GAO Report Urges Improved DOD Security Measures for Internet of Things Devices
A July 27th report released by the Government Accountability Office entitled Internet of Things: Enhanced Assessments and Guidance Are Needed to Address Security Risks in DOD found that, “Although DOD has begun to examine security risks of IoT devices through its infrastructure-related and intelligence assessments, the department has not conducted required assessments related to the security of its operations.
DOD has issued policies and guidance for IoT devices, including personal wearable fitness devices, portable electronic devices, smartphones, and infrastructure devices associated with industrial control systems. However, GAO found that these policies and guidance do not clearly address some security risks relating to IoT devices.”
Among the vulnerabilities highlighted by the report is the use of smart televisions. According to GAO, “DoD officials told us that existing DoD policies and guidance do not clearly address security risks relating to smart televisions, and particularly smart televisions in unsecure areas. Officials from military services and other DoD components described smart televisions as a risk to operations security due, in part, to the ability of commercial providers to access the devices remotely—potentially eavesdropping on conversations or sending recordings of these conversations to third parties.”
GAO’s general recommendations, upon completing the report, are that “DOD (1) conduct operations security surveys that could address IoT security risks or address operations security risks posed by IoT devices through other DOD risk assessments; and (2) review and assess its security policies and guidance affecting IoT devices and identify areas, if any, where new DOD policies may be needed or where guidance should be updated.”
The report also notes that DOD agreed with the recommendations outlined in GAO’s report.
Posted in From the Hill