IoT is still a relatively new technology plagued by specific security concerns. For many industries, this is a serious problem; for others, it is merely a nuisance to be taken care of along the way. However, in the military arena, it can be dangerous to let cybercriminals exploit the cybersecurity deficiencies of IoT devices.
To solve these issues efficiently, we first need to identify them. Cybersecurity concerns for military IoT devices have been thoroughly researched, and experts are working on eliminating them. Let’s have a closer look at some of the significant security concerns for IoT devices used for military purposes:
Innate Security Breaches in IoT
The military industry in countries around the world has begun adopting IoT early. As such, they’ve seen a few IoT cybersecurity weaknesses exploited already, which is making the experts and agencies work harder at implementing stricter cybersecurity protocols. When it comes to the US military, the United States Department of Defense is developing IoT security policies, but they have gaps. As a result, there have been some security breaches experienced by DoD:
- The DDoS IoT attack in October 2016 targeted a company managing Internet infrastructure;
- A fitness tracking app used by US soldiers showed their exercise routes via heat maps in secret military bases around the world;
- Concerns that China-made commercial drones used by the military were revealing sensitive information about the US infrastructure and law enforcement data.
There’s a variety of proposed approaches to solving these issues, such as security by design and improving existing cybersecurity evaluation processes. However, a unified approach that could deal with all of the risks is still being worked on. A report by the GAO outlined the significant risks, dividing them into device-related risks and operational risks.
Main Security Challenges
There are certain IoT cybersecurity vulnerabilities related to the devices themselves:
- Limited encryption — the majority of IoT devices are not designed to work with the encrypted operation, which potentially allows access to other parties;
- Supply chain issues — a device made by an “adversarial” country could have deliberately planted exploits to collect sensitive data;
- Password and patching issues — poor password management, unpatchable or rarely updated devices could cause additional vulnerabilities for cybercriminals to exploit;
- Lack of security in design — the majority of IoT devices have little to no built-in cybersecurity, which makes them easy to manipulate.
Operational IoT Risks
Some of the critical operational IoT risks still need to be tackled by the military industry:
- Rogue applications and devices — some apps and tools could be used by cybercriminals to gather and transmit sensitive military information;
- Expansion of attack surface — IoT devices can both be used as a platform for massive attacks, as well as to create more weak spots in a network as their number grows;
- Impact on operations security — with capabilities like geotagging, IoT devices can pose huge cybersecurity risks for operations security by revealing the location.
Key Takeaways
There are major security risks that the military industry needs to tackle before declaring it safe to use IoT devices. With inherent device IoT risks as well as the operational risks their use might pose, it’s more important than ever to ensure IoT safety.
Military IoT projects must be based on accurate cyber risks measuring techniques taking into account the impacts due to this specific operational environment in order to deploy pro-active measures to reduce these risks, leverage security, vigilance, and resilience.