If you couldn’t post updates to Twitter or binge watch your favorite shows on Netflix last Friday, you weren’t alone – a massive distributed denial-of-service (DDoS) attack on Dyn, a domain name system (DNS) that essentially acts as an online phone operator, took out huge swaths of the Internet. Millions of people across the US reported difficulty or inability to access some of the most trafficked websites in the country.
While this was largely just annoying for most of us, its implications are far more ominous. These attacks came simultaneously from tens of millions of IP addresses in three coordinated waves, suggesting that a sophisticated and coordinated organization was responsible. What’s even worse is that there is nothing currently stopping whoever was behind these attacks from doing it again. While not being able to access social media and video streaming services was merely inconvenient, imagine what might be possible if attackers like these targeted our infrastructure. What if they attacked the New York Stock Exchange (NYSE) or NASDAQ, interrupting our economic markets and even shutting them down? What if they took down our cellular communications? Amazon was largely affected by the attack; if they had targeted Lambda, the compute service powering many IoT technologies, or AWS, Amazon’s cloud services platform that hosts the code behind millions of applications, what permanent damage could they have inflicted? Perhaps even more chilling, what if these attacks are a precursor to something even more disastrous, distracting us from an imminent and more traditional act of war, such as an inbound warhead?
Analysts are now telling us that a large number of the attacking sources responsible for Friday’s DDoS attack were Internet of Things (IoT) devices. Simple cameras, DVRs, and other small Internet devices fired a rapid succession of requests to one of the most prestigious DNS providers in the country, bogging down their servers for several hours. Needless to say, the thought of IoT botnets running unchecked in this country is nothing short of terrifying.
If there were any doubts that we had entered the age of cyber warfare before these attacks, they are gone now. What’s worse, these attacks illustrate how completely unprepared we currently are for this new kind of warfare. Despite warnings from security technologists like Bruce Schneier and campaign promises to protect us from “the cyber,” the U.S. simply isn’t ready for these new kinds of attacks. The big question now is how do we fix that?
Expecting the federal government to produce solutions is hopeful at best and woefully naive at worst, though that isn’t to say that it can’t somehow play a part. Even if it can’t actually develop the technologies necessary to compete in this new battle arena, it can still fund innovative R&D that can be developed into the next generation of defense infrastructure.
This can be achieved through the Small Business Innovation Research (SBIR) program, a highly competitive research initiative through which domestic small businesses respond to federally specified R&D requirements with commercial applications. Awards are distributed in two phases, first for feasibility and proof of concept of the product, and then for further development and commercialization. Small businesses that receive SBIR awards are granted non-dilutive funding from participating federal agencies, priming them for further investments and the potential for acquisition or licensing.
To date, the SBIR program has funded over 70 cyber security technologies and products developed by US-based small businesses and companies, weighing in at almost $40 million in total funding from the United States Air Force (USAF), the National Science Foundation (NSF), and the Department of Homeland Security (DHS), among others. Some of these successful firms include Intelligent Automation, Inc. ($4,673,840 in total funding), Metronome Software LLC ($1,124,307 in total funding), and AFCO Systems ($849,607 in total funding).
Despite these successes, fewer cyber security-related SBIR grants have been awarded in recent years. From 2008 to 2014, the total amount of SBIR award funding for cyber security had been increasing on average, peaking at just under $8,000,000. That amount has sharply declined in the last 2 years, dropping now below $3 million so far in 2016.
This fall in SBIR cyber security funding shows an alarming trend, especially in light of recent cyber-attacks that are likely to become more common and more severe. Now, more than ever, we need to develop solutions to cyber threats. Nimble small businesses that can quickly develop new technologies may hold the solution to these threats and prepare the US for a new age when wars are no longer fought on land or sea, but online. If the true potential of IoT technologies is to be realized, innovative approaches to cybers ecurity must be implemented, both for the sake of future technologies as well as our national defense.
Robby Schlesinger is a marketing executive at InterKn.