Managing the Invisible Network (IoT)

Ah, the good old days, when things were simple. When there were a known number of devices on any government network, and the federal IT pro had a complete understanding of how to secure those devices.


Those days are long gone. Today, with the proliferation of the Internet of Things (IoT), thousands of devices are now connected to government networks, many unwittingly. Research firm Gartner predicts that more than 20 billion connected “things” will be in use worldwide by 2020—nearly three times the number in use today.


Of course, as the number of connected devices grows, security risks increase exponentially. This means, of course, that the challenge for Federal IT pros to provide effective security continues to get more and more complex.


In a recent Federal Cybersecurity Survey, federal IT decision makers weighed in on the growing importance of managing the often invisible threats promulgated by IoT. Respondents identified an increased attack surface as the greatest security challenge facing their agencies as IoT continues to evolve. The second greatest security threat, according to those surveyed, is the inconsistency of security on connected devices.


Although defense and civilian agency respondents felt their network security posture was as good as that in the commercial sector, and in some instances better, the majority surveyed agreed that some enhancements were needed to better discover, manage, and secure IoT devices.


How do Federal IT pros put those enhancements in place to more effectively manage IoT devices? Three steps will start the process:

1.  Understanding what’s connected (visibility is critical).

2.  Monitor the network and beyond by including activity and device management.

3.  Be diligent about updating everything, but in a controlled and planned manner. Updating reactively could lead to worse problems than you started with.


Step 1: Understanding


As the baseline of any type of technological enhancement, the first step to enhancing IoT security is information, i.e. gaining an understanding of what’s out there. In an IoT world, there are a dramatic number of devices that may be connected, from security cameras, to USB devices, to printers, to who-knows-what-else.


The best way to get a handle on connected devices is to use a set of comprehensive network management and monitoring tools; this will help itemize everything currently connected to the network. Consider using tools that also provide a view into who is connected, when they connected, and where they are connected.


Taking that even further, some tools offer an overview of which ports are in use and which are not. This information helps the federal IT pro keep unused ports closed against potential security threats and avoid covertly added devices. It is critical to have a fundamental understanding of and visibility into what’s on the network at all times.


As part of this exercise, consider creating a list of approved devices for the network that will help the security team more easily and quickly identify when something out of the ordinary may have been added, as well as surface any existing unknown devices the team may need to vet, and disconnect immediately. There are many ways to profile devices, but a best practice will be to implement a security policy that only allows approved vendors/devices.


Step 2: Network monitoring plus


Any successful federal IT shop is already performing network monitoring. That said, it is equally important to understand what those devices are doing relative to what they’re supposed to be doing; in other words, approaching network monitoring with an event-monitoring slant. For example, if a network administrator sees that a network printer is not acting like a printer—but, instead acting like a far more complex information-sharing node—that is a dramatic red flag. We’re far beyond the point of device identification. We also need to focus on device behavior.


Monitoring device activity also provides the ability to watch for changes in behavior. If a printer is acting more like an information-sharing node, there will have been a point in time when the activity level for that printer changed. Noting that change as it happens, and acting accordingly, can thwart a potential attack.


A function of monitoring device activity should include a process to ensure that the only devices hitting the networks are those that are deemed secure. The federal IT pro will want to track and monitor all connected devices by MAC and IP address, as well as access points. Set up user and device watch lists to help detect rogue users and devices to maintain control over who and what is using the network.


Step 3: Update, update, update


As pinpointed in the Federal Cybersecurity Survey, one of the greatest concerns for Federal IT pros is the consistency—or, lack of—security on IoT devices. Here’s why: IoT devices are generally simple, cheap, and low-powered. These devices often do not have built-in security, and certainly do not have the ability to run the antivirus programs that are operated by traditional computers.


The best way to stay ahead of the IoT explosion? Stay on top of security patches. Be aware of the patch release schedule for the vendors that make up, or are in your environment. We’re all familiar with Microsoft® “Patch Tuesday”, but how about everyone else? Do you have a well-defined patch testing and roll-out plan? Is there a test environment set up to ensure that a proactive patch doesn’t have inadvertent results?


The IoT is here to stay, and the number of devices—and types of devices—that will connect to the network will continue to increase. There may not be a single, simple way to manage and secure the IoT, but following the above three steps will certainly be a solid start. And start quickly.  At this rate of expansion, the sooner the better.


By Paul Parker, Chief Technologist – Federal & National Government at SolarWinds'
Paul Parker