The innovative world of Internet of Things means industry and government can build things better, stronger, faster. They can gather more information and quickly integrate it. However, there is a price to moving that much data around at that speed. It also means keeping pace with the security concerns in a sophisticated, quickly evolving environment. The environment of cloud storage and remote sensors is under constant cybersecurity threats.
“It’s definitely a balancing act between using the latest technologies, but also making sure they’re secure at the same time,” Tim Mierzwa, enterprise strategy lead for the information technology resources branch at the National Center for Advancing Translational Sciences (NCATS) said on Federal Monthly Insights — IoT Security. NCATS uses IoT to create biological and chemical profiling that aids in the development of drugs and treatments in the medical field.
“From a clinical perspective, you can gather all sorts of health metrics from heart rates, or insulin levels, things like that. And, you do need to sort of minimize or anonymize that data as well. Because that data in the wrong hands can definitely be very dangerous,” Mierzwa said on Federal Drive with Tom Temin.
NCATS has seen steady growth since its inception in 2012, according to Mierzwa. Starting small and growing meant it only got big enough to form its own cybersecurity division in 2019. As they moved forward with developing new technologies, the security team had to move fast to keep up and maintain secure data. That meant developing protocols and governance plans to safeguard large amounts of data containing personal information.
At FEMA, IoT sensors send information that allows it to move with greater speed and accuracy in emergencies. For example, AT&T provides a service called FirstNet for first responders.
“I get signal on FirstNet in garages where my T-Mobile personal phone has no hope of working. So, you know, the utilization of being able to have a robust network like that, that can handle communications for all these devices is critical to what we do,” said James Rodd, cloud portfolio manager at FEMA.
“Security is a massive concern for us. Obviously, responding to emergencies, the last thing we want to happen is some kind of security attack that would prevent us from doing that,” Rodd said. While keeping up with protocols is a constantly evolving process, he said sometimes nothing is more important than remembering the basics.
“One of the most critical things that we tend to not pay enough attention to is your baseline updates and stuff like that, like just making sure that your that your mobile devices are updated to the latest firmware, that you’re aware of any security,” he said.
Part of the network that FEMA relies on involves sensors in remote areas. Those sensors can detect floods and wildfires, sometimes before anyone locally notices a problem. As those networks grow, their security also has to improve and keep evolving.
“Unfortunately, in FEMA, sometimes we kind of silo ourselves because we’re responding to an incident. And we put procedure and policy in effect and then find out that it doesn’t meet the requirements of our executive order or whatever, zero tolerance. And then we have to go and kind of backwards engineer our solution, which we’ve already been utilizing. I hate to say it, but when do we find out that it’s not good? Usually during an audit, you know, and that’s not a good time to be finding out. So I would definitely say, networking is a huge factor and making sure you go to the sources,” Rodd said.