PATRIoTS (Patriotic American Technologists Reinforcing IoT Security)
From an information security perspective, it is well known that uninformed users are typically the weakest point within our defensive measures. From the perspective of cybersecurity, the implications of an uninformed IoT consumer in cyberspace can be even greater. Being that cyberspace is a domain of warfare, every individual can quickly become engulfed within a battlespace that resides within a virtual abstract of our physical homeland. Every citizen plays a key role in protecting our homeland in cyberspace. This includes individual contributions, such as regularly updating IoT devices and securely configuring them before and during use, and community contributions, such as raising awareness and teaching others how to properly secure their IoT devices. Though the focus at the USG level is on critical infrastructure, there are so many things that control our safety, security, and livelihood every single day. It is up to each individual to decide the criticality of each, if not all, IoT devices that they own or interact with.
I. Securing IoT devices with the HoT Framework
[Insert: Building an approach from HoT that: 1) Is within each individual's technical capabilities; 2) Requires limited resources]
II. Raising Awareness
a. Creating a Narrative
Some Americans have expressed openly that they would take up arms and resist an invasion of our homeland by traditional enemy forces. Our homeland is currently being invaded by a plethora of cyber threats, so why aren’t more individuals taking up arms and resisting in cyberspace? [Survey]
Even if one was not concerned with adversaries invading their home network and pillaging their private information, every individual should be concerned with their home router, home entertainment system, smart refrigerator, or smart toilet being used as part of an IoT botnet like Mirai. This holds especially true when the botnet is being leveraged to attack or support attacks on critical infrastructure that is vital to our homeland’s security and prosperity.
Failure to exercise due diligence by mitigating risks associated with IoT devices, such as conducting software and firmware updates on these devices, aids the enemy by providing a safe haven from which they can launch attacks against the United States. According to 18 U.S. Code § 2381:
Whoever, owing allegiance to the United States, levies war against them or adheres to their enemies, giving them aid and comfort within the United States or elsewhere, is guilty of treason and shall suffer death, or shall be imprisoned not less than five years and fined under this title but not less than $10,000 [9].
Luckily, for the time being the United States Government is not prosecuting citizens for treason under this title as a result of their IoT devices being used to conduct attacks against the United States. However, it should still serve to remind citizens of the United States of their obligation to resist our enemies, even within cyberspace.
If that did not catch your attention, maybe you can develop a better narrative to raise awareness about this issue? There are also narratives that are meant to scare people, such as their cars being run off the road by hackers. For the betterment of humanity, it is best that people feel comfortable embracing the IoT with understanding, rather than discarding it out of fear.