DHS, NIST Release Security Guidelines for IoT Devices

The Department of Homeland Security (DHS) and National Institute of Standards and Technology (NIST) released new security guidelines last week for the Internet of Things (IoT) after a massive distributed denial-of-service attack targeted these devices and shutdown many popular websites like Twitter and Etsy last month.

The new guidelines from the two agencies provide a needed and welcome step as the government begins to examine and prepare for the implications of ubiquitous connectivity in the Internet of Things ecosystem. The adoption of IoT and the integration of sensors is moving fast and there is an imperative to have security as a first step in planning the implementation of IoT for the public sector.

IoT refers to the general idea of devices and equipment that are readable, recognizable, locatable, addressable, and/or controllable via the internet. This includes everything from home appliances, wearable technology and cars. These days, if a device can be turned on, it most likely can be connected to the internet. Because of this, data can be shared quickly across a multitude of objects and devices increasing the rate of communications.

Imagine a world where your alarm clock notifies your coffee maker to start brewing when you wake up. Or, your car is communicating with other cars on the road, exchanging information about speed and position to reduce the number of accidents. Seems a little like The Jetsons, but this will soon be our reality – and in some cases, already is.

According to Gartner, there is expected to be nearly 26 billion networked devices on the IoT by 2020, giving any business, no matter the industry, access to endless amounts of vital, real-time data about their company and customers. Inside and outside the workplace, the IoT has the potential to change the way we work and live.

Just like many industries, government agencies are looking for ways to cut costs and become more efficient, and have realized the IoT is one way they can achieve productivity gains. Over the last five years, the federal government has spent more than $300 million on IoT-related research and Cisco estimates that the IoT will be valued at $4.6 trillion for the public sector in the next ten years.

Public Sector IoT

So where are we seeing IoT adoption in the public sector?

An area that has shown promise and growth is public infrastructure and transportation. Opportunities abound within facilities management, grid and energy planning, and environmental impacts like waste management and water meters – with the IoT driving smart cities and smart urban mobility.

For example, smart parking applications are already informing citizens where the open parking spots are in a busy city. Video and data analytics are helping cities identify how many passengers are in a vehicle for High Occupancy Vehicle (HOV) lane compliance and cities are able to monitor and manage traffic and congestion.

The Internet of Things is also revolutionizing mass transit including buses, subways and trains. The technology can track traffic data, driver performance and gas usage to cut costs and improve traffic routes for better service. Sensors on subways, railroad cars and buses can help monitor systems like temperature and fault warnings for a safer, more comfortable ride and can provide real-time information to passengers to warn them of the estimated arrival time on their mobile device.

Buses can also get alerts from citizens to stop at a certain stop, at a certain time, and can cancel the stop when the traveler isn’t there. A truly connected and integrated transportation system made possible from the IoT is making transportation faster and safer for drivers and passengers.

The list below highlights some of the key areas of IoT that apply to the public sector:

IoT Key Components:  Big Data (and data mining), Sensors (RFID, chips, transistors, Analytics (predictive).

IoT Product and Service Applications:  Improving government services; better efficiencies and performance via BPO; smart solutions under budget constraints; scalability; management/integration; compliance; data integrity; consumer facing digital government and responding to public need.

IoT Areas of focus:  Facilities &  infrastructure management; industrial applications; energy (smart grid); medical & healthcare; transportation; building/construction (smart buildings); environment (waste management); water resources; retail and supply chain; communications; and education (learning analytics).

IoT Technology Trends:  Automation, robotics, enabling nanotechnologies, self-assembling materials, artificial intelligence (human/computer interface), 3D Printing Photovoltaics and printed electronics), wearables (flexible electronics)  real-time analytics and predictive analytics, super-computing (faster and more connectivity), increased storage and data memory power, wireless networks, secure cloud computing,  virtualization,

IoT Policy Issues: Ethics, interoperability protocols, cybersecurity, privacy/ surveillance, complex autonomous systems, best commercial practices.

IoT Benefits: Logistics and situational awareness by monitoring data (i.e. traffic jams, parking management, and distributed traffic control); energy use (utilities); productivity (manufacturing, logistics, telework); healthcare connected devices (wearables); patient monitoring (vital body signs with remote monitoring capabilities); emergency management (weather incidents, crow control); security (cameras, sensors, forensics).

The potential of the IoT for both the public and private sector is undeniable; however, companies and agencies need to develop plans and prepare their workers for its implications in order to harness the value of the technology. It is clear there is more education and research that needs to happen before companies and government agencies can fully develop a plan to implement the IoT for their specific processes.

As IoT continues to evolve, strategies for adoption and security will need to be operationally mandated. The DHS/NIST guidance is a good start.

-By Chuck Brooks, the Vice President for Government Relations & Marketing for Sutherland Global Services. Chuck also serves as Chairman of CompTIA’s New and Emerging Technology Committee, and he serves as subject matter expert to The Homeland Defense and Security Information Analysis Center (HDIAC), a Department of Defense (DoD) sponsored organization through the Defense Technical Information Center (DTIC).