Cybersecurity

Why agencies must work harder to prep for IOT security

Shutterstock image (by a-image): connected devices around the world.

Government agencies tasked with regulatory and security responsibilities are running out of time to address security challenges associated with the increased connectivity of the Internet of Things, according to Department of Homeland Security Assistant Secretary for Cyber Policy Robert Silvers.

Increased connectivity for devices means expanded attack surfaces. The challenge, Silvers said at an Aug. 31 National Institute of Standards and Technology meeting, is developing flexible, living security standards while preserving the innovation and productivity gains that come with increased internet.

"I think we all recognize the IoT is not a trend, it's a full-blown phenomenon at this point," he said. "We have, as against that enormous security challenge, a very narrow and closing window in which to address the security challenges on the front end before we are put in the much more difficult, much less enviable position of addressing security against an ecosystem that is already stood up, functioning and created."

Trying to bolt on security measures after the widespread proliferation of connected devices "is suboptimal… if not impossible, is more expensive and is less effective than doing it right to start," he said.

Silvers also lamented the current lack of "anything resembling a standard of due care" for when things "really go awry and ultimately hit the court system" in cases that may negatively impact consumers.

"I think we need just to be very candid with ourselves, with each other, that we see few solutions gaining traction in any kind of holistic and sustained and widespread way," he said.  "The bottom line is that product is moving to market without security" plans for either the short or long term, he said.

Silvers acknowledged that there are "very good efforts" in the public and private sectors to protect IoT stakeholders, such as NIST's IoT building blocks and the Defense Department's investment in IoT security.

However, he also emphasized that government agencies, including DHS, "need to work a lot harder" on the IoT security front.  "We need to accelerate everything we're doing," he said. "We need to make tough decisions now because they're not going to get easier."

For long-term solutions, Silvers said he was unsure of the best answer, but suggested a system of certification like the Energy Star seal of approval for home appliances as a potential avenue.

"In the meantime, we need to have bridge solutions," he said.

Silvers also announced that although DHS is not a regulatory agency, it is planning to issue strategic principles for IOT stakeholders, including best practices and guidance for risk-based decisions that draw from previous work of private partners and other agencies.

He said the principles will not be overly prescriptive or controversial, but that "it's time" for agencies to begin to address their security responsibilities.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Cybersecurity
    Shutterstock photo id 669226093 By Gorodenkoff

    The disinformation game

    The federal government is poised to bring new tools and strategies to bear in the fight against foreign-backed online disinformation campaigns, but how and when they choose to act could have ramifications on the U.S. political ecosystem.

  • FCW PERSPECTIVES
    sensor network (agsandrew/Shutterstock.com)

    Are agencies really ready for EIS?

    The telecom contract has the potential to reinvent IT infrastructure, but finding the bandwidth to take full advantage could prove difficult.

  • People
    Dave Powner, GAO

    Dave Powner audits the state of federal IT

    The GAO director of information technology issues is leaving government after 16 years. On his way out the door, Dave Powner details how far govtech has come in the past two decades and flags the most critical issues he sees facing federal IT leaders.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.