Cybersecurity

NASA official warns of 'the internet of dangerous things'

Shutterstock image (by a-image): connected devices around the world. 

The dangers emerging from the expansion of the internet of things requires rethinking decades-old security practices and education curriculums, according to a top IT official at NASA.

At the GITEC conference April 2, Director of the IT Directorate and CIO at NASA's Ames Research Center Jerry Davis said while the "internet of dangerous things" has the potential to improve data analytics and increase efficiency, this greater connectivity is "beginning to change our lives as we know it, in not such a good way."

With billions of devices connecting to the internet, security practices have to address the possibility of once-improbable "black swan" events becoming the order of the day.

"Security has always been everyone's problem," he said. "We have to rely on everybody that's in the community to mitigate these issues."

Davis pointed to recent instances where IoT attacks have taken place, such as when researchers remotely hacked a Jeep's steering, transmission and brake systems and when Iranians accessed a computer at a New York dam.

Davis said that much of the technology users rely on is built on "60 years of bad software development," which has resulted from a rush to get new technology to market.

Software "runs everything" and "continues to be the primary attack vector," he said, adding that widespread reliance on poorly written and insecure software creates a safety issue.

The reason why software security is weak, Davis said, is because industry is "all about speed to market." Plus, there are "not enough people out there who can actually build these things the correct way," he said.

Exacerbating the concerns about the internet of things, Davis said, is that the information-sharing systems currently in place are "just completely broken."

Even though security groups share the same mission to protect users, Davis pointed to shareholder issues and concerns about attribution and embarrassment as reasons why both public and private groups are reluctant to share.

To keep up with the emerging security problems, Davis said that industry and government alike must work to foster security skill sets.

Both government and industry have to navigate the shortage of cybersecurity specialists, but government is at a disadvantage because of its protracted hiring process and inability to compete with top private-sector compensation, Davis said.

In addition to hiring challenges, "once you get them in, trying to fight to keep [qualified employees] is extremely tough to do," he said. "NASA is a cool place to work… but 'cool' only lasts so long until someone throws a 65 percent pay raise at you."

In terms of where the administration views cybersecurity as a priority, Davis said that the White House has been sending "mixed signals."

Although President Donald Trump's budget proposal slashed funding for civilian agencies, NASA received a $30 million boost to enhance its cybersecurity.

Davis said that could be a good signal "if you can extrapolate that into the national policy… but I'm getting so many mixed signals, it's really hard to say."

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.