IoT, Mobile Give Government IT New Challenges

Steerage To The Stars: The Cheapsat Revolution

A host of new mobile consumer technologies will be introduced in the next several years that will not only have an impact on the commercial world but also government at the federal, state, and local levels. Among the key changes coming are wearable mobile devices and the Internet of things, a panel of experts said at a recent symposium on federal mobile computing.

At the federal level, the Government Services Administration is exploring a number of technologies that will soon reach the consumer market. The GSA is especially interested in ways to authenticate mobile user devices such as smartwatches or identification badges, said Ralph Broom, an agency mobility and security engineer.

Broom noted that the majority of the technologies the GSA is considering are driven by ongoing changes in the commercial mobile market. This includes the potential new technologies -- such as biosensing and life logging -- that could affect how devices are authenticated.

[Read how government is securing its mobile devices: NIST Drafts Mobile App Security Guidelines.]

Another consideration is that multiple mobile devices soon will be communicating with one another, and this will lead to a convergence of services and capabilities such as application interfaces, or APIs, Broom said. For government applications, wearable mobile devices and identification will be designed with the goal of improving workflow. For example, what tasks could be improved if staffers had the equivalent of an expert whispering in their ears?

The government is looking into a variety of wearable identification options as new technologies become available. The current common access (CAC) and personal identity verification (PIV) cards used by federal employees are constrained in how much data they can store, Broom said. The long-term goal is to provide staff and their devices with derived credentials, which are derived from the personal data in a CAC or PIV card but can be stored in a mobile device. Smarter devices will also allow for more granular forms of personal identification, such as the ability to recognize a device user's unique pulse or electrical brain wave rhythms.

Another challenge will be the growing web of device-to-device communications known as the Internet of Things. Broom said a variety of devices that will soon be available on the consumer market can talk to other devices around them to provide the wearer with information and to report the wearer's situation or location to other services. These devices and services will be very useful for consumers and potentially to federal employees, but the security ramifications will have to be considered carefully, he said.

Growing mobile technology also has an impact at the state and local government levels. The District of Columbia Retirement Board administers a $6 billion pension fund for Washington, D.C., firefighters, police, and teachers. Peter Dewar, the board's director of information technology, said it has experimented with a variety of new wireless technologies to improve its work outcomes and efficiency in local government.

Available mobile technologies have some value for the board, Dewar said. For example, the Apple iBeacon allows a smartphone or smart ID badge to identify and track customers while they are visiting the board's offices. The device can be synched to Google Glass headsets, which would allow board staff to call up a customer's personal data unobtrusively during an interview. The board is exploring the possibility of using these technologies in the near future, he said.

Regarding the ability of wearable devices to access cloud-based data, Dewar said the future is already here through items such as the FitBit, a wearable health monitoring device that can be synchronized via a smartphone to store data on a secure web account. As the Internet of Things expands, this will create a variety of challenges, as it will open the potential to change how and where people work, he said. The challenge is how government agencies adapt to those changes.

Interested in shuttling workloads between public and private cloud? Better make sure it's worth doing, because hybrid means rethinking how you manage compliance, identity, connectivity, and more. Get the new New Tactics Needed For Hybrid Cloud Security issue of InformationWeek Tech Digest today (free registration required).