US releases IoT network security report to popularize Internet of Things risks

Recently, the US government issued a cybersecurity report on the risk of Internet of Things, which has spread the risks among the whole people, raised the awareness of the Internet of Things for the whole nation, gave the Internet of Things market an accurate positioning, and clarified the best countermeasures to solve the problem.

Because the fear that the sixth edition of the Internet Protocol (IPv6) may jeopardize cybersecurity, the US government may have to engage in a national education in the new era of the Internet of Everything. A week ago, the US Department of Commerce and the Department of Homeland Security published a draft of a cybersecurity report recommending that the US government fund a campaign to raise awareness of the safety of the entire Internet of Things, making cybersecurity a compulsory part of future engineering degrees for students.

The 38-page report is entitled "Improving the Strike Resistance of the Internet and Communications Ecosystem in the Face of Botnets and Other Automated Distributed Attack Threats." The report was born in response to an administrative order signed by Trump last May. Many attempts have been made halfway through the previous attempts. After the report is finalized, it will be submitted to Trump for approval along with several other documents.

Overall, the report is very well written: it is straightforward and clear about the cybersecurity issues currently facing the US government, industry and consumers, as the title reveals, with a focus on botnets. It does not cover up problems, nor does it exaggerate certain cybersecurity threats or underestimate other threats. In a nutshell, it is the kind of policy document that is drafted professionally. Despite some disturbing noise and ignorant remarks in the civil service, the government has drafted such a professional document. This is a blessing.

The report has only one outstanding problem: it does not reflect the internal struggles of the US government, and government agencies are competing for leadership in Internet security and Internet of Things matters.

In addition, the report also has common problems with such documents: many real suggestions are vague, such as “determining a clear path and developing into an adaptable, sustainable and safe technology market”, or “ What are the important "goals" that should be achieved by promoting innovation and "building alliances".

Because the report is based on the traditional non-intervention of the relevant industry, and the decision-making power of the Internet is in fact mainly in the hands of the private sector, the US Department of Commerce and the Department of Homeland Security can actually take very little action. But the report does clarify the problem and clarifies the best solution to the problem.

Consumer is not guilty

The report acknowledges that even if consumers buy devices at a merchant and connect them to a home wireless network, they should not, and should not be, expected to be responsible for the network security of those devices. This may report the most useful content.

The report gives the IoT market an accurate positioning, saying that IoT devices are “much like desktop computers in the 1990s” and have poor security.

The report reads:

“Internet of Things devices often lack features that focus on security. These systems are now the most attractive targets for criminals, and (Internet of Things) devices are a large and growing ecosystem.”

The report also stated:

“In fact, consumers are not directly affected by the attack of devices. They may never know that their own devices are part of the botnet. From the consumer’s point of view, the webcam is still playing video normally, and the refrigerator is still In cooling (and everything is ok)."

"For this reason, once the device is used by the botnet, it is unrealistic to have the real owner of the device responsible. Now there is no obvious impact on the (bot) infection. Therefore, if you want to encourage consumers to take action to enhance Security measures, such as upgrading devices that can be upgraded, are difficult."

Xiao Bian found that these views are not news for Internet of Things professionals. What is rare is that a US government report can clearly explain the problem and strike the nail on the head.

The report points out that software and hardware security system upgrades and similar practices are effective in securing IoT security, but the problem is that few companies and individuals actually do this. With this in mind, the report, like many people in these years, believes that it is necessary to have the device come with security precautions, such as automatic security system upgrades.

The report believes that:

“The ideal way is to promote to consumers the equipment that should have a built-in security system. Consumer products should be designed as far as possible based on security, should be included in the mechanism to automatically update the security system, there should be almost no requirements for (user) management products ."

Benchmark

The US government will not impose any regulations on the industry. Therefore, the report believes that it is possible for the government to cooperate with enterprises to jointly develop a “universally accepted baseline security configuration” for “Internet of Things devices for household and industrial applications.” The report also proposes that the US government uses the role of its important purchaser. “Based on the baseline security configuration of IoT devices in the US government environment, this speeds up the process of popularizing security configurations.” This sounds like a smart move, with technologies such as Domain Name System Security Extension (DNSSEC) and IPv6. Certainly works.

Perhaps the most public-oriented proposal for the report is that the government will fund a publicity campaign on IoT security to raise consumer awareness in this area. The report states:

“The federal government should launch a campaign to raise public awareness, support the public to understand and adopt the safe configuration of home IoT devices, and use related branded products.”

In the following content, the report also recommends that the government increase investment in related research and development, "support scientific research progress, including prevention and mitigation of distributed denial of service attacks (DDoS) and the prevention of basic technologies for manufacturing botnets."

Speaking of IPv6, the report is a bit worried that the widespread adoption of this new network security protocol may have a negative impact.

IPv6 will give each device an IP address, so millions of new devices can be vulnerable to attacks and hackers. From this perspective, using IPv4 and Network Address Translation (NAT) may create a more secure environment because both approaches are based on a single IP address.

The report does not advocate a boycott of the use of IPv6. In fact, the report also agrees that in order to promote applications faster, it is necessary to give incentives to Internet service providers. But the report does suggest that the survey "the impact of the widespread use of IPv6, to see the extent to which the application is widely used, can change the economic significance of cyber attacks and defenses."

Worry and hope coexist

One of the benefits of using IPv6 is that consumers are more likely to find out which device was attacked. However, the report mentions an Internet of Things botnet called Mirai. It is especially effective for attacking IPv6-enabled IoT because it attacks devices that have their own IP address (usually a webcam). Conversely, "NAT tools can act as an accidental (attacking) firewall, avoiding the direct contact of bulk scanning tools that are spread by malware on home devices, and thus being heavily infected by malware."

The report even delved into the expanded domain name space:

"In theory, IPv6's address space is quite large, and existing tools can't scan, but experts have noticed patterns that can be found in the new scanning technology to find out which devices are vulnerable."

So, what solution should I use? The report believes that the focus of research should be on “deepening the frontier innovation of the network”.

There are many opinions, suggestions and opinions in the report. Most of the expressions use the word "should", which somewhat reduces the sense of urgency to take action, but there is a suggestion that does not use "should". It proposes to ensure that the next generation of engineers receive cybersecurity training. Cybersecurity is undoubtedly a vital skill at the moment.

The report states:

“Academic institutions are working with the US National Cybersecurity Education Program, and they should establish (cybersecurity) as the basic requirement for all engineering disciplines.”

Gas Turbine Flow Meter

About the goods
Multifunction :Gas Turbine Flow Meter can be used for a variety of liquids, including gasoline, diesel, kerosene, mineral spirit, Stada solvent, heptazenethane, etc
Easy to use :natural gas turbine meter large easy-to-read display, standard 1-1/2-inch inlet and outlet, and national tube taper thread
The natural gas turbine flow meter can be customized for positioning: The flow port provides easy vertical or horizontal positioning
Meter features: 6 to 40 gallons per minute, plus minus 2% accuracy, up to 50 PSI
turbine meter gas replacement: Replacement of model 9011.5

Gas Turbine Flow Meter,natural gas turbine flow meter,natural gas turbine meter,turbine gas flowmeter

Changshu Herun Import & Export Co.,Ltd , https://www.herunchina.com