The Department of Defense must address some key security risks in its policies and guidance for Internet of Things devices, according to a new Government Accountability Office report. The report notes that although DOD has identified the many IoT-related security risks and developed policies and threat scenarios, current rules do not adequately address these challenges. The report recommends updates in certain areas to keep DOD information secure from threats posed by IoT devices.
The IoT risks previously identified by DOD are categorized into "operational risks," which come with using and operating a device, and "device risks," which come with the device itself. "Rogue" mobile applications used for malicious purposes and devices that can geotag are considered "operational," while issues such as unpatched software, limited encryption and supply chain threats represent "device" risks.
Read more on defensesystems.com