The United States federal govt. policies regarding the internal usage of IoT technologies have faced augmented attention in the last couple of months. In January of the year 2018, researchers found how they could trace the activities, of military employees supporting fitness trackers, through the Internet. A similar finding took place in July which saw how Polar, a fitness app, was revealing the whereabouts of intelligence and military individuals throughout the globe.
On the 3rd of August, following these revelations, geo-locatable mobiles were partially banned by the United States Dept. of Defense.
A statement by the Defense Dept. read how the department individuals assigned at operational sites were barred from utilizing the geolocation feature of their technological devices, starting immediately.
Even though this is a good initiative, there are still some issues and breaches that need to be addressed:
Even though the Federal Information Security Modernization Act needs every federal agency to establish, note, implement and keep a check on data security programs for their various systems of ICT, many significant decision makings are assigned to the CIO of every agency. An outcome of this is considerable inconsistencies across the organizations, especially when considering IoT where individual executions are already very dissimilar. An example is the grid sensor checked by the Dept. of Energy as compared to a CIA workplace’s smart speaker. This indicates how the principles of cybersecurity will fluctuate a great deal throughout federal agencies.
No federal cybersecurity structures clearly deal with IoT’s administration or security.
To conclude, in the Federal Acquisition Regulation, there is an absence of a language that dictates security standards in the federally acquired IoT devices. This implies how federal contractors are not needed to utilize security procedures, in their IoT devices, that are specific to IoT.