A pair of House subcommittees are planning to hold a joint hearing to look at the role that IoT devices have played in a number of recent DDoS attacks.
Much of the high-profile DDoS activity that’s taken place lately has been attributed to the Mirai botnet, a series of networks made up of compromised embedded devices. Mirai has been used in many DDoS attacks, both large and small, in the last couple of months, including massive attacks against hosting provider OVH and DNY provider Dyn. The network also has been involved in attacks on telecom providers in the country of Liberia in the last two weeks, some of which were powerful enough to disrupt the country’s Internet connectivity at various points.
Mirai’s activities have attracted a lot of attention, both in the security community and from government officials. On Nov. 16, the House Subcommittee on Communications and Technology and the Subcommittee on Commerce, Manufacturing, and Trade will have a joint hearing to try and figure out what’s happening with IoT security and botnets.
“Internet connectivity remains a vital part of our economic well-being and our national security. Americans should not have to worry that the convenience and connectivity of the Internet of Things comes at the expense of the resiliency and reliability of the larger Internet,” said Rep. Greg Walden and Rep. Michael Burgess, chairs of the two subcommittees. “Next week’s hearing provides our members with an opportunity to learn more about the recent cyberattacks, how cyberattacks are evolving, and what can be done to mitigate future attacks and risks.”
This isn’t the first time the federal government has taken note of the problem of IoT security. Last month, Sen. Mark Warner sent a letter to Tom Wheeler, chairman of the FCC, expressing concern about the weak security of embedded devices and asking whether ISPs should be able to ban compromised devices from their networks.
“It seems entirely reasonable to conclude under the present circumstances, however, that devices with certain insecure attributes could be deemed harmful to the ‘network’ – whether the ISP’s own network or the networks to which it is connected. While remaining vigilant to ensure that such prohibitions do not serve as a pretext for anticompetitive or exclusionary behavior, I would encourage regulators to provide greater clarity to internet service providers in this area,” the letter says.
The witness list for the hearing next week has not been released yet.