At the beginning of October, we introduced National Cyber Security Awareness Month (NCSAM), a collaborative effort between the Department of Homeland Security (DHS) and the National Cyber Security Alliance (NCSA) to raise awareness about the importance of cyber security and the shared responsibility citizens and businesses have to help secure the Internet. Each week during NCSAM revolves around a different theme representing a facet of cyber security. This week’s theme is Critical Infrastructure and The Internet of Things (IoT).
While the need to protect our national critical infrastructure – everything from our nuclear power plants, internet backbone, and dams and water supply is obvious, the very idea of the Internet of Things (IoT) may leave you scratching your head. The IOT represents an exciting new frontier in terms of utility and convenience for consumers through household and personal devices that transmit data to external organizations, but with these opportunities to connect, of course come risks.
With the IoT, the physical world is becoming one big information system but one in which personal information, operational data, and sensitive government intelligence exists in the cloud and is passed back and forth through thousands of devices that we don’t necessarily consider to be vulnerable to attack, but will have network capabilities that can be exploited. One weak link in the security chain could provide hackers with nearly limitless doorways to data that should be protected. Hackers can now craft attacks with unprecedented sophistication and correlate information not just from public networks, but also from different private sources, such as cars, smartphones, home automation systems and even refrigerators.
According to an infographic from Cisco, today, more things are connected to the Internet than people. It’s projected that 25billion devices are expected to be connected by 2015 and 50 billion are slated to connect by 2020. Similarly, International Data Corp. (IDC) predicts the worldwide market for related solutions to grow from $1.9 trillion in 2013, reaching $7.1 trillion by 2020. In this quickly evolving world, all the things that connect to the Internet are exponentially expanding the attack surface for hackers and enemies. There is undeniable evidence that our dependence on interconnected technology is defeating our ability to secure it.
In the government world, the IoT represents the same threats and challenges as it does in the private sector, but awareness of the IoT and the security challenges it presents is lower than in the public sector. A recent GovLoop survey of 800 government and industry employees, found that 50 percent said they had not heard of the IoT and 15 percent had heard of it but weren’t sure what it meant. Only nine percent of those surveyed said their agency is actively exploring the IoT, and more than half said they were unsure.
Clearly, the public sector has a ways to go in terms of identifying implications of the IoT and the unique cybersecurity challenges it will present government agencies and the citizens they protect. The government is working to get in front of the challenges presented by the deluge of data generated by the IoT, as evidenced by Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” and the resulting Framework for Improving Critical Infrastructure Cybersecurity, a set of voluntary industry standards and best practices to help agencies manage cyber security risks. The Framework was created through collaboration between the public and private sectors and endeavors to use common language to address and manage cyber security risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses.
Technology vendors are creating solutions to help agencies meet the challenges created by the new vulnerabilities created by the IoT and threats against our nation’s critical infrastructure. Software AG recently released a new product intended to manage data created by the IoT, called the “Internet of Things Solutions Accelerator.” The product displays real-time analytics involving information generated by the devices making up the IoT, enabling agencies to monitor and analyze the tsunami of data and events that will be the inevitable result of the IoT. Another Software AG product, Apama Streaming Analytics, also enables agencies to monitor what is happening from different, disparate data sources and analyze massive amounts of fast-moving big data generated by the IoT to help prescribe the best action at the right time. The Apama Streaming Analytics platform is natively integrated with Software AG Universal Messaging, a product that streams data across enterprise, web and mobile devices and is the core, low-latency messaging capability within Software AG’s webMethods Integration platform.
To see additional articles, resources and updates on #NCSAM, follow the hashtag on Twitter, and keep reading ModernGov throughout October and beyond.