recommended reading

What the White House Cybersecurity Plan Says About the Internet of Things

a-image/Shutterstock.com

The White House’s new national action plan on cybersecurity, released earlier this month includes a nod to the so-called smart home -- and the vulnerabilities that could accompany an increasingly connected network of sensors, devices and appliances.

It’s among the first times the White House has acknowledged the risks the Internet of Things could pose to consumers and a formal signal the administration is broadening its view of potential attack targets to include everyday devices, according to Gartner analyst Mark Hung.

For the past year, Congress has been convening hearings and discussions related to the Internet of Things, covering various topics including the potential economic benefit to American businesses, privacy concerns for consumers, and encryption of personal data.

In the plan, the White House notes the Department of Homeland Security is working with Underwriters Laboratories, a security certification company, to create a Cybersecurity Assurance program that could evaluate connected devices for safety vulnerabilities before consumers buy them. These “things” might include “refrigerators or medical infusion pumps,” the plan said.

It doesn’t necessarily mean the White House and DHS plan to devote disproportionate resources to protecting consumers’ kitchenware, Hung said.

“Attackers, they value their time, too," Hung said. "They’re going to pick the most valuable asset to attack. In most cases it’s not going to be people’s washers or refrigerators. Hackers may not be interested in hacking your refrigerator, but they may be interested in attacking the president’s refrigerator or a Fortune 500 CEO’s.”

Still, “despite the mention of the refrigerator thing, I think the vast majority of DHS’ concern is with the commercial and industrial [applications],” Hung said. “Whether it’s energy generation, whether it’s manufacturing, whether it’s overall infrastructure."

As attack points proliferate, “obviously, the government feels that there is a role that it needs to play in helping secure” that rapidly growing network, he said.

In January, DHS issued a call to startups in the private sector who have technology that can detect devices and sensors in the Internet of Things and also verify or authenticate them. The Internet of Things "allows every node, device, data source, communication link, controller and data repository ... to serve as a security threat and be exposed to security threats,” that notice said.

Correction: An earlier version of this article misidentified Mark Hung's employer. He is an analyst with Gartner. 

(Image via /Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.