The Internet of Things Presents Possibilities and Problems for Federal Agencies

The Internet of Things, or IoT – the interconnecting and data collection of innumerable sensors and networked devices – presents agencies with new operational capacities and mission-enabling capabilities. However, numerous challenges remain and implications arise from efforts to harness existing capabilities and build upon them with the newest technologies.

At AFCEA DC’s recent Internet of Things Summit participants from the various federal agencies, including the US Air Force, Department of Homeland Security (DHS), Department of Defense (DoD), National Aeronautic and Space Administration (NASA) and the National Institute of Standards and Technology (NIST), were joined by members of industry and academia to discuss their current efforts, challenges and opportunities associated with IoT.

Key themes, observations and challenges facing effective IoT that were discussed include:

• Identity management and authentication of IoT devices is a major challenge and an imperative to building secure and effective integrated sensor communications networks. Effective authentication is critical to ensure that all devices on the network are authorized to be connected as well as accessing appropriate data, applications and systems.
• Modernizing and integrating the many legacy “dumb” sensors that are already out there in the physical plants and industrial control systems, etc. at military bases present an interesting challenge because they were not originally conceived and deployed with the idea of connecting them IT networks. The challenges of retrofitting them to communicate with IP networks brings with it the resulting implications of exposing these legacy sensors to the vulnerabilities of today’s cyber-attacks.
• Managing thousands of IoT devices will require updated protocols and processes, including consolidating devices under device brokers for broad authentication and device management. Leveraging the broker concept is driven by the need to devise an effective approach to managing what may likely become millions of IoT devices within a particular network ecosystem.
• Cybersecurity risks can be mitigated through segmentation, data encryption and network masking. Segmentation can mitigate security vulnerabilities, especially with SCADA devices and industrial control systems, as devices are granted limited access to other networks. Encryption at the device/sensor level would do much to improve security, but also challenges some sensors’ battery/power capabilities. Masking of Wi-Fi networks limits their discoverability by unauthorized users.
• Supply chain security and the risks presented by certain component products and software remains a sustained concern due to the proliferation of components with hard-wired back doors that cannot be blocked or that cannot be updated with new access credentials. Such components have existed in various devices and systems deployed both commercially and militarily.
• Appropriate governance and technical standards development is in lagging in many ways, although standards bodies like NIST and others are stimulating the discussion and collaboration across sectors. It is important to recognize that the larger policy and legal landscape addressing privacy, safety, security, liability, etc. will impact federal agencies as these issues are hammered out, often at the national and global level.

One thing was clear across each of the panels and individual discussions: the IoT “train has left the station,” meaning that the deployment and interconnecting of sensors and other devices has been well underway for years and cannot be reversed. The reality of IoT is not a matter of “if,” but of “how much, how far and how fast.”  By all observations the pace of deployment will only continue to increase, so the current challenge for federal agencies and their industry partners is to determine how to set priorities and how to well manage the progression.