By Paul Parker, SolarWinds Federal & National Government Chief Technologist
Wary that the Internet of Things (IoT) could be used to introduce unwanted and unchecked security risks into government networks, senators last year created the IoT Cybersecurity Improvement Act of 2017, legislation that placed minimum security standards around IoT devices sold to and purchased by government agencies.
IoT and Edge: Hype vs. Reality
It’s good that provocative and important questions are being asked now, before edge computing and IoT truly take hold within the federal government. As it is, we are still at the start of their respective hype cycles, with true adoption hampered by security concerns.
Agencies are still grappling with BYOD security, let alone IoT or edge computing. The recent controversy surrounding fitness app Strava, which inadvertently revealed the location of classified military bases, made it abundantly clear that there is still much work to be done. Agencies are still trying to get past these fundamental hurdles before fully embracing IoT.
Agencies are still very much in the exploratory phase with edge computing. As such, it is unlikely we will see widespread adoption of these types of solutions over the next year.
Fortifying Current and Future Networks
Still, agencies are laying the infrastructure for these technologies and need to implement strategies to help ensure that their networks and data are protected. As such, there are several things IT professionals can do now to better fortify current and future operations.
- Have a clear view of everything happening on your networks. If the IT team does not have the ability to accurately track and manage IP addresses and conflicts, domain names, user devices, and more, they will not be able to know if or when a bad actor is exploiting their networks. You must be able to tie events on the network directly back to specific users or events. This strategy also helps in evaluating the new devices on the network to confirm they are operating properly and securely.
- Use trusted vendors. The IoT Cybersecurity Act of 2017 requires that vendors notify their customers of “known security vulnerabilities or defects subsequently disclosed to the vendor by a security researcher” or when a vendor becomes aware of a potential issue during the lifecycle of their contract.
- Find the positive in potential intrusions. Intrusions can help IT pros evaluate and refine remediation strategies, and automated network security solutions can learn from the breach to offer protection for the future.
There’s every indication that IoT and edge computing will prove to be more evolutionary than revolutionary in 2018. Most agencies will likely continue to be cautious with these technologies, as the first consideration must be how IoT and edge computing devices will be managed and secured.
But the more agencies learn about these technologies, the more they will ultimately be adopted. Agencies must begin preparing for that day. The best way to do that is to implement strategies that can help them solidify network security today while laying the groundwork for tomorrow.
Find the full article on SIGNAL.
The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.