Friday, we saw one of the most wide-ranging distributed denial of service (DDoS) attacks on the internet in recent memory. This time it wasn't a single site, but the service provided by Dynamic Network Services Corp, or Dyn, which is one of the entities that is responsible for routing internet traffic to the hosts that users are connecting to.
Historically, these attacks have focused on a single company or website, like the one that hit the BBC and its affiliated websites several years ago. Friday was different. Friday was much more meaningful for those of us that study and work to mitigate risks. Friday may have been a watershed event, because this kind of DDoS event simply stops commerce. As we have watched the Internet of Things (IoT) grow in front of our eyes, we may have missed the interconnection of all of the hidden risks associated with IoT and the much larger threat that it has created.
Friday’s event has hit many of us who are just trying to do our jobs. I was online to renew my RMS chapter membership, using the chapter website feature that updates my membership information and accepts payment of next year’s dues. I got the error message that the internet page could not be opened. Investigating further, I found that this service is provided by a service provider on the east coast, where the Dyn DDoS was focused. Not a big deal, I’ll just wait a day or two until the interruption is corrected and go back in to complete my transaction.
But hold it. That is just one guy in his home office trying to execute an $80 transaction. What about all of the other commerce being interrupted? Multiply my $80 inconvenience by all of the other individuals and institutions trying to conduct REAL business on that day. What will the price tag be in terms of interrupted commercial transactions? Did this interruption take lives, as doctors and hospitals transferred patient information and treatment protocols? What else happened that is so far below the surface that we won’t even know about it for days, or weeks, or years?
We have grown accustomed to taking care of personal and financial information on the internet, but is there more exposure that we are not taking care to protect? Friday, we found out just how brittle the security of the internet can be. While the DDoS attack may not result in any long-lasting damage, it should be, at least, a warning siren to those responsible to protect our country, our commerce and our nation. Are you paying attention Mr. Trump and Mrs. Clinton? This isn’t a game, and if it were, we would not be winning right now.
Jeff Gehrke is Ventiv's Chief Risk Technology Evangelist. Contact Jeff at Jeff.Gehrke@ventivtech.com or +1.720.445.9531. Connect with Jeff on LinkedIn: https://www.linkedin.com/in/jeffjgehrke