It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.
Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.
Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network.
All of this time dedicated to understanding and managing IoT is well worth it. It means that facilities can run more efficiently with "smart" systems, and agencies can gather data that was never available before. For example, San Diego began installing smart streetlights equipped with microphones, cameras, and sensors. The idea was to use these lights as gunshot detectors, help citizens find open parking spaces, measure air quality, and track traffic flow of both vehicles and pedestrians. Video from these lights has been used in more than 140 police investigations. It has even helped exonerate suspects, leading police to drop murder charges when they saw that a suspect had acted in self-defense against an attacker.
To navigate the complex and continuously evolving IoT landscape, there are several upcoming events that provide education and best practices.
- Washington Technology Showcase (December 5, 2019; McLean, VA) - Organized by the Association for Corporate Growth (ACG), this year's event focuses on IoT, 5G, and AI. It features a mix of keynotes, panel discussions, and technology pop-ups that will highlight innovative technology companies.
- CyberUSA: Connecting Trust Communities (January 16, 2020; College Park, MD) -- CyberUSA is a collaboration of states focused on a common purpose of enabling innovation, education, workforce development, enhanced cyber readiness, and resilience--all while connecting the cyber ecosystem of the United States and its allies. This annual gathering of state delegations and federal stakeholders explores programs to improve and enhance cyber resilience, collaboration, threat intelligence, information sharing, workforce development, marketplace opportunities, and risk management.
- Zero Trust Security Summit (January 28, 2020; Washington, DC) -- Influential government and tech leaders will highlight how the federal government is adopting the principles of zero-trust security to modernize their security and IT environments. They'll share how government leaders are future-proofing their security practices through next-generation identity and access management plus how they reduce risk with a user-centric zero-trust security model.
- Federal Networks 2020 (February 26-27, 2020; Tysons Corner, VA) - This event brings together leaders from agencies across government to share their latest plans for how they will design, purchase and operate their networks, as well as the IT services that these networks enable and deliver.
We'd love to hear about other IoT-related events. Share your suggestions in the comments.