Every time federal information technology professionals think they’ve gotten in front of the cybersecurity risks posed by the Internet of Things (IoT), a new and unexpected challenge rears its head. Take, for instance, the heat maps used by GPS-enabled fitness tracking applications, which the U.S. Department of Defense (DOD) warned showed the location of military bases, or the infamous Mirai Botnet attack of 2016.
Internet of Things
Today’s battlefield is highly technical and dynamic. We are not only fighting people and weapons but also defending and attacking information at light speed. For mission success, the American warrior in the field and commanders up the chain need the support of highly adaptive systems that can quickly and securely establish reliable communications and deliver real-time intelligence anytime and anywhere.
Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created a piece of legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies. The IoT Cybersecurity Improvement Act of 2017 specifically cites the need for regulation of “federal procurement of connected devices,” including edge computing devices, which are part of the IoT ecosystem.
The U.S. Air Force is exploring innovative ways to put technology to work and address both warfighter fitness maintenance issues and access to troop fitness readiness data. With the help of AF CyberWorx, a public-private design center, innovators will tackle one of two challenges during a daylong hackathon.
The days of the United States’ stature as a force without equal appear to be over. The threat of near-peer competition with increasingly sophisticated adversaries is growing. As Secretary of Defense James Mattis says in the National Defense Strategy, "America has no preordained right to victory on the battlefield."
After about a year, the U.S. Air Force is extending its smart base pilot program at Maxwell-Gunter Air Force Base, Montgomery, Ala. The effort takes advantage of Internet of Things (IoT) technologies and applies the smart city concept to the base. The lessons learned at Maxwell likely will be applied to Air Force bases around the world.
The Department of Homeland Security (DHS) Science & Technology Directorate (S&T) is announcing today that Ionic Security Inc., based in Atlanta, is the first company to successfully complete prototype testing and move to the pilot deployment phase as part of the Silicon Valley Innovation Program (SVIP).
Where some see challenges, others see opportunities. It sounds like a motivational poster, but that is exactly how researchers at the National Security Agency view the Internet of Things, or the IoT.
“We approach IoT a little differently than everybody else. Everybody’s talking about all the security problems. That’s certainly fair, but we look at IoT as an opportunity in terms of the security goals we can accomplish,” says George Coker, chief, Information Assurance Research Group, National Security Agency (NSA).
The U.S. Army Research Laboratory (ARL) has awarded a $25 million contract to a group that includes SRI International and several universities. They will work to develop and secure the Internet of Battlefield Things (IoBT), as part of the IoBT Research on Evolving Intelligent Goal-driven Networks (IoBT REIGN) program.
No longer a curiosity, the Internet of Things has emerged as a highly sought-after technology advantage for organizations worldwide. The federal government has stepped up as an innovator within this space, generating profound advancements with seemingly unlimited promise to support national security missions. Those in doubt need look no further than research from the Center for Data Innovation, a nonprofit, nonpartisan institute, which reveals a broad range of eclectic, real-life implementations.
With the Internet of Things promising—or perhaps threatening—to connect many more millions of devices, experts from industry, government and the military are urging action.
The critical infrastructure covers a lot of territory, including banking and finance, gas and oil, health care, agriculture, water distribution, transportation, communication, law enforcement and emergency services. Many outdated and poorly secured computers, experts say, operate a great deal of that infrastructure. Additionally, commercial or private entities own the vast majority of the infrastructure, meaning that government has little authority to protect it.
In reaction to the large-scale distributed denial of service (DDoS) attacks that made headlines last year, a bipartisan group of senators has introduced legislation establishing minimum security requirements for government-purchased Internet of Things (IoT) devices.
The increasing nature of computing capabilities, the number of technologies that are interconnected to the cyber world, the amount of data generated, and the speed at which data is reported are all reshaping everyday life. To harness this new dynamic, the commercial computer industry has already switched to a more agile way of developing software. More and more, the military is moving to advance the development of cyber-based infrastructure under this changing environment.
The U.S. Defense Department is diving in and investing heavily to leverage the benefits provided by the burgeoning Internet of Things (IoT) environment.
How many software engineers does it take to screw in a light bulb? None. It’s a hardware problem. That joke, though, soon might be on its way to becoming wrong with the speed of technology, joked Lt. Gen. Alan Lynn, USA, director of the Defense Information Systems Agency (DISA) and commander of the Joint Force Headquarters–Department of Defense Information Networks (DODIN).
The NATO Parliamentary Assembly has published a draft report titled "The Internet of Things: Promises and Perils of a Disruptive Technology." The report urges governments to take a more proactive role in defining the future of the Internet of Things (IoT).
"Policy makers, including national parliamentarians, need to start to proactively shape an IoT environment that remains open, innovative and secure. We have to find the right balance," the document states.
Though the U.S. Defense Department has spent much time and money to protect high-value network assets such as emails from cyber intruders, the systems remain vulnerable to attacks. So imagine the weaknesses to systems that haven’t garnered as much defense attention or reinforcements, a senior official said.
“We have spent a lot of time—and have been very successful at—protecting our email information,” said Daryl Haegley, program manager for Business Enterprise Integration (BEI) in the Office of the Assistant Secretary of Defense for Energy, Installations and Environment. “But what about the control systems, manufacturing systems, facilities networks, medical devices? What we’re finding is ‘not so much.’
Through its significant investment in networked systems and smart devices, the U.S. Defense Department has created an enormously effective—yet highly vulnerable—approach to national security. The department has begun investing more in the Internet of Things (IoT), which has gone a long way toward making ships, planes, tanks and other weapon systems far more lethal and effective. Unfortunately, the IoT's pervasive connectivity also has increased the vulnerability of defense networks and the potential for cyber attacks.
While we are all still in the early stages of a networked, always-on Internet of Things world, this is the precise time to develop crucial and effective cybersecurity solutions to combat growing threats. The developing ecosystem needs new ideas for bold government actions, particularly to reduce the risks of quantum computers.
Quantum Threats Looming
As the Internet of Things, or IoT, steadily migrates from fantasy to reality, the accompanying cybersecurity challenges posed by billions of connected devices have become not only evident, but a leading concern for federal technologists.
The lack of IoT security tops a list of critical concerns for surveyed professionals wrestling to address the challenges increasingly front and center as the sheer number of connected devices and sensors grows, according to results of a recent Brocade survey.