Can the Pentagon connect with the Internet of Things?

If the Defense Department is to take full advantage of the Internet of Things, experts say an as yet elusive common language for the countless and far-flung devices on defense networks must emerge.

The Internet of Things -- a catchall term for the increasing connectivity of a vast array of devices, from cars to thermostats -- is a phenomenon that government officials and business executives are trying to tap for strategic advantage and profit. According to Juniper Research, the number of such devices will more than double from 13.4 billion in 2015 to 38.5 billion in 2020.

The automation inherent in such connected devices is integral to DOD's "third offset strategy," an expansive undertaking by defense officials to shore up what they see as their dwindling technological edge over adversaries.

"When you are operating against a cyberattack or an electronic warfare attack...or missiles that are coming screaming in at you at Mach 6, you're going to have to have a learning machine that helps you solve that problem right away," Deputy Defense Secretary Robert Work said Nov. 7 while explaining the strategy.

But taking advantage of machine learning will require an organizational shift in the military, said retired Gen. James Cartwright, former vice chairman of the Joint Chiefs of Staff.

The next necessary stage for the Pentagon in command-and-control networking will be moving from thinking about "how many men it takes to run a machine to how many machines a man can control," Cartwright said Nov. 10 at the Center for Strategic and International Studies in Washington.

There’s an understanding at the Pentagon that "it's time to move the department to [a] mature stage of partnering with these machines," Cartwright said. The only way to do that is through "a common language that allows us to partner with all of these self-aware, self-learning entities out there."

What a common protocol for military-owned devices would look like and whether it should be organized along domain or mission lines have yet to be determined, Cartwright said.

A recent CSIS report advises U.S. officials to develop standards and protocols that would allow swifter integration of new technologies at DOD.

"One of the key weaknesses of legacy DOD systems is their lack of interoperability," the report states. "This significantly limits the ability to integrate new platforms into DOD’s digital ecosystem and to leverage existing systems in innovative ways."

In a panel discussion following Cartwright's remarks, Curtis Dukes, director of the National Security Agency’s Information Assurance Directorate, made a related point about the lack of standards governing the Internet of Things.

There is a dearth of standards dealing with how information from deployed devices is collected, shared and acted on, Dukes said, adding that NSA is evaluating potential solutions. If a standard "shows promise, then we would work with [the National Institute of Standards and Technology] to actually push that as a...national standard but then also get it into an international standards organization."

Connected devices pose a significant challenge to NIST, the government's IT standards-setting organization. Ron Ross, a fellow in NIST's Computer Security Division, has said that the IOT leaves public and private computer systems essentially indefensible.

Federal officials can implement as many security controls as they want and hackers will still "have a slice of that pie that will always be accessible because there are things that are off our radar due to their complexity," Ross said in April.