebs Says IoT DDoS Attack Was Payback for a Blog. InfoWorld.
http://www.infoworld.com/article/3124753/security/security-blogger-
krebs-says-iot-ddos-attack-was-payback-for-a-blog.html
[23] Vijayan, J. (2016) IoT DDoS Attack Code Released. InformationWeek Darkreading.
http://www.darkreading.com/denial-of-service-attacks/iot-ddos-attack-
code-released-/d/d-id/1327086
[24] Lee, C.E. and Paletta, D. (2016) White House Vows ‘Proportional’ Response for Russian DNC Hack. The Wall Street Journal.
http://www.wsj.com/articles/white-house-vows-proportional-response-
for-russian-dnc-hack-1476220192
[25] Woolf, N. (2016) DDoS Attack That Disrupted Internet Was Largest of Its Kind in History, Experts Say. The Guardian.
https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-
mirai-botnet
[26] Staff (2016) Distributed Denial of Service Attack against Domain Name Service Host Highlights Vulnerability of “Internet of Things” Devices.
https://publicintelligence.net/fbi-iot-ddos/
[27] Holmes, D. (2016) What’s the Fix for IoT DDoS Attacks? SecurityWeek.
http://www.securityweek.com/whats-fix-iot-ddos-attacks
[28] Martin, A.J. (2016) Bookmakers William Hill under Siege from DDoS Internet Flood. The Register.
http://www.theregister.co.uk/2016/11/02/william_hill_ddos/
[29] Staff (2016) Russian Banks Hit by Cyber-Attack. BBC News.
http://www.bbc.com/news/technology-37941216
[30] Julian, T. (2014) Defining Moments in the History of Cyber-Security and the Rise of Incident Response. Infosecurity Magazine.
http://www.infosecurity-magazine.com/opinions/the-history-of-cybersecurity/
[31] McMillan, R. (2014) The Inside Story of Mt. Gox, Bitcoin’s $460 Million Disaster. Wired.
https://www.wired.com/2014/03/bitcoin-exchange/
[32] Zetter, K. (2014) An Unprecedented Look at Stuxnet, the World’s First Digital Weapon. Wired.
https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/
[33] Bradley, R. (2016) Tesla Autopilot. MIT Technology Review.
https://www.technologyreview.com/s/600772/10-breakthrough-
technologies-2016-tesla-autopilot/
[34] Helfmeier, C., Boit, C., Nedospasov, D. and Seifert, J. (2013) Cloning Physically Unclonable Functions. 2013 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), Austin, 2-3 June 2013, 176-179.
https://doi.org/10.1109/HST.2013.6581556
[35] Francheschi-Bicchierai, L. (2013) 2 Encrypted Email Services Shut Down to Avoid NSA Snooping. Mashable.
http://mashable.com/2013/08/09/silent-circle-lavabit-shut-down-to-
avoid-nsa-snooping/#40nQ0R2jgkqZ
[36] Triggs, R. (2016) What Caused the Great Galaxy Note 7 Defect? Here Are the Leading Theories. Android Authority.
http://www.androidauthority.com/galaxy-note-7-defect-causes-721528/
[37] Calore, M. (2017) Worried the CIA Hacked Your Samsung TV? Here’s How to Tell. Wired.
https://www.wired.com/2017/03/worried-cia-hacked-samsung-tv-heres-tell/
[38] Young, C. (2016) Smart TVs Pose Huge Security Risks. BetaNews.
https://betanews.com/2016/01/20/smart-tvs-pose-huge-security-risks/
[39] Kall, R. (2016) DDOS Attack Using Internet of Things on Major Sites Is a Digital Nuclear Attack. The Huffington Post.
http://www.huffingtonpost.com/rob-kall/ddos-attack-using-internet_b_
12600828.html

  
comments powered by Disqus

Copyright © 2017 by authors and Scientific Research Publishing Inc.

Creative Commons License

This work and the related PDF file are licensed under a Creative Commons Attribution 4.0 International License.