Three Steps to Prepare for IoT and Edge Computing
Federal agencies should act now to prepare for the future.
Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created a piece of legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies. The IoT Cybersecurity Improvement Act of 2017 specifically cites the need for regulation of “federal procurement of connected devices,” including edge computing devices, which are part of the IoT ecosystem.
With on-device processing and analytics and faster access to information, edge computing and the IoT have the potential to greatly accelerate federal workers’ ability to get the information they need, when they need it. The solutions have the potential to significantly advance the federal government’s drive to become more agile and efficient.
But these technologies also raise important security questions. How secure are the devices? What steps are vendors taking to protect the highly sensitive data that is being processed by their edge computing devices? Do they have the proper security controls in place? Are agencies using trusted vendors?
IoT and Edge: Hype Vs. Reality
It’s good that these provocative and important questions are being asked now, before edge computing and the IoT truly take hold within the federal government. As it is, we are still at the very start of their respective hype cycles, with true adoption being hampered by the aforementioned security concerns.
Years after BYOD became the acronym-du-jour, federal agencies are still grappling with mobile device security, let alone the IoT or edge computing. The recent controversy surrounding fitness app Strava, which inadvertently revealed the location of classified military bases, made it abundantly clear that there is still much work to be done to ensure the security of even the most basic wireless technologies. Agencies are still trying to get past these fundamental hurdles before fully embracing the IoT, which likely will not see enterprise-level adoption until 2019 at the earliest.
And while edge computing has the potential to help agencies advance their security initiatives, agencies are still very much in the exploratory phase. For example, facial recognition and biometrics technologies, while being closely examined, have yet to take the place of standard security cards, even though the latter can be easily lost or stolen. As such, it is unlikely we will see widespread adoption of these types of solutions over the next year.
Fortifying Current and Future Networks
Still, agencies are laying the infrastructure for these technologies and need to implement strategies to ensure that their networks and data are protected. As such, there are several things IT professionals can do now to better fortify current and future operations.
Have a clear view of everything happening on their networks. If the IT team does not have the ability to accurately track and manage IP addresses and conflicts, domain names, user devices and more, they will not be able to know if or when a bad actor is exploiting their networks. They must be able to tie events on the network directly back to specific users or events. This should be considered the equivalent of “brushing your security teeth,” but the strategy can also be extremely helpful in evaluating the IoT and edge computing devices running on the network to ensure they are operating properly and securely.
Use trusted vendors. The IoT Cybersecurity Act of 2017 requires that vendors notify their customers of “known security vulnerabilities or defects subsequently disclosed to the vendor by a security researcher” or when a vendor becomes aware of a potential issue during the lifecycle of their contract. While this language pertains specifically to the IoT and edge computing devices, this should be par for the course for any type of solution offered to government agencies.
Find the positive in potential intrusions. Federal IT professionals should expect that, at some point, their agency’s networks will get hacked. However, there are some positives to be gained even in the event of a hack. Intrusions can help IT professionals evaluate and refine their remediation strategies, and automated network security solutions can learn from the breach to offer protection for the future.
There’s every indication that the IoT and edge computing will prove to be more evolutionary than revolutionary in 2018. While there will always be some agencies that will be willing to push the innovation envelope, most will likely continue to walk before they run with these technologies. They, along with Congress, know that the first consideration must be how the IoT and edge computing devices will be managed and secured.
But the more agencies learn about these technologies, the more they will ultimately be adopted. Agencies must begin preparing for that day. The best way to do that is to implement strategies that can help them solidify network security today while laying the groundwork for tomorrow.
Paul Parker is chief technologist, federal and national government, at SolarWinds.