The federal government and companies that operate critical infrastructure, such as power grids and the telecommunications system, need to move quickly to address the potential risks posed by the coming explosion of Internet-connected devices -- known as the Internet of Things.
That’s the message of a new report from a group of 30 industry executives who advise President Barack Obama on telecommunications and national security.
“There is a small -- and rapidly closing -- window to ensure that IoT is adopted in a way that maximizes security and minimizes risk,” a draft report from the National Security Telecommunications Advisory Committee stated. “If the country fails to do so, it will be coping with the consequences for generations.”
The committee is expected to vote today to formally adopt the report and send it to the White House.
The burgeoning global web of objects and sensors that connect to the Internet and can communicate with one another -- also known as the “Industrial Internet” or the “Internet of Everything” -- certainly has many benefits, according to the draft report.
But “the rapid and massive connection of these devices also brings with it risks, including new attack vectors, new vulnerabilities and perhaps most concerning of all, a vastly increased ability to use remote access to cause physical destruction,” the report stated.
Earlier this year, the White House National Security Council tasked the advisory committee with examining the cybersecurity implications of the Internet of Things, “within the context of national security and emergency preparedness.”
The committee’s key takeaways: The Internet of Things will only grow over the next several years, while the opportunities to minimize risk will shrink.
“There are only three years -- and certainly no more than five -- to influence how IoT is adopted,” the report stated.
The number of Internet-connected devices have outnumbered the total human population since 2008. By last year, there were as 13 billion devices plugged in to the Internet of Things. By 2020, according to various estimates, that number could number anywhere from 26 billion to 50 billion devices.
Water, power, health care and transportation systems, in particular, have grown more dependent on IoT devices in recent years, according to the report.
“Connected machinery can run more efficiently and is more reliable because it can self-report potential failure indicators before they occur,” the report stated. For example, connected health devices can reduce the risk of human error, while more advanced, sensor-driven logistics systems can improve the government’s disaster-response efforts.
The report calls for an “an immediate and coordinated response” from the Obama administration and the private sector to minimize the security risks posed by the Internet of Things.
The committee calls on Obama to direct the National Institute of Standards and Technology to develop a common definition of the Internet of Things for use across government.
The committee recommended the creation of an IoT interagency task force made up of the Commerce, Defense and Homeland Security departments. The task force should “identify the gaps between security practices and emerging technologies to address the unique risks posed by IoT,” according to the report.
Concerns about the potential risks of the proliferation of IoT devices are not necessarily new.
In 2008, the U.S. National Intelligence Council reported “individuals, businesses and governments were unprepared for a possible future when network interfaces reside in everyday things,” and predicted IoT would be a “disruptive technology” by 2025.
The committee now says that estimate may be a low-ball.
“Almost six years later, this warning remains valid, though it now seems certain that the IoT will be disruptive far sooner than 2025 — if it is not so already,” their report stated.