There is No Single Way to IoT

It is called the Internet of Things (IoT) - plural - for a reason. IoT encompasses everything from traditional IT devices like laptops and phones to next-generation technologies like virtual assistants (Alexa, Google Home) to previously unconnected technologies like TVs to everyday utilities like HVAC systems and even refrigerators. With this wide range of things, agencies are finding it difficult to catalog every IoT device, making the creation of policies and processes even more challenging.

Shadow IoT--connected devices that aren't managed or monitored by an organization's IT resources--is a real concern for IT teams. In one study, 90% of organizations found IoT devices they were not aware of using their network. These devices can include fitness trackers, digital assistants, and smart televisions. Once these devices are identified, huge security challenges still remain as many of them were not designed with security in mind. There is also such a wide range of devices and manufacturers that policies cannot be applied consistently across all of the different products and systems.

Even known IoT devices can provide security challenges and concerns. Historically, systems running building automation - lights, elevators, sprinkler systems, HVAC - were separate from the IT systems. Today, these Industrial Internet of Things (IIoT) regularly connect to external networks and introduce risk back into the agency networks. As a workaround, a survey of IoT leaders found that 45% of respondents said they were deploying IoT devices on a dedicated network. Continue reading

Is IoT a Superhero or Villain?

The Internet of Things (IoT) is made up of webcams, sensors, thermostats, microphones, speakers, cars, and even stuffed animals. All of these connected devices can help individuals and organizations stay connected across geographic distances, keeping tabs on and managing assets from miles away. The data they collect can be combined with other data sets to create actionable advice for better management and service.

This holds incredible promise for local governments and federal agencies charged with maintaining safe operating fleets and facilities. There's also the application for improving the routing of field technicians as well as traffic flow in general. But, as every superhero knows, with great power comes great responsibility.

As with any technology, IoT standards need to be developed for effective and safe use as well as to enable interoperability. NIST has been working on defining standards and recently released Considerations for Managing Internet of Things (IoT) Cybersecurity and Privacy Risks, but no federal agency is currently claiming jurisdiction over IoT policy and rule-making. In this vacuum, the legislative branch is getting involved. This past November, the House passed the SMART IoT Act that tasks the Department of Commerce with studying the current U.S. IoT industry. A Senate bill was introduced to manage what types of IoT devices the government can purchase, ensuring that all IoT tech in government is patchable and has changeable passwords. Finally, states are even weighing in on the proper use of IoT in government. California passed the first IoT cybersecurity law, making device manufacturers ensure their devices have "reasonable" security features. Continue reading

The Next Frontier of Citizen Experience

Citizen Experience is a focus of the President's Management Agenda and the resulting IT Modernization Centers of Excellence. This focal point is a result of government receiving poor customer service marks (ranking them on par or below cable companies) year after year. Agencies have evolved from requiring citizens to visit a government office to fill out sheets of paperwork to online portals that provide much of that same paperwork online. It quickly became clear, however, that simply moving paperwork online was not the answer to improving citizen experience with government. Today the technology exists to take that online interaction to the next level.

Social media, Artificial Intelligence (AI), Internet of Things (IoT), video chat, text, and chatbots are being used throughout government to give citizens a more direct and personalized digital line to the agencies that serve them. Cities are using IoT to better communicate the whereabouts and schedule of public transport as well as air quality levels. AI is powering website chatbots and search functions allowing for more self-service of citizens looking to conduct business with the government 24/7.

But technology alone will not improve the government's customer service scores. The culture and morale of the government workforce also plays a huge role in the service that is delivered to citizens. Service representatives in government should be trained on new systems and shown how technologies will enhance, rather than replace, their jobs. Continue reading

Mapping out Geospatial Uses

Geospatial, as a strict term, means data that is related to a location. In the government space, Geospatial has been used interchangeably with GIS - or Geographic Information Systems - which refers to technology that uses geospatial data. GIS has long been a key technology for the military and intelligence communities to help map out and gain visibility into areas for combat or missions. But as the availability of geographic data grows through the use of GPS applications, drones, and IoT technologies, the use of GIS is expanding across government.

GIS is a key tool in disaster response helping overlay available resources and assets onto maps of areas impacted by floods or fires. It can also be used to map in real time the location of hazards such as downed power lines.

GIS is also being used by law enforcement. In one case, a boy had gone missing, suspected to be abducted. The boy posted a photo to Instagram and the image, taken from what seemed to be an apartment window, included a sign on a bank across the street. An analyst looked up branch locations and cross-referenced the addresses with online maps, but could not get a location that seemed to be a possible match. When they took that data and loaded it into a GIS system that took a top-down look at locations they were able to pinpoint the location of the child.

Urban sprawl and growth is also being managed with GIS. The city of Durham, NC uses aerial imagery to get a better look at changes being done to properties that impact land use, water runoff, and drainage.

There are several upcoming events focused on GIS as well as others that include discussion of the application of geospatial technology. Continue reading

Department Spotlight: Department of Homeland Security

The Department of Homeland Security (DHS) may be the newest cabinet-level department, but it is still facing the same modernization challenges felt across government. The agencies pulled under the DHS umbrella in 2002 came with legacy systems. While a good deal of integration and modernization happened while DHS was being formed, systems have to keep evolving to keep up with the ever-changing threat landscape and the technologies used to threaten the homeland.

Cybersecurity, as it relates to the protection of the national infrastructure and government systems, is a huge focus for DHS. In fact, The DHS Secretary recently said that nation-state adversaries "are at the highest levels since the Cold War, largely but not exclusively due to leveraging cyber to conduct espionage and influence operations and disrupt services." As part of their efforts to strengthen their cybersecurity posture, the Department is leading the Continuous Diagnostic Monitoring (CDM) efforts across government to provide capabilities and tools to identify cybersecurity risks on an ongoing basis, prioritize these risks based on potential impacts, and enable cybersecurity personnel to mitigate the most significant problems first.

With a broad mandate to support election security, DHS has been collaborating across the government to ensure the security of machines and records for national elections. New technologies such as Albert sensors, technology designed to detect suspicious IP addresses and malware signatures, will be in place in 90% or more of voting machines used in November. Continue reading