The Evolving Digital Monster

The internet is a dangerous place. It is a place where criminals steal identities, data, money, and even people. IoT technologies are creating unprecedented effects that will make things even worse as we see more convenience. The implementation of automated technologies is expected to boost the economy and improve life for citizens, particularly when combined with other related technology concepts, such as cloud computing, autonomy, and big data. However, the built-in vulnerabilities will challenge us to do better planning.   

There are also factors that could prevent IoT from reaching its maximum potential benefits, including failure to manage the risk associated with rapid innovation and increased connectivity, the lack of an institutional support structure for the IoT, and the inability of governance and policy processes to keep pace with the rate of development and deployment of emerging IoT technology.

Cyber-security is Everyone’s Responsibility

This risk, coupled with the asymmetric nature of the cyber-security threat, requires an immediate and coordinated response from the public and private sector in order to ensure that the benefits of IoT are realized and the dangers are minimized.

The compromise or malfunction of IoT devices could have national security and emergency preparedness (NS/EP) implications as well.  For this reason, we need to conduct an assessment to document IoT capabilities that currently support and/or planned for support of NS/EP functions. Assessments must consider interconnections and interdependencies that may be introduced and the associated risks and benefits. Next, we need to develop contingency plans to identify and manage security issues created by current and future IoT deployments within the Government. The plans should recognize that IoT devices and their potential uses will continually evolve.

Point of View

Very important to our understanding of IoT is having a balanced perspective between security, economic benefits, and potential risks.  We need to establish metrics to measure and monitor the effectiveness of the technology we are using to enhance or ability or bring us value.  We must also incorporate IoT technology in a manner that minimizes risk. The secret to security is in the architecture and the monitoring of our original assumptions.  This is supplemented by incorporating IoT in security education and awareness programs. We need as many eyes on the use or misuse of technology as possible. Lastly, we must ensure IoT-related R&D projects are addressing evolving cyber-security challenges.

Several statistics validate the Government’s concerns that IoT is evolving with little oversight.  For instance, the statistics tell a story. The number of Internet-connected devices first outnumbered the human population in 2008, and that number continues to grow faster than the human population. By 2013, there were as many as 13 billion Internet-connected devices, and projections indicate that this will grow to 50 billion or more by 2020, generating global revenues of greater than $8 trillion by 2020.  Many of these systems are visible to any user, including malicious actors, as search engines are already crawling the Internet indexing and identifying connected devices.

As some of those devices like medical devices, including implantable ones, differ because an increasing number of them have built-in connectivity, we must stay vigilant.  Proprietary critical devices are a recipe for disaster. It is possible that a compromised or malfunctioning IoT healthcare device could lead to patient deaths.

The Digital World as Connected Systems

The Internet Technologies (IT) and Operational Technologies (OT) are largely viewed as separate disciplines in the research and development community and in academia.  However, critical infrastructure environments like transportation and electrical power generators will tell you different. To minimize potential risks, these gaps must be addressed.  It cannot longer just be about selling a widget that performs a function. Buyers must demand a higher level of security from vendors. If they don’t, the idea of security living up to the requirements of this monster we are casually building will never evolve.