The audit calls on EOTSS to develop specific guidelines for state agencies to identify and secure IoT devices
The Massachusetts state auditor, Suzanne Bump, is calling on the Executive Office of Technology Services and Security (EOTSS) to take a proactive and comprehensive approach to support state government agency adoption of Internet of Things (IoT) devices.
The call comes as Bump released an audit examining the Commonwealth’s administration of IoT devices, in which she highlights examples of Commonwealth agencies using IoT devices during the audit period including electronic toll centre cameras, motorist information signs, GPS devices on trains, and sensors to measure air quality.
The audit notes that some of the most significant challenges related to the adoption of IoT devices include cyber-security, privacy, connectivity, and a lack of laws and regulations regarding the use of this new technology. As part of the audit, Bump’s office surveyed state agencies about their current and planned use of IoT devices.
While most responding agencies indicated they either currently use or may in the near future use IoT devices, a plurality of agencies felt that because this technology is in its infancy, the risk of adopting these devices outweighed the benefits. A plurality also felt that their agencies could not currently effectively and efficiently manage the risks associated with IoT devices.
“As the Commonwealth continues to take measures to improve its IT operations and security, the opportunities and threats presented by IoT devices must be a part of that strategy”
“As IoT technology becomes increasingly ubiquitous, state government has a choice: it can lead by proactively securing these devices and developing a comprehensive approach to ensure agencies are effectively protected when leveraging these tools, or it can react to challenges and threats when they are at an agency’s doorstep,” said Bump.
“As the Commonwealth continues to take measures to improve its IT operations and security, the opportunities and threats presented by IoT devices must be a part of that strategy.”
The audit calls on EOTSS to develop specific guidelines for state agencies to identify and secure IoT devices. In addition, it encourages the agency to formally document a specific plan to respond to incidents affecting the security of IoT devices.
Finally, it recommends that the agency develop a policy that requires all state agencies to consult with the Commonwealth’s chief information officer before connecting IoT devices to the state’s network.
If you like this, you might be interested in reading the following:
NYC appoints chief privacy officer
Chief privacy officer will provide guidance to agencies and streamline the new policies and procedures
US Homeland Security official predicts great “risk of privacy harm in IoT”
Matt Hamblen reports on the Smart and Secure Cities and Communities Challenge workshop in Washington
Building the data-sharing ecosystem
A smart sharing strategy is essential to the development of data exchanges and marketplaces