The year 2020 is just around the corner and some experts predict over 30 billion Internet of Things (IoT) devices to be connected to the internet. Federal IT reflects what’s happening in the commercial space, so this means the Internet of Things will be all over the federal government as well.
“I think with those devices moving closer to those critical systems and processes, they’re going to increase the organizational risk of these agencies quite dramatically,” said Sebastian Szykier, a security architect at Red River. Every federal agency has critical systems, and they should take to the time to investigate options for protecting agency assets from IoT threats.
These IoT devices are produced so quickly and are so inexpensive that security is rarely considered. There are inexpensive technologies like wirelessly connected actuators, street lights, RFID tags, GPS locators and even the Fitbit.
Szykier elaborated on this concept by noting that these devices are being incorporated into critical business processes or manufacturing, healthcare and industrial control systems where the security for those devices must be managed across the device’s lifecycle.”
From the perspective of the federal government, one must consider how to handle that much data, where to handle it and network security considerations.
In software development people talk about “bolting” on security at the end. This is always an unmitigated disaster. One approach from content delivery networks is to see a bad actor, or someone who is connected to a bad actor, then denying them access to the network.
Szykier said one approach is to get a handle on what’s on the network and limit unauthorized access.
“What we’re doing is we’re authenticating all the devices to the network,” he said. “So unknown devices, unregistered devices and unauthorized devices are being kept off the network.”