Cyber Kangaroo is the name of a cyber game held on Thursday in Canberra, Australia and organized by RAND Corporation and the National Security College (NSC). The game was dedicated to the growing popularity and use of Internet of Things and was meant to disclose the most efficient ways to secure IoT.
The game consisted of 60 participants with different background who had to explore two scenarios.
The scenarios were about the malicious exploitation of the IoT that is growing so much that it’s becoming “socially and economically disruptive”, according to Stilgherrian, a journalist who also took part in the game.
First Scenario was related to IoT
A woman is in her self-driving car when suddenly the car changes its rout. The woman is unable to resume manual control resulting in 12 injured pedestrians and one killed. Apparently, the woman’s boyfriend had hacked the car, attempting to bring her to him and propose to her.
The participants in the game reached a conclusion that chasing hackers would not be an effective method to secure IoT. It would rather be much more effective to work with the manufacturers and retailers of IoT devices. For example, telcos already have ways to identify malicious traffic on their networks, but have no benefit of actually doing it.
Also, since by 2022 the IoT devices would be much smarter, they would supposedly be able to detect any abnormal activity or manipulation. In other words, IoT manufacturers may develop something like an immune system for their devices. One thing to consider, however, was that the different IoT devices had different levels of safety. Thus, hacking a smart toaster is not nearly as harmful as hacking an IoT device from the healthcare.
That’s how the participants came up with the Cyber Kangaroo regime which would first be implemented as a voluntary standard presented via a public education campaign, then it would become a mandatory rating for any IoT device in Australia. To support the initiative, insurance companies would also encourage consumers to buy IoT devices that are Cyber Kangaroo-approved.
Second Scenario was related to the intellectual property theft and corporate espionage.
An Australian solar technology company was participating in a tender for a huge solar project in South America when they discovered their IP might have been exposed to China, thus risking to lose the tender.
Here it was clear that hacking back would be illegal and not productive. However, developing processes for handling breaches more efficiently might actually work.
“While the cyber game didn’t come up with any magic solutions, it made two things clear. One, this is complicated. And two, we need to start developing solutions now,” concluded Stilgherrian.