Agencies Work to Embrace—and Secure—the Internet of Things

More than 40 billion devices are expected to operate across the internet of things by 2025, clearing the way for next-generation networks and connectivity—and creating a complex threat landscape. As agencies integrate and deploy new IoT machines, sensors, cameras and devices, insiders consider securing the evolving infrastructure a top priority. 

“So, it’s cool that we are going to have solar panels. It’s cool that we are going to have wind turbines and it’s cool that I have a Nest system in my house. … And it’s great that I have an [electric vehicle] car that has to charge,” Karen Evans, assistant secretary of the Energy Department’s office of cybersecurity, energy security, and emergency response, or CESER, said. “But each one of those ends up becoming a new attack vector into the grid—that’s what we are focused on and that’s what we are looking at.”

Previously Energy’s chief information officer, Evans also served as a top IT executive at the Office of Management and Budget under President George W. Bush, in a role now known as the federal CIO. She’s the first to lead the new CESER office Secretary Rick Perry established in Feb. 2018. Speaking at World Wide Technology’s IoT Industry Day Thursday, Evans said CESER’s ultimate aim is to protect American energy viability today, while proactively addressing emerging energy threats of the future. 

“I am not focused on [Energy] enterprise activities,” she said. “The [agency’s] enterprise activities are under the CIO—I am focused on the energy sector.”

Evans and her team have a broad portfolio of projects that includes securing the grid, workforce planning, modernization, emergency preparedness, protecting the nation’s critical energy infrastructure, and many others. She said her work with the U.S. utility industry continuously solidifies that all sectors’ stakeholders are placing a sharp focus on identifying and mitigating new threats that come with the growing IoT universe.

“The whole idea of public-private partnership, we always say it all the time in Washington D.C., it's real in the energy sector—because I don’t own any of this infrastructure, it’s all owned by private industry. So, I have a deeper appreciation for what public-private partnership means,” she said. “And they understand exactly what the landscape is. They understand exactly how these devices are being used and they know how they are being held accountable.” 

Elaborating on the new threat landscape, Evans offered solar panels as an example of emerging threat vessels. She said when people want to install the technology, they generally search online for the most affordable options that meet their needs.

“I don’t think the average consumer says, ‘wow these panels are manufactured in the U.S., so they are more secure,’” she said. “That means that those of us involved in this have to take a longer-term view.”

Solar panels and developing IoT vulnerabilities are also a “major concern” at the State Department, Landon Van Dyke, senior advisor for energy, environment and sustainability, said. Van Dyke, who also leads the department’s center for analytics, explained how the agency is implementing IoT sensors, panels and systems to track air monitoring and building management and leverage other critical information about their structures across embassies in 190 cities and beyond. 

“We have over 26,000 buildings around the world and all of those we need to figure out how to monitor and make more efficient, optimize and protect,” he said. “That’s basically where the IoT networks started to really expand as we recognized that our footprint around the world needed better protection and better information.” 

Van Dyke said the department’s concerns around solar panels include that they can’t always know about all that’s inside the hardware. For example, chips could be embedded deep in the devices that could make the data or the system vulnerable to hacking. 

“So I could actually attack your energy grid,” he said. 

The department now gathers about 15,000 data points every 15 minutes through its building management systems. The data is sensitive, he said, and if an adversary got control of those systems, they could attack the cyber environment and force the embassy to be evacuated, opening insiders up to physical attack. 

“So for us, we are very, very much worried about what the attack vectors are,” he said. 

Van Dyke added that State has also deployed IoT technology for a variety of other uses, as well. The department has over 14,000 vehicles in its fleet and recently reviewed a new tool that would read whether the cars are operating safely. Recognizing that they couldn’t confirm if the devices were totally secure, Van Dyke and his team opted to re-write the chips they did not trust. 

State is deploying an IoT device that tells the department everything from where the cars stand on their maintenance requirements to if drivers are braking correctly. He also noted many smart cars automatically send information back to the original car dealers, which would be sensitive data that State would not want to share. 

“So our devices are indicating to us, also, what does the car want to do?” he said. 

In a separate fireside chat, the Agriculture Department’s Deputy Chief Information Officer Francisco Salguero also highlighted how both farmers and the agency are leveraging IoT connected devices and other emerging technologies like blockchain and virtual reality to better meet their needs—and how the agency could also be doing better. He said Agriculture aims to support farmers’ use of drone technologies to help them better understand how to map out their farms and land. 

Salguero added that Agriculture Secretary Sonny Perdue is encouraging agency officials to embrace and improve precision agriculture, which enables farmers and ranchers to use GPS capabilities in their tractors, to know “precisely” where they should farm to maximize produce.

“From a USDA perspective, we have to catch up to that, to be honest. From the government side, we are not always on the leading edge,” he said. “For us, it’s actually starting to catch up. The industry is growing from a farming perspective, so we have been very focused on data analytics and how that can work with precision agriculture.”