IoT and Its Impact on Infrastructure and Governance

The Internet of Things (IoT) revolutionizes how governments, organizations, and citizens interact with the physical world. This wave of interconnected devices promises a transformative infrastructure and governmental operations shift. However as the reach of IoT grows, the implications — especially related to security — become even more profound.

The Cybersecurity and Infrastructure Security Agency (CISA) has seen increased malicious activity with ransomware attacks against K 12 educational institutions. Malicious cyber actors target school computer systems, slowing access, and rendering the systems inaccessible to essential functions, including remote learning. In some instances, ransomware actors stole and threatened to leak confidential student data unless institutions paid a ransom.

Ransomware attacks on US government organizations cost $18.9bn in 2020.

The U.S. electric grid is critical infrastructure consisting of an ecosystem of communities, stakeholders, governments and economies. Most of the grid infrastructure was built decades ago and is unreliable. Bad actors know it. In 2015, Russian hackers carried out the first successful cyberattack on the nation's electricity grid, which was just one of an ongoing series of security breaches and attacks on US infrastructure and utilities.

You can spend hours scrolling down the rabbit hole of government IT horror stories, which makes the recent launch of the federal website for ordering free COVID tests that much more remarkable. The website worked, and it was surprisingly easy to use. But that success belies decades of underinvestment in digital transformation that has stifled public sector innovation and hardened the government's low-tech image. For example:

The heightened threat of retaliatory cyberattacks by Russia against critical U.S. IT infrastructure is prompting federal investments in cybersecurity to strengthen its cyber defense posture. The ongoing conflict in the region and the increased targeting of critical infrastructure assets will cause federal agencies to look for ways to strengthen their cybersecurity posture and redefine requirements that address cyber breaches that may occur during the coming months and years as well as drive investments into Zero Trust related tools and threat intelligence.

As organizations adapt to hybrid work and more and more cloud services are deployed, new service entities that collaborate and exchange data without human interaction, such as virtual machines and containers, are proliferating. The growth of these service accounts and identities and their increasing volumes of permissions, privileges, and entitlements expose organizations to new attack vectors. 

Election security is a big topic, but it resembles a many-legged centipede. Federal contractors face the reality that elections are the purview of state, county and municipal officials. The technical and managerial abilities of these entities vary from what you might expect in a tiny hamlet to what you might encounter in a million-person suburban county.

Every Federal IT pro knows that security threats are a top agency priority. Yet, according to the SolarWinds 2019 Cybersecurity Survey, those threats are increasing—particularly the threat of accidental data exposure from people inside the agency.

Microsoft Active Directory is a critical tool that helps system administrators manage user privileges and secure their IT infrastructure, yet Active Directory presents several security challenges. Most problematic is that Active Directory’s attack surface is huge. Targets for attack include every domain name user account, admin and security group, domain controller, backup, admin workstation, and admin delegations and privileges. If any one of these targets is compromised, your entire Active Directory can be compromised too.

The Threats