Internet of Things

IoT: Is tech the easy part?

The Internet of Things is coming, federal information security experts agree.  But the technical challenges may be the easier part, compared to policy and cultural concerns.

"Our infrastructures are ready to try and take this on," Federal Energy Regulatory Committee CIO Sanjay Sardar said during an IoT discussion at the ACT-IAC's Management of Change conference in Cambridge, Md. "We have to plan carefully for it, [but] we've just got to get out there and do it."

Mike Howell, the deputy program manager for the Information Sharing Environment, said that in the law-enforcement arena, he feared the rapid adoption of IoT could outrun the policy guidelines surrounding its use -- and ultimately take valuable tools off the table for agencies.  He pointed to earlier technologies like unmanned aerial systems, license plate-reading cameras, body-mounted video systems and "Stingray" monitors of cell-phone traffic -- "there's a pattern that I think we need to watch for with the IoT," he said.

Law enforcement agencies are " losing the ability to use certain technologies," he said, "because they don't have the policy framework in place, they don't have the community outreach" to explain and justify the use.

Brad Nix, the deputy director of the Department of Homeland Security's U.S Computer Emergency Readiness Team (US-CERT), argued that "the biggest challenge that we face is a cultural challenge."

After more than two decades dominated by Windows and Unix platforms, he said, "we've been lulled into this mindset" that everything has a client-server relationship, and "people take it for granted that things are being secured along the way."  Yet operating systems are now being embedded in a tremendous range of devices, and manufacturers "aren't always taking into consideration that that system may need to be upgraded at some point."

"How do we change that conversation," Nix asked, and make sure that when vendors talk about quality, they understand that covers how their device "connects with the Internet as well."

A better mindset alone, of course, is not enough to address challenges with the technology itself.   The sheer scale -- Gartner predicts the IoT will include 25 billion devices by 2020 and Cisco predicts IoT traffic will overtake human-driven traffic by 2018 -- means there is arguably too much to secure.

"We're talking about a geometric increase in the number of endpoints on the networks connected to your networks," Howell said. "Every one of these extensions of connectivity is going to create new vulnerabilities and new points for potential attack.  Are we ready to secure that?"

Steps are being taken to get ahead of those risks.   Nix said, for example, that US-CERT is "working to prototype a component-relationship database," which could help identify instances where software vulnerabilities "could be inherited by other components."

Ultimately, though, the speakers agreed that IT leaders need to help their agency heads and other policymakers make sure the IoT does not outrun its guidance.  "It's not just how to make tech work," Howell said. "It's dealing with the human elements around it that can make or break a program."

And, as Sanjar noted, "We can't not plan for it.  IoT is not going to stop."

About the Author

Troy K. Schneider is editor-in-chief of FCW and GCN.

Prior to joining 1105 Media in 2012, Schneider was the New America Foundation’s Director of Media & Technology, and before that was Managing Director for Electronic Publishing at the Atlantic Media Company. The founding editor of NationalJournal.com, Schneider also helped launch the political site PoliticsNow.com in the mid-1990s, and worked on the earliest online efforts of the Los Angeles Times and Newsday. He began his career in print journalism, and has written for a wide range of publications, including The New York Times, WashingtonPost.com, Slate, Politico, National Journal, Governing, and many of the other titles listed above.

Schneider is a graduate of Indiana University, where his emphases were journalism, business and religious studies.

Click here for previous articles by Schneider, or connect with him on Twitter: @troyschneider.


inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group