Internet of Things

DOD risks 'rogue' apps under current IoT policy

Shutterstock image: illuminated connections between devices. 

The Department of Defense must address some key security risks in its policies and guidance for Internet of Things devices, according to a new Government Accountability Office report. The report notes that although DOD has identified the many IoT-related security risks and developed policies and threat scenarios, current rules do not adequately address these challenges. The report recommends updates in certain areas to keep DOD information secure from threats posed by IoT devices.

The IoT risks previously identified by DOD are categorized into "operational risks," which come with using and operating a device, and "device risks," which come with the device itself. "Rogue" mobile applications used for malicious purposes and devices that can geotag are considered "operational," while issues such as unpatched software, limited encryption and supply chain threats represent "device" risks.

While DOD has already identified the risks and has provided guidance for many portable connected devices, , the report concludes, "GAO found that these policies and guidance do not clearly address some security risks relating to IoT devices." 

For one thing, DOD currently lacks updated policies and guidance for certain IoT devices that it has acquired. Smart televisions and mobile applications, for example, present security risks that still need to be addressed, according to GAO. Additionally, the report observes that current policies and guidance on a host of security issues from cybersecurity, information security to physical security fail to take IoT devices into account. The report also notes there is no single DOD office for IoT security. Rather, the responsibility is shared among different organizations in the department.

In reply comments, acting DOD CIO John Zangardi indicated that an ongoing review of the relevant policies will be finished by the end of the current fiscal year.

About the Author

Ben Berliner is a former editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at [email protected].

Click here for previous articles by Berliner.


  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    OPM nominee plans focus on telework, IT, retirement

    Kiran Ahuja, a veteran of the Office of Personnel Management, told lawmakers that she thinks that the lack of consistent leadership in the top position at OPM has taken a toll on the ability of the agency to complete longer term IT modernization projects.

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

Stay Connected