As we forge ahead into this new and ever-changing digital landscape, one thing is clear — both government and consumers alike have yet to realize, let alone tackle, the growing threat our beloved IoT devices represent. While most of us don’t worry ourselves with the thought of our SmartTV or tablet getting hacked, we probably should. When you think about the sheer number of IoT devices being connected daily within federal agencies, the risk potential is simply huge.
We’re not talking about protecting your banking information or social security number here. And while those things are private, personal, and absolutely need to be protected for your own welfare, there is a much greater threat looming regarding devices that hold information pertinent to our national security.
It’s estimated that in just over a year, there will be close to 30 billion IoT devices connected globally. What’s exciting, though, is the potential when we look down the road. Smartphones aside, think ahead to the bigger picture and future possibilities with IoT devices — imagine the efficiencies and opportunities with things like smart buildings and government fleet management.
But, how do we get from here to there?
Right now, we’re stuck in the past trying to play catch up and protect what we’ve got, let alone think about the future possibilities. Deploying IoT at scale and integrating with legacy equipment is not something that comes easily for the risk-averse government.
Down the road, we hope to see standards, testing, and transparency that is universally adopted and normalized. In an immature and consumer-beware market, how can we get to a point where these devices are made with standardized encryption and auditable supply chains? We are working our way in that direction with the good work of the National Institute of Standards and Technology (NIST), but the reality is that standards development takes time — time that some agencies simply don’t have.
While some say the path forward of securing IoT to facilitate government adoption lies in standardization, we think that a multifaceted approach is needed. We certainly agree that there should be sets of standards created and followed by manufacturers of these devices, that isn’t going to solve the immediate problem of securing the existing devices.
The other half of the solution lies with the emerging tech in the private sector. For example, take Dcode alumni CryptoMove. They recently participated in our 2018 Information Security Cohort, and are attacking data protection like no one else.
They are a cloud-based, moving-target, data-defense software platform that splits data into fragments. Then, they encrypt and re-encrypt those fragments, applying proprietary random movement algorithms which spread the data across a diverse landscape of devices, clouds, and storage layers. This approach to data protection reverses the advantage that attackers have over traditional data and addresses a host of current and emerging threats to encrypted data that are frequently misunderstood.
When the technology already exists in the private sector to protect government IoT devices, it’s clear what the best solution is. What’s everyone waiting for?