GAO officials cited smart TVs as an example of a pressing concern. “DoD officials told us that existing DoD policies and guidance do not clearly address security risks relating to smart televisions, and particularly smart televisions in unsecure areas,” read the report. “Officials from military services and other DoD components described smart televisions as a risk to operations security due, in part, to the ability of commercial providers to access the devices remotely—potentially eavesdropping on conversations or sending recordings of these conversations to third parties.”
“As low cost devices are getting more bells and whistles and the relative cost is going down, it is hard not to find value in many modern gadgets,” comments MetroStar’s Director of Cybersecurity, Clay Calvert. “Having these devices within ‘listening’ range or even within line of sight of sensitive government information, however, is increasing the attack surfaces for those who wish to cripple government systems. Information is currently the main target of anti-U.S. government hackers, and it is imperative that we take efforts to reduce the number of vectors to our data, not increase them.”
To address the potential risks, the GAO report recommended that the DoD must conduct thorough security surveys and risk assessments to identify and address risks related to IoT devices.