Most federal agencies are connected in some way to the Internet of Things and the use of that technology is continuing to grow, although many agencies do not have specific policies related to security, privacy and other risks associated with it, GAO has found.
GAO said that 56 of the 90 agencies it surveyed reported using the IoT for purposes such as controlling or monitoring equipment or systems; controlling access to devices or facilities; or tracking physical assets such as fleet vehicle or agency property. “Agencies also reported using IoT devices to perform tasks such as monitoring water quality, watching the nation’s borders, and controlling ships in waterway locks,” it said.
About half of agencies currently using IoT technology plan to expand its use, citing advantages including increases in data collection and operational efficiency, while about half of those not currently using it plan to start, GAO said.
Agencies using the technology meanwhile most frequently reported cybersecurity issues and interoperability as the most significant challenges regarding IoT technologies. However, most agencies, as well as individuals interviewed by the GAO, reported that they used general IT policies developed by their agency rather than IoT-specific policies to manage the technology.
“Some agencies reported their IT policies were sufficient for the current challenges and risks associated with adopting IoT technologies, including cybersecurity. The Office of Management and Budget’s officials stated they do not typically make policies for specific IT components but if needed would work with the National Institute of Standards and Technology to develop such policies,” it said.
The House last week passed HR-1668, to require the NIST to publish guidance on disclosure to ensure that vulnerabilities related to devices of federal agencies are addressed.