Government Technology Insider
  • About
  • State & Local
  • Civilian
  • Defense & IC
SUBSCRIBE
No Result
View All Result
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
Government Technology Insider
  • Acquisition
  • AI & Data
  • Cybersecurity
  • CX
  • Digital Transformation
  • Hybrid Work
    • Work Smarter
  • Public Safety
  • Resources
    • Innovation and Technology to Advance Government
    • World of Work
    • Your Digital Transformation Path Starts Here
    • The Frontlines of Customer Experience
    • Innovative Solutions for Connecting Agencies
    • Be Ready For What’s Next
No Result
View All Result
Government Technology Insider
No Result
View All Result
Home Resources Security

As IoT Devices Put Government Agencies at Risk, Securing Endpoints Has Never Been More Important

by Jackie Davis
March 11, 2021
in Security, Telecom Security, Transformative Tech
Reading Time: 4 mins read
A A
IoT Devices
Share on FacebookShare on Twitter

Endpoint security continues to be top of mind for organizations as employees continue to work from home and as government agencies adopt Internet of Things (IoT) technologies. For IoT technologies – from a connected refrigerator in an employee’s home, to a security camera scanning the perimeter of an agency facility, to a connected vehicle – endpoint security is vital. To explore this topic and learn how the government can better secure endpoints with IoT devices in mind, we spoke to Joe Hamblin, DoD Chief Technology Officer, Verizon.

Hamblin shared that many federal agencies have begun implementing Continuous Diagnostics and Mitigation (CDM) with a focus on endpoint security, but they need to go beyond compliance to connect or mirror CDM. Hamblin explained that IoT devices aren’t covered in these processes and leave a gaping vulnerability. “What needs to happen on the government side are rules and regulations on how to connect to IoT devices,” he shared. “Because IoT devices were not built with security in mind, any of them can become part of the attack surface if it is not properly secured,” he added.

The IoT problem for government is two-fold, Hamblin explained. “There are new IoT devices coming to market and being adopted all the time and, yet, there are no industry baseline security requirements for such devices.” The challenge with consumer-grade IoT devices is that they need to be easy to install for consumers. For example, video monitoring devices, smart thermostats, 3D printers, smart refrigerators could all make their way into an agency network – either from within the office or via a remote work connection. But because they’re familiar devices, there’s not much consideration given to their broader capabilities, or security credentials. 

Hamblin suggests that certification is the best way to mitigate the most common security issues for IoT devices. “Just like all home electrical devices have UL certification for the safety of homeowners, a similar cyber security certification should be in place for IoT devices,” he added. “This will require the manufacturer of the device to ensure the security of IoT devices as opposed to putting the burden on the end user because most people don’t have the specialized skills that are needed.”

Another area of concern is that, because many of these IoT devices connect to a cloud-based system, it’s typical that the data can be accessed over the Internet. “Oftentimes there are issues with how robust authentication measures are,” shared Hamblin. “A simple username and password is no longer sufficient. While some manufacturers of IoT devices are moving to Two-Factor Authentication (2FA) most are not, and users often avoid enabling 2FA because it adds complexity to using the device. As long as users don’t understand the risks, they’re creating a virtual playground for hackers to gain access and control of devices.”

To remedy this, government agencies need to focus on cloud systems with network and mission control. “When a device enters the network there needs to be an interrogation to find out what it is and how it got there,” shared Hamblin. “As a security engineer, you want to know all the devices on your networks. Devices need to be meeting your rules or be sent to your quarantine networks.”

Although implementing a new security protocol may take time, Hamblin says agencies can still be proactive while they ramp up. “Agencies need to make sure they purchase the right devices that support secure connections – this means looking for devices with extra security measures and thinking about all the ways a bad actor can get in. HVAC systems, camera systems, and, yes, the printer are just some of the connected attack vectors agencies must manage today so you want to make sure you have a secure connection that is certificate based,” he explained.

“As IoT evolves, threat capabilities will evolve too. How can governments make sure these devices are sharing data without opening up threat vectors?” he concluded.

Find out here.

Tags: CDMcontinuous diagnostics and mitigationendpoint securityIOTIoT SecurityVerizon

RELATED POSTS

A representation of digital inclusion - a sky with a cityscape behind and a bunch of technological devices and figures represented in circles and connected in the sky
Digital Transformation

Digital Inclusion Initiatives Target Digital Divide

January 27, 2023
Network Slicing
5G & Mobility

Network Slicing Enables Agencies to Create Private, Secure, and Customized Networks: A Podcast

January 11, 2023
Innovative Networks
Civilian

Transforming Healthcare Agencies with Innovative Networks and NaaS: Part 6 of the Connected Healthcare Journey

January 3, 2023

TRENDING NOW

  • Advana

    Meet Advana: How the Department of Defense Solved its Data Interoperability Challenges

    8340 shares
    Share 3336 Tweet 2085
  • For CBP and DHS, AI Reveals Meaningful Connections from Disparate Data

    17 shares
    Share 7 Tweet 4
  • The Five Pillars of Zero Trust Architecture

    340 shares
    Share 136 Tweet 85
  • Identifying the Building Blocks for a Successful Zero Trust Journey

    22 shares
    Share 9 Tweet 6

CONNECT WITH US

Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad MaaS Nebula Software Factory Banner Ad
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad
Advertisment Banner Ad Advertisment Banner Ad Advertisment Banner Ad
Advertisement Banner Advertisement Banner Advertisement Banner
Advertisement Banner Ad Advertisement Banner Ad Advertisement Banner Ad

BECOME AN INSIDER

Get Government Technology Insider news and updates in your inbox.

Strategic Communications Group is a digital media company that helps business-to-business marketers drive customer demand through content marketing, content syndication, and lead identification.

Related Communities

Financial Technology Today
Future Healthcare Today
Modern Marketing Today
Retail Technology Insider
Today’s Modern Educator

Quick Links

  • Home
  • About
  • Contact Us

Become a Sponsor

Strategic Communications Group offers analytics, content marketing, and lead identification services. Interested?
Contact us!

© 2023 Strategic Communications Group, Inc.
Privacy Policy      |      Terms of Service

No Result
View All Result
  • Home
  • About Government Technology Insider
  • State & Local
  • Civilian
  • Defense & IC
  • Categories
    • Acquisition
    • AI & Data
    • Customer Experience
    • Cybersecurity
    • Digital Transformation
    • Hybrid Work
    • Public Safety
  • Contact Us