The future of a connected government: Securing the “Internet of Things”
Over the past 12 months, governments at all levels continued the creation of a more citizen-centric model, with technology at the heart of their efforts. As federal government agencies close the book on this fiscal year and look ahead to the next, efficiency, connectivity, scalability and security will continue to dominate technology plans and budget discussions.
Some of the government’s recent contracts, such as DHS’s recent $6 billion Blanket Purchase Agreement (BPA) dedicated towards continuous monitoring, indicate the need for end-to-end security solutions. On this path lies one technology trend that agencies must assess and address to better secure their data.
Securing the “Internet of Things”
To date, the Internet of Things (IoT) movement has been primarily consumer-driven, in the form of remote home monitoring technologies, wearable computing, autonomous vehicles, and the like. As smart technologies continue to mature, the IoT has the potential to create new opportunities for government to leverage Big Data and gather insights from the massive volumes of information coming through these devices.
For example, the City of San Francisco recently installed sensors that send parking information to the local transportation department, which then summarizes and distributes the information to citizens, via a mobile application, to tell them which parking places are available -- all in real time. Using this data, the city is also able to adjust parking meter prices based on demand.
However, as agencies create, replicate, save, mine and analyze these massive amounts of data, they open new doors to unseen threats. And, with unstructured data from these endpoint devices growing at explosive rates, the result is significantly increased risk.
The data collected by the San Francisco parking program may seem innocuous, but it is precisely what cyber criminals are after. Hackers can use the thousands of smart sensors to make their way onto the greater network and steal valuable information, such as citizens’ social security numbers, credit card data, addresses and financial information.
These emerging threats are shaping the next generation of security solutions, and since IoT is still in its infancy, government agencies have an opportunity to take a proactive stance and fire on all cylinders to mitigate such security risks.
The importance of end-to-end security
An end-to-end security approach starts with securing the endpoints themselves. Smart devices connected to government-run networks must be armed with encryption and next-generation firewalls out-of-the-box.
The next step is looking at solutions to protect data in its full lifecycle, wherever it travels or comes to rest. Going back to San Francisco’s smart parking meters, every credit card payment triggered through the mobile app and communicated to the network is data that government needs to protect. As systems, end-users, devices and gadgets become increasingly interconnected and Internet-enabled, data classification and authentication become central to understanding and protecting information in transit.
IoT is more than just the latest marketing buzzword; it holds significant potential to create new frontiers for connectivity and communication between citizens and government.
As smart technologies continue to mature, the IoT has the potential to create new enhanced situational awareness, sensor-driven decision analytics, automation and control. By securing the full lifecycle of the IoT -- from the core data center to the most remote endpoint -- government can ensure that this trend is integrated into its broader initiatives to strategically leverage technology for the seamless and effective accomplishment of mission goals.
Paul Christman is vice president of public sector for Dell Software. He can be reached at:
|Event Details||Dates of Event|
|SANS Counter Hack 2013||Nov 7 - 14|
|SANS Pen Test Hackfest 2013||Nov 7 - 14|
|SANS Korea 2013||Nov 11 - 16|
|Military Exports & Compliance Asia||Nov 12 - 14|
|NCT: Counter IED Asia, 12 - 15 November 2013, Bangkok||Nov 12 - 15|
|School Safety Symposium||Nov 13 - 13|
|Southwest Microwave Perimeter Defense Seminar||Nov 13 - 13|
|OWASP AppSec USA 2013||Nov 18 - 21|
|GovSec West Conference & Expo 2013||Nov 19 - 20|
|Southwest Microwave Perimeter Defense Seminar||Nov 19 - 19|
|Oracle 7th Annual Federal Forum||Nov 20 - 20|
|World BORDERPOL Congress||Dec 3 - 4|
|Critical Infrastructure Protection and Resilience Europe||Feb 12 - 13|