https://www.iotworldtoday.com/wp-content/themes/ioti_child/assets/images/logo/mobile-logo.png
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
Iot World Today
  • NEWSLETTER
  • Home
  • News
    • Back
    • Roundups
  • Strategy
  • Special Reports
  • Business Resources
    • Back
    • Webinars
    • White Papers
    • Industry Perspectives
    • Featured Vendors
  • Other Content
    • Back
    • Q&As
    • Case Studies
    • Features
    • How-to
    • Opinion
    • Podcasts
    • Strategic Partners
    • Latest videos
  • More
    • Back
    • About Us
    • Contact
    • Advertise
    • Editorial Submissions
  • Events
    • Back
    • Embedded IoT World (Part of DesignCon) 2022
  • newsletter
  • IIoT
  • Cities
  • Energy
  • Homes/Buildings
  • Transportation/Logistics
  • Connected Health Care
  • Retail
  • AI
  • Metaverse
  • Development
  • Security
ioti.com

Security


Thinkstock

Photo of the Pentagon

GAO report identifies US DoD IoT security gaps

The U.S. Government Accountability Office issues report that details threats to the Department of Defense and offers a glimpse into DoD policies and guidance for IoT devices.
  • Written by Courtney Bjorlin
  • 2nd August 2017

“Unconventional threats” is the area Joseph Kirschbaum focuses on in his role at the U.S. Government Accountability Office (GAO), the independent congressional watchdog. His group analyzes policy and spending analysis on areas like nuclear forces, combatting weapons of mass destruction, defense intelligence, homeland security, and – the Internet of Things.

“It cuts across everything,” the director of Defense Capabilities and Management for the GAO, who has been with the organization for more than two decades, said of IoT.

Not a day goes by without news of an emerging IoT-related threat — with most recent news detailing the vulnerabilities in more than 100,000 internet-connected security cameras that render them open to hacks. Research continues to demonstrate the lack of security in IoT device design and the risks of opening operational technology up to connections it was never designed for. And today, a Bill introduced in the Senate called for stricter security measures on devices purchased by federal agencies.

And a new report issued by the GAO assessing IoT device security policies and guidance at the U.S. Department of Defense (DoD) puts that risk squarely into perspective — even the DoD has gaps in securing IoT devices, according to the report. The GAO found that existing security policies and guidance do not address all security risks related to connected devices.

“Updates to DoD policies and guidance would likely enhance the safeguarding and securing of DoD information from IoT devices,” the reports states.

The 46-page report details threats to the DoD presented by increasing connectivity that many outside the public sector can relate to, as an organization that has been using automated sensors and controls for more than a century, and has been connecting them to computers for decades, is now “in the midst of enormous technological change.”

It also offers a glimpse into some DoD policies and guidance for IoT devices, including wearable devices, portable electronic devices, smartphones and infrastructure devices. For instance, for securing “infrastructure devices” (like smart electric meters) within industrial control systems, the DoD recommends that design at the device level includes the avoidance of wireless communications to the greatest extent possible; implementation of authentication between devices, if possible; and the avoidance of mobile code — that is, code that is downloaded and executed without explicit user action.

[IoT Security Summit, co-located with Blockchain360 and Cloud Security Summit, explores how industry-wide security, privacy and trust can be established to unlock the full potential of IoT. Get your ticket now.]

In addition to policies and guidance, the DoD has made other progress in addressing IoT security challenges, including identifying a number of IoT security risks and notional threat scenarios, examining security risks by conducting assessments on critical infrastructure, and establishing ongoing efforts like research programs to mitigate security risks.

Gaps, however, remain, according to the GAO report. Policies and guidance do not clearly address smart televisions or applications downloaded on DoD-issued devices. DoD policies and guidance on operations security, information security and physical security do not address IoT devices. And while it has developed guidance and detailed procedures for defending industrial control systems from cyberattacks,  the DoD doesn’t have a policy directing the implementation of these procedures.

Authors laid out risks inherent in everything from the manufacture of the devices themselves to the risks for operations security presented in geo-location capabilities. The report described a potential scenario in which connected devices provide gateways to sabotage a mission by shutting down communications from command-and-control computers. In that case, hackers could gain access through smart electric meters to shut down cooling systems, resulting in the need to shut down computers before they overheat.

In turn, bringing together the various stakeholders responsible for IoT security is challenging. Responsibility for securing IoT devices doesn’t sit with one entity or person, instead spanning various DoD organizations, from the CIO to the Undersecretary of Defense for Intelligence to the Principal Cyber Advisor to the Secretary of Defense, and more.

“One of the first questions we tend to ask is, Who’s in charge and who should be?” Kirschbaum said. “I’m not sure it’s appropriate to have one person in charge,” he said, pointing to the many realms IoT crosses and the importance of looking at security through those different departmental lenses.

The GAO recommended that the DoD conduct operations security surveys that could address IoT or operations security risks posed by IoT devices through other DOD risk assessments. It also recommended that the DoD review and assess its security policies and guidance affecting IoT devices and identify areas, if any, where new DoD policies may be needed or where guidance should be updated.

