IoT offers the promise of connecting everyday devices found in our cars and homes to city-wide devices like industrial systems and buildings. But IoT is evolving faster than the security measures to protect it — and security is critical so that consumers can trust IoT-based devices and services. These security efforts require collaboration from both the public and private sectors across the globe and are heavily influenced by consumer demand.
A vast network
Luckily, we do not need to start from scratch; many IoT security initiatives are already underway, but are proving to be incredibly complex. In particular, robust IoT security must include end devices, like smart watches and cars, the networks over which they communicate and the cloud services that store the data they collect. As more IoT devices join our networks, they introduce new threats. Those threats must be addressed in designing and defending networks in homes, businesses and government agencies. One of the most challenging aspects of security for IoT is its breadth — primarily because we must take into account the vast diversity of the devices and services that are available.
A changing environment
IoT is the ultimate intersection of technology with the physical world, and it can offer individuals and organizations new capabilities for convenience, health, efficiency and safety. But in order for these new advantages to exist, users must invest a high degree of trust. And that means a high degree of security is key. For example, laptop users could previously ignore the buildings around them as sources of cyber threats. But IoT has changed that environment: as more “things” communicate wirelessly, systems that previously could not or would not communicate are now connected, creating new threat vectors. Few of our laptop users, for instance, would take into account the fact that wireless networks they’re sharing with a smart building’s lighting-control system could be breached by cyber attackers.
A more secure America
The National Security Agency is focused on the protection of national security systems, which include classified networks as well as unclassified networks or equipment critical to military and intelligence operations. The Agency and our U.S. government partners also support or lead efforts to discover potential threats, contributing to the country’s overall cyber-defense efforts.
To reap the social and economic benefits of IoT, the nation, collectively, must help secure it. Gaining that security requires numerous partnerships across industry, academia and government. We must, as one team, have frank discussions about threats and how to address them.