A new “Draft for Public Comment” just appeared, from your government – entitled “Enhancing the Resilience of the Internet Communications Ecosystem against Botnets and Other Automated, Distributed Threats“. In briefer terms, “Stopping SkyNet in its Infancy, Before it Achieves Self-Awareness” (apologies to “The Terminator”).
Why should you perk up? Because it’s here, now – real cybersecurity threat against everyone, from small businesses and individuals to the largest corporations. Mainly precipitated by a proliferation of new Internet-connected devices, without repairing/upgrading all the old ones. Like your Alexa, connected to the Ring doorbell, connected to your kid’s cellphone app, and all connected to the old router, password = “password”.
So the government and industry are reacting swiftly to an Executive Order (from President Trump) issued May 11, 2017 to “figure out what to do, who can help, and let everyone know”. Basically.
A draft report is out now, compliments of a core working group of agencies and experts, led by the Departments of Commerce and Homeland Security – for you, for anyone to read and submit comments about. Except it’s very hard to digest, for persons with little to no IT or cybersecurity knowledge. Which includes just about all small business owners, as we’ve found over a decade of running their websites and online marketing.
The report says this, on page 17 of 38; “The vast majority of home and small business users are unaware of cybersecurity risks, and many do not take the most basic security measures when connecting devices to their networks.”
So we’ll digest this for you, in bite-sized pieces, so you can read as interested, respond or even prepare.
A. Themes of This Report
- It’s a Global Problem, All Over
- Great Tools Exist, But Not Everyone Uses Them
- Lock Everything Up, From Factory to Home
- We Need to Tell Everyone
- Who’s Going to Pay for This?
- We’re All on the Same Team
B. Background – Botnet attacks (i.e. a bunch of devices hijacked and working together) are growing fast, driven a lot by the “Internet of Things” (i.e. all the stuff you’re connecting to the Internet), and things really hit the fan with a major outage in Fall 2016. The “Reaper” botnet is especially bad. So a lot of experts have been doing a lot of thinking since then, and here’s the result so far.
C. Current Status and Vision for What’s Next (by Technical Domain)
- The Internet – must get smarter, and ISPs (like Verizon) must work together on this threat
- Large Businesses – must upgrade their networks, educate their people – all of them
- Edge Devices (like phones, toasters) – must be updated, made smarter for security
- Home & Small Businesses – must learn to select and use only secure technology
D. Governance, Policy & Coordination (i.e. Figuring This All Out) – We all need to work together to figure this out, so get involved. Provide feedback wherever you can, to your elected officials, to your company, directly regarding this report (by emailing [email protected] by February 12, 2018), or through the Homeland Security “Stop.Think.Connect” program.
From that site: “The Stop.Think.Connect. Campaign is a national public awareness campaign aimed at increasing the understanding of cyber threats and empowering the American public to be safer and more secure online. Cybersecurity is a shared responsibility. We each have to do our part to keep the Internet safe. When we all take simple steps to be safer online, it makes using the Internet a more secure experience for everyone.”
E. Goals and Actions (What’s Next)
- Secure and Improve the Technology Marketplace – set and enforce security standards for all consumer IoT devices and the software in them, and let us know about them.
- Promote Collaborative Innovation – particularly for technologies that dynamically, in real-time can respond at the scale and sophistication of our attackers.
At KME.Digital, we take cybersecurity seriously, as you should too. Every single site and business we deal with is constantly under passive or active cyberattack (including our own), one way or the other, and most are already infected with something when we get started.
We’re also involved with government agencies in “citizen outreach” digital campaigns like this, spreading the word to businesses about what they can do to help themselves, their customers and the country – for example with our International Trade Administration (Department of Commerce) Digital Client Engagement program assistance. Locally, we helped launch and promote the inaugural NVTC Capital CyberSecurity Summit to great success in 2016; this past November the 2nd event was also a great success.
Call or email us for more information, and share this brief article to your business partners and community. We’d be happy to come talk to you or your organization about it – if you want to submit information, but need help doing it (as a small business), drop us a line as well.