As the internet of things gains ground in the federal market, the government will need vendors to make sure security is built in from the start.
As the internet of things (IoT) gains acceptance in the federal market, the government will need to work with technology providers to ensure that security is built into devices and that the IT infrastructure can handle the expected surge in demand.
A recent immixGroup panel, “IoT in Government – From Impact to Opportunity,” brought together federal executives and industry advisors to discuss how the government will adjust to the new technology. The federal market is estimated to grow to $3 billion by 2018, a 20 percent jump from 2016. The transition, however, will be more increasingly complicated as the number of devices connected to the Internet is expected to reach 20 billion by 2020.
How to approach IoT security
Michael Mestrovich, director of the U.S. Government’s Technical Services Office, noted that federal use of the internet is a double-edged sword.
“We love the benefits that IoT brings just in the ability to sense the environment we're in, capture that data and run analytics on that data that helps in the decision-making process,” Mestrovich said. “The flip side, however, is that it opens the door to our adversaries.”
“We have to do a better job of securing the platforms for the life of the platforms,” he said.
Stephen DiFranco, principal of the IoT Advisory Group, said that a solution to security vulnerability will come in three ways, given the surge in connected devices by 2020.
“It’s going to have to get solved at the device,” DiFranco said. “Twenty billion things are not going to get solved at the network.”
Second, he said, “it’s going to get solved at the metal.” Meaning the component circuitry of devices in general. “We have to work with manufacturers to put it in the metal,” DiFranco said.
Vendors who understand both device behavior and human behavior will play an important part in the security of the IoT environment, he said. “Devices are going to behave.”
A whole new network architecture
Panelist agreed that a fresh look will have to be taken at network architecture. The growth of connected devices would otherwise require “double the number of data centers,” said DiFranco. “We’re going to need a new architecture to make this work.”
Having so many devices on the internet and using the cloud all at once, “is going to completely destroy the infrastructure we've created,” he said. “We can't have 20 billion things messaging the internet all at the same time.” He expected that network infrastructure will require a new gateway layer to handle demand.
Dr. David Wollman, deputy director of the Smart Grid and Cyber-Physical Systems Program Office at NIST, also sees an intermediate step between legacy infrastructure and the more robust systems required by the IoT. “We’re going to need a fusion of the legacy and the IoT, and there’s going to be new investments by different players,” he said.
Who pays and how?
Government will have to find budget dollars, even with flat or declining budget requests. Marc Wine, program lead for the VA, said there has to be “some type of capital investment to move off (current) systems.” There has to be an influx of capital, he said, “to develop the thing that gets you off of the old thing that you were maintaining.”
Beyond finding ways to manage the expected growth in demand as the IoT gains ground, panelists were enthusiastic about new technologies that may find their way into government use. “In your home, the killer app has turned out to be Amazon Echo,” DiFranco said.
“Where voice gets really interesting in commercial is perpetual authentication,” he said. Security can be enhanced because users are validated by voice identification. The challenge, however, is that the development cycle for commercial application will slow down government implementation.