Is critical infrastructure the next DDoS target?

A massive Distributed Denial of Service attack shut down a portion of the internet recently. Experts say it is unlikely a similar attack could take down the grid or other critical infrastructure but acknowledge that security remains weak in the industry

The massive Distributed Denial of Service (DDoS) attack last month on Dyn, the New Hampshire-based Domain Name System (DNS) provider, was mostly an inconvenience.

While it took down a portion of the internet for several hours, disrupted dozens of major websites and made national news, nobody died. Nobody even got hurt, other than financially.

But the attack, enabled by a botnet of millions of Internet of Things (IoT) devices, inevitably led to speculation on what damage a DDoS of that scale or worse could do to even a portion of the nation’s critical infrastructure (CI).

Clearly it could go well beyond inconvenient. Businesses, households, emergency services, the financial industry and yes, the internet, can’t function without electricity.

That has already been demonstrated on a relatively small scale. Earlier this month, a DDoS attack took down heating distribution in two properties in Lappeenranta, a city in eastern Finland.

To continue reading this article register now

Microsoft's very bad year for security: A timeline