Why the internet of things isn't as vulnerable as it looks

While security mavens cast the internet of things as leaky and vulnerable, the tech is also a vital ally, according to the head of the DHS Science & Technology Directorate.

Shutterstock image: illuminated connections between devices.
 

The internet of things isn't an enemy of critical infrastructure, according to the new head of the Department of Homeland Security Science & Technology Directorate.

Use of connected devices has exploded across critical infrastructure industries, resident in everything from industrial controls to financial systems, where the devices generate loads of data. That data, said Robert Griffin, lures attackers but also serves to boost security for infrastructure protectors.

"For homeland security operators, IoT is now a component of critical infrastructure, where security is viewed as a common good for protecting each of our different 16 critical infrastructure sectors," said Griffin in a March 20 blog post, one of his first as acting undersecretary at S&T. He assumed that position in January, after Reginald Brothers moved to the private sector.

Griffin said connected sensors provide data analytics that can be shared among security operators, helping improve performance, reduce costs and enhance security measures. Griffin used road safety and interconnected cars as an example. Interconnected cars, he said, are equipped to signal each other and control centers about road conditions and hazards, delivering real-time warnings to other drivers.

"Knowing IoT is increasingly becoming a digital representation of a community's heartbeat, our challenge today is to apply this technology to the homeland security landscape -- to embrace how technology is already changing the way we communicate, conduct commerce, and move people and products," he said.

Last May as deputy undersecretary at S&T, at the 2016 IoT World convention, Griffin said electronic device interconnectivity, while providing major benefits, also poses potential threats to infrastructure, security and personal privacy. He said securing that new environment calls for new thinking on how government partners with tech innovators.

"However, for every piece of technology that is connected to our critical infrastructure, whether to facilitate more reliable transit or collect data to increase efficiencies, the threat to our security is real," he said in his blog post.

In an emerging world where more than a billion devices will be inserted into robots, buildings and medical devices, along with thousands of different algorithms used to collect data, changing the way key security decisions are made, a better understanding of cloud computing is needed, he said.

Griffin vowed to continue to reach out to industry about connected devices and collaborate with experts with programs through its Cyber Security Division and Silicon Valley Innovation Program.