By Mark Chadason
I attended the 2015 Aspen Security Forum last month. The Aspen Institute has gathered a great group of minds representing Government, Intel, Security, journalists and the private sector. As it should be, everyone is preoccupied with current threats such as DASH, Iran, Russian ambitions and cyber security.
Several speakers including Admiral Rogers (Director NSA and CyberCom) commented on cyber security breaches at OPM and companies like Sony. Admiral Rogers admitted that the US is 10 to 15 years behind being able to fully counter the threats we face in today’s cyber ecosystem.
If we are behind today, we will face even more serious challenges in the next 3-5 years as the Internet of Things (IoT) becomes mainstream. Gartner estimates that 25 billion connected devices will join our cyber ecosystem by 2020. These devices will open new attack vectors to government and corporate offices, industrial control systems, and private homes. The advent of IPv6 and the proliferation of these connected sensors will hit Intel agencies with a Tsunami of data, further magnifying the threats mentioned by Admiral Rogers.
A few other panel speakers at the forum anticipate the impact of IoT. Chris Young from Intel shared insights about what Intel is doing in this area and Zoe Baird (CEO/President of the Markle Foundation) highlighted the need for public private partnership on IoT and Internet management. Unfortunately, the majorities of the Government officials at the Aspen Forum are consumed with their current security threats and are unlikely to be able to address or even understand the impact of the IoT anytime soon.
As this year’s Aspen Security Forum concludes, there are still many questions to consider. How will the IC prepare for the coming wave of threat vectors and opportunities introduced by the Internet of Things? Considering the massive data collected through billions of new devices, what legal and ethical gray areas need to be explored by law enforcement such as changes to FISA? What security and privacy standards should we expect from IoT manufacturers? What is the role of government in regulating what type of devices can be connected and what security standards should be imposed?
Philip Howard, a prolific writer on IoT observes that now is the time for Government and Intel agencies to look at the feasibility of public policy guidance on IoT openness, interoperability and governance. I would disagree with Mr. Howard regarding his optimism in governmental oversight, and believe that its actually the time for the IoT industry to start self regulating, establishing standards for privacy, transparency and disclosures, before the government regardless of how well meaning, makes a mess of it.
About the Author:
Mark Chadason (@) is the Senior Vice President of the National Security Group for MacAulay-Brown, Inc. (MacB). He is also Vice Chairman of the WashingtonExec Internet of Things Council and Founding Chairman of the WashingtonExec Intelligence Council. Prior to joining MacB, Chadason was Senior Vice President of the Space, Security, Cyber and Intelligence (SSCI) Business Unit at ManTech International. Prior to joining the private sector, Chadason spent 31 highly distinguished years at the CIA and with the United States Marine Corps, achieving the rank of Senior Intelligence Service officer (SIS-4).
This piece was originally posted as an op-ed on LinkedIn.