Obama administration officials sought on Monday to reassure the public that it was taking steps to counter new types of cyber attacks such as the one Friday that rendered Twitter, Spotify, Netflix and dozens of other major websites unavailable.
The Department of Homeland Security said it had held a conference call with 18 major communication service providers shortly after the attack began and was working to develop a new set of “strategic principles” for securing internet-connected devices.
DHS said its National Cybersecurity and Communications Integration Center was working with companies, law enforcement and researchers to cope with attacks made possible by the rapidly expanding number of smart gadgets that make up the “internet of Things.
Such devices, including web-connected cameras, appliances and toys, have little in the way of security. More than a million of them have been commandeered by hackers, who can direct them to take down a target site by flooding it with junk traffic.
Several networks of compromised machines were directed to attack big customers of web infrastructure company Dyn last week, Dyn officials and security researchers said.
The disruption had subsided by late Friday night in America, and two of the manufacturers whose devices had been hijacked for the attack pledged Monday to try to fix them.
But security experts said that many of the devices would never be fixed and that the broader security threat posed by the internet of Things would get worse before it gets better.
“If you expect to fix all the internet devices that are out there, force better passwords, install some mechanism for doing updates and add some native security for the operating system, you are going to be working a long time,” said Ed Amoroso, founder of TAG Cyber and former chief security officer at AT&T.