Within the next few years, billions of physical devices and systems will be connected to the Internet and capable of automatically processing and exchanging information. This emerging “Internet of Things” promises to help federal agencies generate efficiencies and more effectively achieve their missions, but it also raises significant cybersecurity concerns. Target’s massive data breach in late 2013, in which hackers exploited HVAC systems of a third-party vendor connected to Target’s enterprise network to steal data on millions of credit and debit cards, demonstrates just how vulnerable organizations can be. An agency's cybersecurity will no longer revolve solely around computers connected to enterprise networks, but will instead need to incorporate the myriad devices and systems increasingly capable of tapping into agency networks. In other words, agencies’ surface area vulnerable to cyberattacks will greatly expand.
As part of a survey of 424 senior federal employees familiar with cybersecurity, Government Business Council and Dell Software asked respondents how their agencies are coping with an increasingly internet-connected world. Overall, respondents indicate that their agencies are behind the curve for the Internet of Things and its implications for cybersecurity.
Despite the increased attention security vulnerabilities of the Internet of Things have received, federal executives are fairly confident in their agencies’ ability to secure its networked physical devices. This confidence, however, could simply reflect a lack of understanding of the vulnerabilities opened up by the Internet of Things.
As it turns out, agencies appear to be slow to leverage the Internet of Things. Less than one third of respondents (30%) say that their agencies are already leveraging or quickly moving to leverage the Internet of Things.
Agencies are also not yet prioritizing the Internet of Things as a cybersecurity issue. Less than half of federal executives say that their agencies are adapting their cybersecurity strategies to accommodate the Internet of Things, and just one quarter say it is a priority.
Together, these results suggest that agencies are in the early stages of accommodating the Internet of Things and have yet to fully internalize its security implications. So what can agencies do to prepare? In an interview with CIO.com, Jerry Irvine, CIO of Prescient Solutions and a member of the National Cybersecurity Partnership suggests two major steps. First, establish policies to ensure that remotely-controlled devices and systems are not connected to enterprise networks. Second, educate and train personnel on the vulnerabilities of the internet of things.