Close

HPE Aruba Networking Blogs

Securing the Growing Usage of IoT in Federal

By Dolan Sullivan, Vice President of Federal at HPE Aruba Networking (Retired)

IoT is fast-growing in the commercial sector, government agencies are taking note. It’s key to understand the potential benefits and how to manage the potential risks.

Many cities are looking to IoT and analytics to bring enhanced safety, increased efficiency and a better quality of life, and those same smart city technologies can be applied to military bases and federal offices. Using sensors, analytics and automation to manage resources such as electricity and water can increase the capacity and output of a base while supporting the morale and welfare of individuals. Smart lights, thermostats, and heating and air conditioning systems can be controlled via sensors, making buildings more energy efficient. Sensors can provide insight into actual occupancy so a base can track usage trends and reallocate extra space as necessary.

IoT can bring efficiencies to logistics and supply chain management. Commercial industries such as agriculture, healthcare and logistics are seeing the rewards of IoT. For the federal government, connected sensors and analytics can track supplies and equipment from the source to where they are needed, reducing waste and ensuring uninterrupted delivery.

Sensors and IoT can be used by military intelligence and command to acquire full situational awareness over conflict zones or battle areas. Sensors in urban areas also can provide increased situational awareness and combat intelligence to carry out more effective operations on the ground.

Build a Secure Foundation for IoT
As government agencies are exploring IoT to increase efficiency and safety, the foundation of the IoT system—the network—must be even more resilient and proactively secure.

The threat landscape has changed significantly, with the scale and sophistication of cyberthreats unprecedented. Threats can be weaponized in weeks, days or even hours from the point the vulnerability is made known. Even if an agency is not exploring IoT, mobile devices are everywhere. People are rapidly adopting consumer IoT devices like fitness trackers, smart TVs and smart speakers in their personal lives. Compromising mobile and IoT devices is a common first step of an attack. Cybercrime is a $6 trillion industry, and America’s government agencies are some of the biggest targets of all.

Know What’s On Your Network
The reality is that the IT staff at many government agencies—and commercial businesses—simply don’t know what devices are connected to their networks. The rise of sensors and IoT devices only compounds the problem. Oftentimes, IT administrators have no visibility into the sensors and smart systems deployed by the public works department, for example. And since many IoT devices have questionable security, the lack of visibility is a risk.

It’s common sense that all devices must be identified, authenticated and authorized before being granted access. That’s the role of Aruba ClearPass. ClearPass can enhance visibility into and control over all kinds of devices, including mobile and IoT devices. ClearPass brings visibility to every device on the wired or wireless network, and then uses dynamic, role-based access controls for consistent policy enforcement across the network. Devices can be segregated based on risk. Building control systems, for examples, can be restricted to their own segment, while surveillance cameras are in the security VLAN.

Simplify and Secure IoT with Dynamic Segmentation
With Aruba switches, agencies can dynamically segment their wired network to enforce policy at the edge—where the users and devices are and where the threats often enter. With the dynamic segmentation capability on Aruba switches, selected wired traffic can be directed to the same enforcement firewall that inspects wireless traffic—the mobility controller. The mobility controller, in conjunction with ClearPass, becomes a unified policy enforcement point for both wireless and wired clients. Threats can be identified and contained quickly—and before they spread. With contextual policies based on identities, device type and location, different groups of users can safely use a single network configuration between traffic flows simply adapt to their assigned roles.

Segmentation improves security posture with tunneling that can be set up for either port-based tunneling, with all authentication done on the controller or user-based tunneling, with authentication done on the switch. This segmentation operates as an overlay, so it can coexist with existing VLANs. There’s no rip-and-replace. Dynamic segmentation enables simpler and more secure operations and reduces operational costs.

Another key consideration as mobile and IoT devices become more widespread is the access switch itself. Traditionally, an access switch connected a few dozen users. But today, each switch may connect a dozens of wireless access points, smart lights, locks and other IoT devices. As agencies adopt more wireless, they will need fewer wired switches, but with more users and devices relying on each access switch, its importance in mission operations is elevated. Hundreds of people and devices may now on a single access switch, making its performance and resiliency more important.

Aruba Delivers Secure Mobility
As agencies look to IoT and analytics to enhance safety, increase efficiency and support a better quality of life, it’s critical to build security into the heart of the network foundation. Aruba solutions have been deployed into thousands of federally validated and policy-compliant wireless network for the US government and Armed Forces.

Learn More
Go deeper into dynamic segmentation.

Aruba secure mobility for US government.

See all of Aruba’s government security certifications and compliance.