Microsoft: Ready For Cybersecurity in the IoT

The Internet of Things (IoT), according to TechRepublic, is “a scenario in which objects, animals or people are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction.” In layman’s terms, IoT refers to the many devices that connect to the Internet.

Experts predict that by 2020, more than 50 billion objects—everything from built-in automobile sensors to health monitoring devices—will be part of the IoT. With so much data to manage, cybersecurity is a major concern, and Microsoft is ready to jump in.

In its recent blog post for government agencies, Microsoft outlines the following six-step approach to help cities design and implement strategies for security, privacy, and cybersecurity:

1. Build a risk-based approach to cybersecurity. Focus on the risks to be identified, managed, mitigated, and accepted. A risk-based approach must look at the overall structure of a city’s systems to determine how to mitigate vulnerabilities to reduce the likelihood of system failure.
2. Establish clear priorities and security baselines. Take advantage of existing standards like NIST’s “Framework for Improving Critical Infrastructure Cybersecurity,” as well as the Council on Cybersecurity’s “Critical Security Controls for Effective Cyber Defense.”
3. Coordinate threat and vulnerability information. Working hand-in-hand with the private sector and other government entities to identify vulnerabilities is just part of the picture. There must be actionable steps that city agencies and citizens can take after vulnerabilities are exposed.
4. Build incident-response capabilities. Define which threats fall under the city’s purview and which belong to the private sector—with a communication plan that bridges the two. Threats should be prioritized and a hierarchy of threats and associated responses should be developed that are structured based on the anticipated impact.
5. Boost public awareness, education, and workforce training. Cities play an important role in equipping employees and citizens with tools and resources to be cyber smart. Workforce training for city and private sector employees is also an important part of a cybersecurity strategy.
6. Structure public, private, and academic cooperation. Cooperation should also be developed among city agencies, local businesses, and academic institutions. A city’s cybersecurity strategy can formalize the creation of public-private partnerships (PPPs) to benefit everyone.

For more information regarding Microsoft’s approach, view the full blog post.

====

IT SECURITY SUPPORT: Blue Mountain Data Systems provides IT Security Support Services for Federal Civilian Agencies. Looking to find Vulnerability Scanning and Testing, Penetration Testing, Risk Assessment & FISMA Reporting for your Federal Agency? Call Paul Vesely at 703-502-3416.

====