IoT Security and Government Agencies
Are government agencies keeping up with technological advancements? The expansion of the Internet of Things (IoT) has created numerous possibilities for the government to deliver services more efficiently and effectively. But are these connected devices secure enough?
Today, the IoT consists of 25 billion plus devices. This number is expected to balloon to 50 billion by 2020, and account for between 7 and 9 trillion dollars in value. Many of these devices are vulnerable to attacks due to their lax security. Most networks have multiple levels of protection, including encryption and firewalls. By contrast, the majority of embedded devices on the IoT have only one type of security protocol.
These are no longer simple devices. Many are critically important, including infrastructural devices used to control high-speed trains (when they are switching tracks). As the importance of devices connected to the IoT grows, they become more attractive targets for exploitation.
It is no surprise that policy-makers have fixed a concerned stare on the rapidly changing IoT. This includes potentially beneficial applications, as well as the government's role in IoT security, particularly with regard to protecting consumer privacy. On January 13, the creation of a new Congressional Caucus on the IoT was announced. A month later, the Senate Committee on Commerce, Science, and Transportation conducted a hearing to address the issues and encourage the innovation necessary for the IoT to flourish while addressing the inherent security risks that arise from the interconnectivity of billions of devices.
In a January 27 report, the FTC voiced their agreement with industry leaders that the rapid evolution of IoT-related technology is not conducive to the present development of legislation aimed at the IoT. This said, commissioners have recommended the creation of new laws regarding data security and breach notifications.
Congress was faced with IoT security again on February 9. The resulting report drew attention to the risks associated with public safety, specifically in relation to the growing adoption of IoT-related technology in the automotive industry. This includes wireless Internet access and Bluetooth connectivity.
One example of these risks is highlighted by the emergence of car thefts by hackers exploiting this expanded interconnectivity. Some manufacturers have begun implementing software where a consumer's vehicle can be unlocked using their smartphone. While this might seem like a convenient way to get out of a jam (such as locking your keys in your vehicle), hackers have already found a way to manipulate this system and use it to gain unauthorized access.
While the growth of devices on the IoT raises security concerns for consumers and policy-makers alike, there are also potential benefits. If approached wisely, government agencies can play a major role in expanding the prevalence of the IoT. For example, smart power meters can be used to monitor homes for vacancy, allowing law enforcement agencies to monitor hotspots for potential vandalism or break-ins.
Consider traffic light data, which is already used to monitor traffic patterns. This information might be combined with that from public event calendars or social media platforms to predict traffic problems before they develop. In reality, the potential benefits of IoT devices are limited only by human creativity.
However, as we have seen these benefits can be limited by potential risks. Government agencies need to ensure that when it comes to the Internet of Things, security comes first and foremost.