The internet of things presents enormous opportunities for the federal government, but there are a number of potential pitfalls agencies and industry must tackle together, Jill Singer, vice president, national security, at AT&T Global Public Sector Solutions, told WashingtonExec.
The estimated global IoT market will nearly triple to $1.7 trillion by 2021, with annual revenue growth doubling that of other connected devices like smartphones, tablets and laptops. Technology companies like A&T are playing a key role in this growth. For example, AT&T added 1.3 million new connected devices in the third quarter of this year and now sports more than 30 million connected devices on its network.
All of this growth isn’t lost on federal agencies, which are scrambling both to take advantage of IoT and figure out a way to regulate it that protects the public without stifling innovation. It’s a tricky balance, but one worth the effort, because connected devices are smart and can support agency decisions with near real-time data.
For example, Singer pointed out the U.S. military needs to efficiently move massive amounts of equipment and materials across global supply chains. AT&T is helping with that, and although its work in this area is classified, she described a similar effort to supply network-connected devices that help a large shipping company track the location and condition of its containers around the world.
“We pair our global SIM capabilities with network connectivity and a solution that lets the [shipping company]track a variety of important indicators such as exposure to temperature, light, heat, air, as well as location,” she said. “Our military customer is using a very similar solution.”
IoT also can involve connecting sensors and devices to intelligent networks, which offers myriad possibilities for innovative government solutions. AT&T’s blanket purchase agreement with the General Services Administration, for instance, provides vehicle tracking, monitoring, and diagnostics capabilities. These tools help GSA improve operator safety, efficiently managing fleet fuel usage, and cut costs and greenhouse gas emissions.
Public safety agencies and departments also stand to benefit from IoT. First responders are exploring the use of camera-equipped, network-connected drones to gain situational awareness during an emergency, and wearable devices soon will continuously monitor and feed data on responders’ vital signs to on-site commanders.
The bad news, of course, is that more connected devices mean more targets for hackers
“Cybersecurity threats are very much a reality for IoT and anything connected to a network, both wireline and wireless,” Singer said. “The threats seem to be increasing in number, velocity and severity. Regulators need a balanced, pro-growth and pro-technology policy to seize the opportunity IoT presents while protecting from cybersecurity threats.”
Developing a regulatory framework that balances security and innovation is easier said than done.
“We need government and industry working together on proper controls for IoT and the multiple industries involved,” Singer said. “We also need a consistent framework or methodology applied across silos, one that doesn’t single out any particular component of the ecosystem.”
She pointed to the National Institute of Standards and Technology’s cybersecurity framework, which sets baseline, voluntary principles for industry that aren’t technology or sector specific. This approach also allows entities to assess their own risks and develop ways to address them without fear of getting hammered by regulators.
Industry has a role to play by working with government agencies to come up with rules that work for everyone, which will be no easy task.
“To some extent, we’re maneuvering through uncharted water,” Singer said. “We have a legal and regulatory framework not specifically adapted for technology. A challenge in developing effective public policies for IoT—and many other new technologies—is ensuring that new policies or interpretations of existing policies are well-thought-out, fully informed, appropriately balanced, and not based on single events or imposed as knee-jerk reactions.”
Another potential pitfall is implementing IoT for its own sake just because it’s available. Many nontraditional devices are connectable or soon will be, including everything from industrial control systems to vending machines. But that doesn’t mean they should be.
“This explosion in connected devices can overwhelm security operations personnel as large volumes of new sensors must be tracked, monitored and audited,” Singer said. “If the government isn’t ready to manage the volume of reporting or doesn’t have the right cybersecurity analytic methods in place, it will miss threats and breaches in the noise. It is also likely to miss data being ex-filtrated by bad actors.”
One partial solution is to have devices that connect to each other, but not to the internet so they can’t be hacked (at least not remotely). AT&T and other companies are helping agencies to implement this kind of approach where it makes sense.
Despite the risks and challenges, IoT’s upsides for the government – both now and, especially, in the future – are too good to pass up.
“IoT, like the internet before it, offers benefits beyond what we can currently imagine at this time,” Singer said. “It can bring cost efficiencies, speed, data-driven insights and actions, automation and so much more to agency systems and processes. Properly regulated – with the appropriate pro-growth incentives and cooperation across government and industry – IoT will result in a highly-effective environment that benefits everyone.”