The U.S. Army CIO has issued a new policy for the cybersecurity of Internet of Things (IoT) devices that requires all military personnel who are approved for telework to remove or turn off all IoT devices. in their workspaces.
“As a result of the pandemic, we saw a drastic expansion of our digital ecosystem that introduced new cybersecurity risks. Therefore, we are raising and expanding our protocols to make telecommuting offices safer for our current and future digital military staff, ”said Dr. Raj Iyer, director of information for the army.
The military reiterated that telecommuting during the COVID-19 pandemic has increased the risk posed by IoT devices, as the typical home can hold an average of 70 IoT devices.
The policy defines IoT devices as a network of elements or applications that connect to the Internet and come from several different technologies. The policy specifically stated that it applies to:
- “Bluetooth wireless devices, speakers, mobile headphones, intercoms, hubs, home routers, printers, computers, laptops, tablets, mobile phones, smart watches, automatic devices, game consoles, TV, entertainment centers home, digital audio players, portable media, players, digital video recorders, webcams, cameras, sensors, fitness trackers, medical devices, scales;
- Smart home appliances, kitchen appliances, washers and dryers, lamps, home electrical systems, smart power management systems, smart security solutions; i
- Personal Home Assistant Applications on Mobile Devices “.
The military said that when smart IoT devices are turned on, they constantly listen to and collect data by recording audio, transcripts and even video. The policy raises concerns with cybercriminals and foreign adversaries exploiting the weaknesses of cybersecurity to access classified information.
“This new policy aims to prevent data leaks and protect the privacy of unclassified critical information, personally identifiable information and operational data,” an army CIO press release said.
Therefore, the military, civilian and contractor personnel of the army must be protected and the mission of the army by means of:
- Removal of all IoT devices with workspace listening functions;
- Turn off or remove all personal mobile devices, such as smartphones or tablets, in the work area; i
- Disable audio access features in personal assistant applications and devices.