As devices and technologies are becoming more interconnected and can gather more data, federal agencies are looking to harness the power of "internet of things" to gather data and increase communications for enhancing their mission work.
For biomedical research, IOT capabilities have been helpful for forming ecosystems and enhancing instruments to generate large amounts of data around biological profiles, chemical properties and data analysis. These features better enable researchers to improve drug and treatment discovery, noted Timothy Mierzwa, enterprise strategy lead at the National Center for Advancing Translational Sciences' (NCATS) IT Resources Branch.
Not only are agencies using IOT to improve data collection, but also they're leveraging connected devices to disseminate that respective data and other critical information. This is the case for the Federal Emergency Management Agency (FEMA), said the agency’s Cloud Portfolio Manager James Rodd. In particular, FEMA has and will continue to use IOT to disseminate information in response to disasters.
While there are different use cases for IOT adoption, there are also different challenges and considerations to take into account before folding them into mission activities. For one, agencies must have the proper infrastructure to enable the data ingestion and analysis to best leverage IOT.
“At NCATS, we have a combination of not only the smart devices and instruments, but also the cloud infrastructure to handle that big data analysis that comes off those instruments and devices,” Mierzwa said.
FEMA is focused on maintaining the telecommunications infrastructure required to disseminate information reliably. To do this, Rodd said that the agency has relied on its First Responder Network Authority, or FirstNet, to create a reliable mobile communications network.
Cloud and telecommunications infrastructure are key for successful IOT deployment as well as cybersecurity. Increased connectivity and device uses also means the attack surface expands, making extra security steps a must for agencies adopting IOT capabilities. This is certainly the case for the Defense Department, said Chief of Implementation and Policy Stacy Bostjanick.
“One of the things that we’re working on hard in DOD is providing those standards that should be met to at least meet the minimum security level, to protect ourselves from our adversaries because as everybody hopefully is aware with CISA’s 'Shields Up' information that’s gone out,” Bostjanick said. “One of the things that we have to make sure of as we use these new and innovative ideas is that we can also protect them and ensure that we keep our advantage.”
Rodd added that security is also paramount to FEMA, especially during emergency response. He said that maintaining baseline updates is one of the most critical steps to ensuring that connected devices remain secure.
“[Make] sure that your mobile devices are updated to the latest firmware, that you’re aware of any security weaknesses that were discovered either by white hackers or the individual companies — or even black hat [hackers] — and they’ve now done something to address the issue,” Rodd said. “Basic systemic and network maintenance is a critical tool beyond the fancy software and firewalls and VPNs all the other kinds we utilize as well.”
Applying zero trust principles to IOT security practices is another way that Mierzwa has looked to secure connected devices. He looked to segment IOT ecosystems within NCATS’s network so any respective devices don’t have access to data that they shouldn’t have.
After establishing the architecture and security, policy and governance for IOT need to be addressed.
“You have to understand the capabilities and the vulnerabilities of everything put together and then put the right parameters in place for their usage because there’s always those unintended consequences that you get yourself into when you start doing these things — especially when we roll them out quickly in an emergency situation,” Bostjanick said. “Then we find out later the problems that are there and have to go back, but those governance and policies in so that you don’t trip up again.”