James Clapper said smart devices associated with Internet of Things pose security risk
In testimony to the Senate this week, Director of National Intelligence James Clapper highlighted the security risks posed by the emerging Internet of Things (IoT).
Clapper spoke on Tuesday to the Senate Armed Services Committee and the Senate Select Committee on Intelligence.
Here’s a copy of Clapper’s “Statement for the Record: Worldwide Threat Assessment of the US Intelligence Community.”
Relative to the IoT, Clapper said, “‘Smart’ devices incorporated into the electric grid, vehicles—including autonomous vehicles—and household appliances are improving efficiency, energy conservation, and convenience. However, security industry analysts have demonstrated that many of these new systems can threaten data privacy, data integrity, or continuity of services. In the future, intelligence services might use the IoT for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”
Clapper focused his comments to ensuring data integrity; securing infrastructure; interoperability; identity; accountability; and restraint.
He named the “leading threat actors” as Russia, China, Iran and North Korea.
The debate around IoT security–more connected devices means more possible points of security incursions–is part and parcel to discussion around whether tech firms should include end-to-end data encryption in hardware.
A group of researchers at Harvard University’s Berkman Center for Internet & Society addressed this issue in a recent published research report, “Don’t panic: Making progress on the ‘going dark’ debate.”
From the introduction: “In the last year, conversations around surveillance have centered on the use of encryption in communications technologies. The decisions of Apple, Google, and other major providers of communications services and products to enable end-to-end encryption in certain applications, on smartphone operating systems, as well as default encryption of mobile devices, at the same time that terrorist groups seek to use encryption to conceal their communication from surveillance, has fueled this debate. The U.S. intelligence and law enforcement communities view this trend with varying degrees of alarm, alleging that their interception capabilities are “going dark.” As they describe it, companies are increasingly adopting technological architectures that inhibit the government’s ability to obtain access to communications, even in circumstances that satisfy the Fourth Amendment’s warrant requirements. Encryption is the hallmark of these architectures.”
But do the researchers agree with the alarm expressed by law enforcement, government and other officials?
“Although we were not able to unanimously agree upon the scope of the problem or the policy solution that would strike the best balance, we take the warnings of the FBI and others at face value: conducting certain types of surveillance has, to some extent, become more difficult in light of technological changes. Nevertheless, we question whether the “going dark” metaphor accurately describes the state of affairs. Are we really headed to a future in which our ability to effectively surveil criminals and bad actors is impossible? We think not.”