The Internet of Things has the potential to completely change the intelligence community. The IoT is jargon for the accelerating expansion of data-gathering devices that are connected to the Internet.
A panel of experts at the Intelligence & National Security Summit last week in Washington, D.C., agreed that the explosion of data is generally a good thing when it comes to meeting the mission of the intelligence community. However, it raises concerns about how to sift useful information from the vast quantities of data generated, as well as issues of privacy.
Lewis Shepherd, director and general manager of the Microsoft Institute, said that "there are three overriding vectors in the Internet of Things that we in the community can and should be thinking about."
IoT represents "a tremendous offensive collection capability and potential for operational use," he said, but added, "I think that's an overly limiting filter, if you will, an unhelpful filter, constraining the thinking of the community."
The second vector is finding ways for the intelligence community as an enterprise to make use of the actual technical capabilities of the IoT. As an example, he said, many people use a WiFi network for printing documents at home, but the intelligence community does not use that capability in their workplaces.
Finally, Shepherd said, the classic mission of the intelligence community is understanding the outside world, not just the adversary and his capabilities. "We cannot understand the world if we do not understand how the world is changing," he said, including "broader cultural, social, demographic" changes.
[The naked truth? Read Apple iCloud Hack's Other Victim: Cloud Trust.]
Rhonda Anderson, deputy national intelligence officer for science and technology in the Office of the Director of National Intelligence (ODNI), National Intelligence Council, said there are many, many questions the intelligence community has to address in considering how to make use of IoT data.
"What is it we want to connect? What will we use to connect it?" she said. "What data will you be collecting? How will it be moved, stored, will it be mobile?" She said she prefers the concept of "netted" devices, rather than connected, since IoT is not a social Internet.
Chris Reed, program manager in the Office of Smart Collection at the Intelligence Advanced Research Projects Activity (IARPA), noted that along with the challenge of selecting and prioritizing data, the question of accessibility remains.
The lack of interoperability is a real hurdle, Reed said. "Each of these have their own ways of collecting, transmitting, [and] using data. A lot of times you purchase a device and you're locked into a proprietary silo... Particularly on government procurements, we need to make sure we can unlock the value of the data."
Mark White, principal and CTO at Deloitte Consulting's global consulting technology practice, said that the "what of IoT has been relatively slow to emerge." It takes time to determine what is actually useful, rather than simply what can be connected. It takes time to sort out what is "interesting or actually disruptive," he said.
And while IoT represents an immense opportunity for understanding the world, relationships, actions, and people, it also offers heretofore unimaginable risks, said Robert Gourley, partner at Cognitio Corp. and editor and publisher of the CTO Vision blog.
"There will be bad guys in the future -- bad, bad, bad guys," Gourley said. "They're going to rush to this Internet of Things and they're going to out-innovate us... We have to automate, just to keep up."
He said that he agreed with the panelists on the initial challenge being how to sort all the data and analyze it.
"On the top of my list is the algorithms that make sense of this data," he said.
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data. In the Partners' Role In Perimeter Security report, we'll discuss concrete strategies such as setting standards that third-party providers must meet to keep getting your business, conducting in-depth risk assessments -- and ensuring that your network has controls in place to protect data in case these defenses fail. (Free registration required.)