Interview: GCA Global Technical Officer Leslie Daigle talks about AIDE, ProxyPot and their role in securing IoT Devices

Today we are interviewing our Global Technical Officer, Leslie Daigle, who joined us in March having spent much of her career shaping the Internet – technologies, institutions, and policy - helping it evolve and act as an enabler for many. She believes that collaboration is the means to achieve the impossible. Great minds think alike Leslie - it’s great to have you on board!

Hi – it’s great to be here!

The Internet was created for good - you have helped shape it - was there one seismic event that happened that underpinned the need for a more secure and trustworthy Internet or has it just been snowballing out of control over time?

Well, I work to be an optimist, so I’d rather not say that I think it’s snowballing out of control :^) .

But, it certainly is fair to say that the initial design and engineering of Internet technologies occurred in an era where it was a small community of people involved in the effort and the primary challenge was getting things to work and stay working. There wasn’t much room for “bad behaviour”.

Things are very different now, as much of the world’s population relies on the Internet for work and home uses, and few of its users do (or should) know how the technology works. Evidently, that creates an environment where bad actors slide in and do all kinds of things that are unseemly, unpleasant and unwarranted.

So, to continue to have a well-functioning Internet, open to as many legitimate uses as possible, supporting the many sensitive and critical activities for which it has become imperative, it’s important to focus on finding and preventing malicious activity.

Yes, things are very different now! GCA launched AIDE in August last year - what is AIDE and what systemic cyber risk is it seeking to address?

Spelling it out, AIDE is the “Automated IoT Defence Ecosystem”. It is designed to collect and eventually analyze attacks on “Internet of Things” (IoT) devices. IoT is an important area of cybersecurity consideration because the devices themselves are vulnerable to attack (undermining their legitimate uses) and because they can be swept up into larger “botnets” to create very large, very distributed Denial of Service attacks – like the MIRAI botnet attack on Dyn DNS services we saw a few years ago. The more data we can collect (without sacrificing actual IoT devices), the better prepared we are to find perpetrators and stifle attacks on IoT devices.

And ProxyPot, what is the concept and science behind ProxyPot?

ProxyPot is a custom IoT honeypot solution developed by GCA, which is capable of replicating one IoT device across multiple IP addresses and physical locations to identify global attack risks quickly, efficiently and accurately. In essence, with little effort, we can amplify our apparent IoT footprint across the globe, or scale up to appear to have multiple devices in one network.

Malware attacks are constantly evolving – and so must we change our attack surfaces in order to listen well.

That sounds really interesting - what are the key findings since launching AIDE and what’s next for the project?

Key finding – wow there is a lot of malicious traffic out there! :-> We see several million “contacts” in our honeyfarm every 24 hours.

The next steps for the work include turning that data into information – we’re always looking for better ways to relate what we are seeing to actionable steps for cybersecurity.

And how can the community help?

Patch to protect! Use multifactor authentication. We’re out there listening for attacks, but the best conversation your devices can have with an attacker is the one it never gets the chance to have :wink:

In terms of advancing AIDE - do take a look at a blog written by our Global Partnership Officer, Terry Wilson last October and if you feel you could contribute please do get in touch!

Thanks Leslie that been a really interesting overview - is there anything else you’d like to tell us about and how can the community get in touch?

There is a lot more to talk about! Specifically on AIDE more information is available via our website here: AIDE - GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk and check the AIDE website for daily threat feed data: https://www.gcaaide.org/

Do post your questions on AIDE or any of the work GCA is involved in here - I’ll be checking the forum regularly and I’ll be sure to get back to you!