Security Major Hurdle for Government IoT Success
Stronger security can help fed gov realize significant value from IoT.
The private sector is aggressively leveraging the potential innovative capacities of the Internet of Things (IoT) to provide products and services that can improve healthcare outcomes, increase energy efficiency and enhance advanced manufacturing output.
The federal government has been slower to adopt IoT, but agencies that have made investments in IoT technologies are witnessing promising returns.
The Center for Data Innovation (CDI) released a study last year, outlining a range of ways that the federal government is currently leveraging IoT technologies.
For instance, the General Services Administration is leveraging IoT in a smart building’s initiative to reduce costs and increase efficiencies; the Department of Agriculture uses sensors to analyze farmland soil moisture; and the Department of Defense is using IoT in a variety of capacities to manage logistics, protect supply chains and provide better healthcare to troops.
However, as the CDI report points out, agencies are just scratching the surface of what is possible in terms of the government realizing the potential benefits from the Internet of Things. There is a tremendous opportunity for governments to open up data collected by IoT sensors and devices to allow citizens to create innovative applications to improve public services.
Security Clouds IoT Promise
A major concern hindering IoT deployment is security. There have been countless examples of IoT devices being compromised, including routers, connected cameras and other devices, to create a bot network to pound sites and services with traffic and knock them offline. Further, the integrity of the data transmitted by IoT devices represents another significant attack vector.
There are a few initial steps to consider as the industry aims to secure IoT devices: IoT needs to be thought of as the Identity of Things. IoT devices all have identities. They all need to be authenticated as they’re engaged to make sure the integrity of the data is maintained. These ID management and authentication services can be deployed on premise, or delivered over the cloud.
Organizations also need to build security into the design phase of these devices on a risk-management basis. This is called Secure DevOps. Organizations and agencies should employ secure development processes that utilize a range of practices, tools and procedures to minimize potentially harmful software vulnerabilities. Many of these tools, such as static and dynamic code scanning, can be deployed using cloud-based solutions. Software must be utilized to secure the application programming interfaces that allow the devices to communicate with applications and backend data systems.
And agencies should understand that their IoT devices, such as the connected cameras on military bases and routers in vehicles, have privileged accounts associated with them that must be managed with appropriate access controls. These can increasingly leverage risk factor and behavioral analytics to heighten security in a way that minimizes friction for end users.
On the policy side, the government should modernize Federal IT systems and improve the acquisition process. According to a report by the Government Accountability Office, more than 75 percent of fiscal year 2015 federal IT investments went toward operations and maintenance of legacy systems. This is both more costly and less secure in the long term than investing in innovative technologies with stronger capabilities.
Agencies Must Get Agile
The government should also move toward agile management methods in the procurement, deployment and operation of IT systems. Agile methods utilize continuous feedback loops to improve efficiencies and security.
Government agencies should also seek to align their cloud and IoT security practices with the NIST Framework for Improving Critical Infrastructure Cybersecurity. Government suppliers face a range of different compliance requirements from different agencies that exhaust resources, which can be better utilized for creating innovative solutions. Alignment with the Framework, which allows for flexible security deployments based on the unique needs of each agency, and which references international, industry-based standards, can enable a much more competitive supplier market, leading to more effective and more secure outcomes.
The government has an excellent opportunity to realize significant value from IoT. However, significant hurdles remain to fully leverage these opportunities. Primary among these is ensuring security. An intelligent mix of private sector actions and government policy reforms can help enable stronger security outcomes, building confidence in IoT systems and allowing the federal government to leverage its potential benefits.