Elaborate networks of sensors, mobile devices and internet networks could improve federal agencies’ operations, but the benefits of connected technology must be weighed against serious security risks, government technology professionals say.
A recent report compiled by the Government Business Council, part of Nextgov’s parent company Government Executive Media Group, interviewed a handful of federal technology employees about their approach to the internet of things. Despite their enthusiasm for the concept—the Homeland Security Department is already investing in wearable devices that can sense the wearer’s vital signs—they argued the public and private sectors must collaborate to protect the network from infiltration by hackers.
A previous GBC survey concluded that about 90 percent of federal managers think it’s critical to their mission to secure the internet of things, but only about 40 percent think the devices and sensors on the network really are secure.
Here are a few of other findings from the most recent report:
Federal Agencies Already Use the Internet of Things
“What we’re hearing from our operations side is a continual need for better data, better situational awareness and the desire to leverage ubiquitous computing," Dan Massey, program manager of the cybersecurity division at DHS, said in the report. "The ability for them to execute their mission in a more efficient, safer way, and thereby open up new opportunities for them is incredibly important to us." For instance, Customs and Border Protection tasked a technology company with building smart collars on K9 units to sense when the dog might be in distress.
Federal agencies have applied that same technology to tracking government vehicles.
“Every federal vehicle is now required to have telematics linking it back to the internet," Massey said. "But truckers have been doing this for years, and it’s nothing new. So if we can install sensors to improve car performance metrics, why can’t we add sensors to optimize canine safety in high-risk environments?”
Security Risks Just as Important as the Internet of Things’ Potential Benefits
“[W]e’ve been content to live for the last couple of decades in the wild west, so to speak,” Vice Cmdr. of the 24th Air Force division and Deputy Commander of Air Forces Cyber Brig. Gen. Mitchel Butikofer said in the report. “As the cyber domain has matured, however, we’ve reached a critical point where standards must be put in place to secure it. The risk is too great.”
Massey added that soon, “your pacemaker might detect that you have an issue, might actually talk to your car, pull your car over for you, park you safely on the side of the road, call 911, transmit all your vital signs to the dispatcher so they can figure out if they need to roll out an ambulance or a flight for life—all this happening before you even know you’re about to have a heart attack.”
And while that system might be beneficial to the owner of the pacemaker, “the bad guy can make your car pull over to the side, open up the locks, and automatically transmit a message to 911 saying, ‘No, nevermind. That call I left while pulling over, ignore that: I’m OK.’”
Government and Industry Need to Work Together on IoT Security
“Government isn’t in the business of building smartphones,” David Doss, chief architect of the National Security Agency’s Information Assurance team said in the report. “But we definitely use them and need them to be secure to fulfill our mission needs. So how do we work with those in industry who do build smartphones and help them integrate high-grade security into their products in a timely manner?”
NSA already has a “Commercial Solutions for Classified” programs that intends to approve existing products and configurations, he explained. “The underpinning technologies of the IoT are not new, but they now come together and combine with smart big data analytics in a way that represents a technology tipping point on the scale of the creation of the internet," he added.