The Internet of Things isn’t on the cutting edge like it once was, but there’s still a large opportunity for the federal government to adopt it — and to secure it.
Agencies like GSA are using IoT to make buildings smarter and save taxpayer money by wasting less on federal building utilities. On the defense side, warfighters are equipped with a variety of sensors to keep them more aware and lethal on the battlefield. Elsewhere, agencies that deal with agriculture and the environment are using IoT sensors that capture critical data in real time.
But with the added connections to federal networks come added entry points for malicious actors. After a rise in international cyberattacks driven my massive networks of IoT devices, federal agencies and lawmakers have gotten serious in recent years about securing the Internet of Things.
“Securing the IoT has become a matter of homeland security,” then-DHS Secretary Jeh Johnson said in 2016.
In fact, DHS is largely leading the federal charge, funding startups developing IoT cybersecurity technologies through its Silicon Valley Innovation Program.
There are broad policy concerns. The recent issues surrounding Strava’s Heat Map, which shows exercise data of FitBit users on a global map, unearthed the possibility that military service members using connected devices on secret bases could give away their location just by tracking a workout and other patterns in their daily lives.
Addressing such security holes an ongoing challenge. “The big question around IoT is going to be around the security of it,” Dcode’s Andrew McMahon said. “The government needs to be cautious.”
And with billions of new devices expected to come online in the next five years, “We have a rapidly closing window to ensure security is accounted for at the front end of the IoT phenomenon,” explained former DHS Assistant Secretary for Cyber Policy Robert Silvers in 2016.
Sen. Mark Warner, D-Va., is trying to nip it in the bud as best as possible, introducing legislation during the current Congress that would “provide minimal cybersecurity operational standards for Internet-connected devices purchased by Federal agencies, and for other purposes.”