GAO: Most Federal Agencies Using IoT; Some Report Cyber, Privacy Concerns

Internet of Things IoT Data Architecture diagram

A new Government Accountability Office (GAO) survey finds that 56 of 90 Federal agencies surveyed reported using Internet of Things (IoT) devices, while 13 reported that they are not using IoT devices and do not plan to use them for a variety of reasons, including insufficient return on investment.

Of the 56 Federal agencies that reported using IoT devices, 42 said they use the technology to control and monitor equipment or systems, 39 use them to control access to devices or facilities, and 28 use IoT devices to track physical assets such as fleet vehicles or agency property. GAO surveyed 115 CIO and senior IT officials based in part on agency membership in the Federal CIO Council.  In total, 90 officials responded, but not all agencies replied to each question.

“Increasing data collection can aid decision-making and support technology development; increased efficiencies may allow agencies to accomplish more with existing resources,” GAO said of agency IoT use.

But the decision to use IoT devices is often not an easy one, with IoT cybersecurity posing a “challenge” to more than half of the officials surveyed.

“Agencies responding to our survey reported that cybersecurity issues present the most significant challenge, and one case study agency has stopped IoT use and another decided not to adopt it for this reason. In our survey of federal agencies, cybersecurity was the most frequently cited challenge (43 of 74),” GAO said.

Also presenting challenges to adoption for 30 of 74 survey respondents were IoT interoperability, a lack of knowledgeable personnel to run IoT systems (30 of 74 respondents), and privacy concerns (27 of 74 respondents).

On the policy front, most of the survey respondents (54 of 72) said they use IT policies developed by their agencies – as opposed to “internal IoT-specific policies” – to manage their use of the technology, and some said agency policies were “sufficient for the current challenges and risks associated with adopting IoT technologies, including cybersecurity.”

According to GAO, the Office of Management and Budget (OMB) said it does not typically make policies for the use of specific IoT components “but if needed would work with the National Institute of Standards and Technologies (NIST) and others to develop such policies.”

OMB’s willingness to work with NIST on specific device policies dovetails with recent action in Congress on the issue.

Jordan Smith
About Jordan Smith
Jordan Smith is a MeriTalk Staff Reporter covering the intersection of government and technology.

Categories

Recent