oT devices hold plenty of potential for enhancing and making military activities more efficient. From the ability to track the movement of items and troops in real-time to improve communications in dense urban areas. Realizing such potential means solving a number of security issues related to device connectivity. In this article, we look at the good and bad of using IoT devices in defense.
The Potential of IoT In Defense
High-speed connectivity is essential for efficient, real-time communications in today’s military. But how does that happen on a battlefield where there are no cell towers or infrastructure to provide communications? Furthermore, how do IoT devices communicate with each other in such an environment?
When point-to-point communications between devices do not work, drones can act as a gateway, extending communications across a spread-out team in a remote area. How well does this work in a densely populated area such as a city?
In a city, buildings and other structures interfere with communications. Additionally, the city inhabitants are constantly sending out signals that can also interfere with military communications. The US Army Research Laboratory (ARL) is currently conducting “smart city” tests to get around urban communication interference problems.
In a Montreal experiment, ARL utilized IoT devices strapped to a vehicle. Transmissions were sent via a long-range wide-area network (LoRaWAN). The transmissions were able to achieve a 3.1-mile range. Of course, that is a closed test, and the battlefield is much different.
Internet of Battlefield Things (IoBT)
IoT on the battlefield is known as the Internet of Battlefield Things. The limited military network bandwidth available to support the growing number of IoBT devices is another challenge to overcome. 5G network capabilities may help in resolving bandwidth bottlenecks.
Slow communications, especially in life-threatening situations, is unacceptable.
Dispute these challenges, IoBT has logistical advantages. The ability to track inventory and transfer of items through a supply chain in real-time provides the military with opportunities to correct the smallest problems before they turn into potentially high-impact situations.
“When you are deploying expeditionary forces and moving stuff from one part of the world to the other, IoT offers the chance to have total visibility across that supply chain,” Marine Lt. Col. Jeffrey Kawada said during a panel at the MilCom conference in October 2017, as reported by C4IRSNET.
Areas of Vulnerability in IoT and Edge Computing
IoT and Edge devices need to leverage available networks, which can include blue, gray, and red. These three network classifications can be broken down as:
- Blue — secure and military-owned.
- Gray — often civilian networks with uncertain trustworthiness.
- Red — adversarial networks.
Keeping IoBT devices safe across a myriad array of networks presents a number of obstacles. Additionally, any IoBT devices that connect to networks without the support of firewalls or antivirus software can be potentially compromised.
Edge devices are connected devices that have on-device computing (often AI) that allows them to process information faster than other connected devices. Edge holds the promise of helping agencies advance their security initiatives.
Allowing these connected devices onto military networks presents security issues at the point of connection and the device itself. Before any device connects to the network, it needs to be provisioned according to military protocol. This is not so straight forward, given that personal and soldiers may bring their own devices.
In addition to connection concerns, the device is also a security risk since it can be compromised without the necessary provisioning. Additionally, and unknown to military personnel, what other services might the devices be utilizing? As an example in 2017, the app Strava published classified military base locations. The military has since banned all devices that use geolocation services for deployed personnel.
IoT As A Threat
Some devices will always present a security risk when connected to a network.
As IoT devices and networks evolve, the ability for the military to keep up with the latest innovations will be virtually impossible.
The IoT Cybersecurity Act of 2017 was created to help with the provisioning of devices. However, if personal are not following device protocols, it’s basically all for not. The situation is similar to having great password policies in place only to have employees give out their passwords to each other.
The military has a large number of disparate networks, which makes monitoring them all difficult. To resolve this problem, the Defense Information Systems Agency (DISA) created the Joint Information Environment. It is an effort to consolidate the DOD’s networks so that instead of many networks, there are only several. This effort is on-going.
While the military is certainly aware of the problems presented by connected IoT devices and has taken steps to resolve them, there’s still a long way to go. Getting personnel on board and ensuring they follow the provisioning protocol of IoT devices will go a long way to sealing off device security issues.
Keeping up with the fast evolution and exponential growth of IoT devices is a momentous and constant challenge. Such a challenge will likely always be a blind spot in the military’s security initiatives.