Internet of Things security: Five 'Things' to consider
For decades, military technology has been used to gather and share information. The Germans did it in the 1920s with Enigma machines designed to encode communications. The Soviets used specialized communications vehicles in the 1930s to send and receive signals. And Americans have long used radio frequency identification (RFID) technology to track and manage troop movements.
All of these, in some form, represent the Internet of Things (IoT), but they’re only the tip of the iceberg. We’re seeing an explosion of devices -- from smartphones and tablets to connected planes and Humvees -- being introduced in theater and in boardrooms. So many, in fact, that IT administrators are left wondering how to manage the deluge, particularly when it comes to ensuring that their networks and data remain secure.
The challenge is significantly more formidable than the one posed by bring-your-own-device issues, which now appears quaint in comparison. Back in the good old days (circa 2011 or so), administrators only had to worry about a few mobile operating systems. While fortifying their agency networks against mobile operating systems was a daunting task, it pales in comparison to the potentially thousands of IoT-related operating systems. These operating systems are just part of an increasingly complex ecosystem that also includes devices, cloud providers, data and more.
How does one manage such a monumental task? Here are five recommendations that should help.
1. Turn to automation
Getting a grasp on the IoT and its impact on defense networks is not a job that can be done manually, which makes automation so important. There’s no way that an administrator will be able to proactively track every bit of activity that’s impacting the network – but software can do this quite effectively. The goal is to create self-healing networks that can automatically and immediately remediate themselves if a problem arises. A self-healing, automated network can detect threats, keep data from being compromised, and reduce response time and downtime.
2. Get a handle on information and events
DOD administrators should complement their automation solutions with security information and event management processes. Think of these as IoT alarm systems that are on notice 24 hours a day. They are monitoring solutions designed to alert administrators to suspicious activity and security and operational events that may compromise the networks. Administrators can refer to these tools to monitor real-time data and provide insight into forensic data that can be critical to identifying the cause of network issues.
3. Monitor devices and access points
Device monitoring is also extremely important. Network administrators will want to make sure that the only devices that are hitting their networks are those deemed secure. Administrators will want to be able to track and monitor all connected devices by MAC and IP address, as well as access points. They should set up user and device watch lists to help them detect rogue users and devices in order to maintain control over who, and what, is using their networks.
4. Get everyone on board
IoT security should not just be the purview of network administrators. Everyone in the agency must commit to complying with privacy policies and security regulations. All devices must be in compliance with high-grade security standards, particularly personal devices that are used outside of the agency. The bottom line is that it’s everyone’s responsibility to ensure that DOD information stays within its network.
5. Buckle up
Understand that while IoT is getting a lot of hype, we’re only at the beginning of that cycle. Analyst firm Gartner once predicted that there would be 13 billion connected devices by 2020, but some are beginning to wonder if that’s actually a conservative effort. Certainly the military will continue to do its part to drive adoption of IoT and push that number ever higher.
In other words, when it comes to connected devices, this is only the beginning of the long road ahead. DOD administrators must prepare today for whatever tomorrow might bring.
Joe Kim is executive vice president engineering and global CTO at SolarWinds.