by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2016
24 is the ability to secure the endpoints, the applications and the data,” says Cisco’s Hall. “ Otherwise, IoT won’t live up to its potential.” Research shows that vulnerabilities abound. That’s partly because the IoT is relatively new, so agencies are still identifying the risks and appropriate responses. “Many organizations take an approach of securing the back end of the IoT infrastruc ture that is running in the data center, but not the IoT device itself or the application that remotely manages the device,” says Rob Roy, HPE public sector chief technology officer. “ For example, 80 percent of IoT devices failed to require passwords of sufficient complexity and length, and 70 percent did not encrypt communications to the Internet and local network, according to an HPE ‘Internet of Things Research Study.’ This creates gaps in protection and allows potential attackers to infiltrate and steal the data as it is in motion.” Encryption might seem like an obvious way to secure IoT data, if only because that approach has proved effective with many non-IoT applications. But the IoT has nuances that can make encryption imprac tical. “ Encryption will be a challenge for many IoT devices, as they are usually very lightweight in terms of processing power,” says Bill Lemons, director of federal systems engineering at Juniper Networks. “There are emerging lightweight algorithms that can assist with this issue, but not all applications will require the encryption of all data.” The good news: First, the feds aren’t the only ones grappling with these concerns, so they can leverage lightweight encryption solutions that vendors are developing for the enterprise market. Also, policies for non-IoT data can guide some decisions about what to secure and how to secure it. “ With regards to data at rest, the collected data should be treated in a similar manner to data types not sourced via IoT hardware,” Lemons says. “ For instance, biometric information collected may need to be treated similarly to digital health records of that individual. Each use case will dictate the appropriate security posture for its data at rest.” The Postal Service’s smart cities application highlights another security consideration: Some IoT data will be shared between agencies or outside the federal government. “ When you share data, you want to make sure the other organization treats and preserves the data according to your same standards,” Piscioneri says. “ Finding the right balance between the level of sharing and the level of privacy is definitely going to be a challenge.” TAKE A CLOSER LOOK AT ENCRYPTION IoT devices tend to have limited processing power because they need to be inexpensive enough to deploy widely. So in addition to being unable to support encryption, many also aren’t manageable by the IT tools that enforce security policies for notebooks, smartphones and tablets. “This could limit how much visibility you can get to the device, its operation and the connections it opens with the network,” says Vinay Anand, vice president of ClearPass Security at Aruba Networks, a Hewlett Packard Enterprise company. “O ften times, the only option is to profile and track device behavior to look for deviations or anomalous behavior, and complement this with inline inspection of all traffic communications to and from the device.” Another potential challenge is the networks that carry IoT data. For example, the additional overhead of end-to-end encryption might not seem like much on a per-device basis. But it can quickly add up in terms of bandwidth usage and costs when multiplied across tens or hundreds of thousands of IoT devices. That concern is among the reasons why agencies need to consider whether all IoT data needs encryption. “ Many factors will need to be considered to answer this question,” says Bill Lemons, director of federal systems engineering at Juniper Networks. “Without additional context, does the data have any particular meaning? Does the data contain proprietary or sensitive information?”
August 30, 2016
September 30, 2016