Alternate Title: DoD CIO: Policy Recommendations for the Internet of Things
From the Purpose statement: "This paper provides background and policy recommendations to address vulnerabilities (and take advantage of opportunities) related to the increasingly pervasive and semi-autonomous internetcapable devices that make up what is known as the Internet of Things (IoT). Due to high utility, low cost and ease of deployment, the IoT is proliferating rapidly as both stand-alone devices, and embedded sensors and controls in nearly every type of electronic device, from household appliances to aircraft. At the same time, IoT introduces vulnerabilities and concerns to the operation and security of networks and information, including those of the Department of Defense (DoD). IoT is already upon us, with millions of these devices already installed in our facilities, vehicles, and medical devices. The newest DoD green buildings have tens of thousands of sensors. The growth of internet-connected medical devices has been similarly exploding. IoT devices have the potential to be incorporated in our weapons and intelligence systems (both intentionally and unintentionally). Due to the sheer number of IoT devices and their limited processing power for running firewalls and anti-malware, the issue of their security vulnerabilities is quantitatively and qualitatively different than vulnerabilities previously associated with mobile devices and industrial control systems; as such, we are overdue in implementing associated policy and controls. Given the security and sensitivity of DoD missions, we need to act now to address DoD interests and identify additional steps that must be taken. Insights gained should be shared with the commercial world."
United States. Department of Defense