For its part, the DoD concurred with the recommendations and indicated that it will begin, or already has begun, work to that end.

Tags: Article Security Technologies News

Related


  • The San Francisco 49ers
    San Francisco 49ers Reportedly Hit by Ransomware Attack
    Ransomware hacker BlackByte claimed to have stolen financial data from the NFL team and posted it on the dark web
  • Thrive Managed Services Acquires InCare Technologies, Plans US Expansion
    The company is looking to shore up its managed services and cybersecurity presence in the South
  • Image shows a digital security concept
    IoT Devices Most Vulnerable to Internal Security Threats
    Insider cybersecurity threats are on the rise and Iot devices are at the greatest risk
  • Image shows an illuminated laptop computer in the dark
    ScaleUp AI 2022: Hackers Using AI to Penetrate Defenses
    SentinelOne unearths Russian-linked Wiper Attacks targeting satellite internet modems

Leave a comment Cancel reply

-or-

Log in with your IoT World Today account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Content

  • Clearview AI Fined $9.4M Over Facial Data Scraping
  • BotenaGo Source Code Leak Exposes More IoT Devices
  • IoT Product Roundup: PTC, Nokia, Arm and More
  • Palo Alto Networks Working With Department of Veterans Affairs to Secure Remote Workforce

Roundups

View all

IoT Deals, Partnerships Roundup: Google, Arm, Senet and More

26th May 2022

IoT Product Roundup: PTC, Nokia, Arm and More

19th May 2022

IoT Deals, Partnerships Roundup: Intel, Nauto, Helium and more

14th May 2022

White Papers

View all

The Role of Manufacturing Technology in Continuous Improvement Ebook

6th April 2022

IIoT Platform Trends for Manufacturing in 2022

6th April 2022

Latest Videos

View all
Dylan Kennedy of EMQ

Embedded IoT World 2022: Dylan Kennedy of EMQ

Dylan Kennedy, EMQ’s VP of global operations, sat down with Chuck Martin at Embedded IoT World 2022.

Embedded IoT World 2022: Omdia’s Sang Oh Talks Vehicle Chip Shortage

Omdia’s automotive semiconductor analyst sits down with Chuck Martin at this year’s event

E-books

View all

How Remote Access Helps Enterprises Improve IT Service and Employee Satisfaction

12th January 2022

An Integrated Approach to IoT Security

6th November 2020

Webinars

View all

Rethinking the Database in the IoT Era

18th May 2022

Jumpstarting Industrial IoT solutions with an edge data management platform

12th May 2022

AI led Digital Transformation of Manufacturing: Time is NOW

9th December 2021

Special Reports

View all

Omdia’s Smart Home Market Dynamics Report

7th January 2022

Cybersecurity Protection Increasingly Depends on Machine Learning

28th October 2020

IoT Security Best Practices for Industry and Enterprise

20th October 2020

Twitter

IoTWorldToday, IoTWorldSeries

This white paper by @braincubeEn explores how the changes of 2020 and 2021 are shaping the future of #IIoT. Learn w… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

UK Investing $50M for Self-Driving Buses, Vans dlvr.it/SR9QlJ https://t.co/sQdX2tJY4d

27th May 2022
IoTWorldToday, IoTWorldSeries

Dubai to Use Satellite IoT Terminals for Utilities Industry dlvr.it/SR9NQB https://t.co/GXf9Gx5RCw

27th May 2022
IoTWorldToday, IoTWorldSeries

@BerkshireGrey’s AI-powered next-gen warehouse robot is helping retailers by cutting times for order fulfillment, u… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Access the insights on IoT deployments, emerging tech and new applications now. Sign up to our dedicated… twitter.com/i/web/status/1…

27th May 2022
IoTWorldToday, IoTWorldSeries

Survey finds there's a lot of on-campus affinity for @StarshipRobots delivery #robots. dlvr.it/SR79YR https://t.co/73EaFPR6ft

26th May 2022
IoTWorldToday, IoTWorldSeries

That latest #IoT deals and partnerships news from @Google, @RedHat, @Arm, @SierraWireless, @ItronInc and more!… twitter.com/i/web/status/1…

26th May 2022
IoTWorldToday, IoTWorldSeries

@Ford is testing #geofencing tech that automatically cuts vehicle speeds. iotworldtoday.com/2022/05/26/for…

26th May 2022

Newsletter

Sign up for IoT World Today newsletters: vertical industry coverage on Tuesdays and horizontal tech coverage on Thursdays.

Special Reports

Our Special Reports take an in-depth look at key topics within the IoT space. Download our latest reports.

Business Resources

Find the latest white papers and other resources from selected vendors.

Media Kit and Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • IoT World Series
  • Channel Futures
  • RISC-V
  • Dark Reading
  • ITPro Today
  • Web Hosting Talk

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Login/Register

FOLLOW IoT World Today ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X