Home / Blogs

The Massive Cyberattack or Chronicle of a Strike Foretold

During the last Computer Law Conference organized by ADIAR (Argentina Computer Law Association) and the Universidad Nacional de Sur, I gave a conference on the Internet of Things, cybercrime and the dangerous situation presented by the lack of proper regulation—a topic in which I have one of my research projects. At the moment some people argued that I was talking about something that might happen in a relatively distant future, dissenting with my view that the possibility was imminent… the massive cyberattack a few days ago only showed the scenario to which I referred to that day.

Reports talk about the huge DDoS attack being conducted using multiple devices connected to Internet, devices that are more vulnerable to malware due to lack of security measures in them, devices that form what is known as the Internet of Things.

Even if we forget that too many users don’t even have antivirus software in their computers, most users have no knowledge nor capabilities to secure Internet enabled devices, only the connection itself, which is not always enough in these cases. So, what is the authorities response to it?

Different jurisdictions are dealing with the issue in different manners, but there is deafening silent about putting forward some kind of compulsory security regulatory framework directed to manufacturers and vendors, and too many talks about educating consumers and hopes of self-regulation, and attacks like the one on Friday show how insufficient those approaches are.

Like many thing in the Information society, things are left to self-regulation with the highly ideological basis that the technology in question is too dynamic to be properly regulated and that, taking into account the need to keep consumers’ trust, the companies would do what is proper. The problem with that idea, not usually supported by facts like we’ve just seen, is that it forgets that companies in general, also those in the IT sector, are there to make profits and, regardless of how much “do no evil” they can try to promote, they may have the legal obligation to maximize profits for shareholders even if it means doing some evil (like censoring sites in some jurisdictions such as China). So, understandably, in the same way manufacturers and vendors will spend on security no more than what is strictly necessary to avoid a potential lawsuits, which currently represents quite less than what it would take to make their devices more secure than what they are today.

One of the arguments to not regulate IT has been the possibility that such a regulation would stifle its development, but it can be strongly said that it is time to leave that argument aside. IT and its companies have resulted in one of the fasted and biggest concentration of income in recent memory and new billionaires have been popping like mushrooms after the rain… it is hard to believe that strong regulation forcing companies to produce and sell secure Internet-connected devices would disincentivize too many of those companies to develop more of them, having—as worse case scenario—just fewer luxury items sold to IT-billonaires around the world in exchange of a more secure digital environment…

By Fernando Barrio, Professor of Law at Universidad Nacional de Río Negro

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Related

Topics

New TLDs

Sponsored byRadix

Cybersecurity

Sponsored byVerisign

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API