A report published by the Government Accountability Office (GAO) reveals that much improvement is required to strengthen security measures for IoT (Internet of Things) devices within the Department of Defense (DoD).
The report, titled Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD, outlines the existence of DoD policies for IoT devices, but also highlights gaps that pose significant security threats to the operations of DoD.
“According to the Director of National Intelligence, IoT devices are designed and fielded with minimal security requirements and testing, and an ever-increasing complexity of networks could lead to widespread vulnerabilities in civilian infrastructures and U.S. government systems,” GAO officials noted in the report.
IoT devices—smart devices such as smartphones and wearables that are capable of interacting with the physical world through sensors—require greater connectivity, meaning they have a more open line to communicate with other devices. This results in an increased opportunity for cyber threats to intercept, which is detrimental to the exchange of classified information on national defense.
GAO officials cited smart TVs as an example of a pressing concern. “DoD officials told us that existing DoD policies and guidance do not clearly address security risks relating to smart televisions, and particularly smart televisions in unsecure areas,” read the report. “Officials from military services and other DoD components described smart televisions as a risk to operations security due, in part, to the ability of commercial providers to access the devices remotely—potentially eavesdropping on conversations or sending recordings of these conversations to third parties.”
“As low cost devices are getting more bells and whistles and the relative cost is going down, it is hard not to find value in many modern gadgets,” comments MetroStar’s Director of Cybersecurity, Clay Calvert. “Having these devices within ‘listening’ range or even within line of sight of sensitive government information, however, is increasing the attack surfaces for those who wish to cripple government systems. Information is currently the main target of anti-U.S. government hackers, and it is imperative that we take efforts to reduce the number of vectors to our data, not increase them.”
To address the potential risks, the GAO report recommended that the DoD must conduct thorough security surveys and risk assessments to identify and address risks related to IoT devices.
