The CIA ponders how to gain an advantage with devices without leaving itself vulnerable.
By Gartner’s count, approximately 20 billion devices will be connected to the internet in 2020.
For the analysts and techies in the intelligence community, that’s a good thing. And it’s a bad thing.
“We love tech and we hate tech, and the internet of things is no different,” said Michael Mestrovich, director of technical services for the CIA, speaking Thursday at immixGroup’s market intelligence event.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The internet of things can bring the CIA savings through efficiencies and visibility into its operations, he said. Web-connected sensors, for example, do everything from providing the agency real-time data on electrical usage to helping collect large amounts of data from unmanned aerial vehicles. Technologies such as radio-frequency identification tags have further potential to reduce logistics costs, Mestrovich added.
“Internally, it can help us save the sums of money that you taxpayers contribute to the public fund,” he said.
But there’s a flip side.
“It opens up the door to our adversaries knowing more about us if we don’t implement [IoT] properly,” Mestrovich said. “At the CIA, we try to stay out of sight, out of mind.”
There are other challenges, too. Internet-connected devices are mass-produced with small profit margins, which often makes security an afterthought. Mestrovich gave one example in which smart lighting, designed to last a decade, may not be designed to have regular security upgrades throughout the course of its life. Yet, they’re connected to a network somewhere or another, Mestrovich said, and if they aren’t getting security patches, the whole network could be at risk.
“When these devices become part of the health and safety of the network, there has to be some way to go ahead and maintain those systems as new vulnerabilities come along,” Mestrovich said.
Those challenges could get worse over time, according to David Wollman, deputy director of the National Institute of Standards and Technology’s Smart Grid and Cyber Physical Systems Program.
Wollman said traditional legacy infrastructure—things like roads, buildings and bridges—are designed to last decades. Today’s internet-connected technologies evolve over months, not years.
“The expectations for the life of legacy infrastructure is 30 to 40 years, a lot of what we’re talking about here is along much shorter time scales,” Wollman said. “We have to work to reconcile that mismatch.”