Dancing on the Razor's Edge: A Foundational Review of IoT Exploitation and Defense through the Lens of TECHINT Collection

摘要

As the number of IoT devices continue to grow worldwide, the U.S. IC must remain wary of the duplicitous edge it walks on when choosing to exploit vulnerable IoT devices. While manipulating smart-products can enhance the ability to gather information on an adversary's advanced technical products, exposure of IoT system exploits can and will be used by nefarious actors to steal sensitive U.S. IP, gather intelligence on U.S. targets, and conduct offensive cyber operations on critical infrastructure. Given that countless IoT system vulnerabilities will be identified and abused by both state and nonstate actors in the coming years, it is imperative that the U.S. IC take active steps in securing its own technical intelligence before exploiting others. While active steps must be made by IoT developers to better secure their products, public/private sector organizations and institutions of higher education must operate under the assumption that it is not a matter of if, but when, their Internet-connected devices will become compromised. Consequently, all aforementioned parties must take an aggressive and proactive approach to securing access to devices that house sensitive information. These actions must in turn be complemented by the passage of federal regulations, which ensure that all IoT devices maintain compliance with a nationwide cybersecurity standard. Absent of any federal security standards, vulnerable IoT devices will continue to proliferate throughout the United States, further enabling both state and nonstate actors with the resources necessary to attack public and private institutions that house our nation's most sensitive technologies. Only by taking these balanced steps can the United States move forward while balancing on this razor's edge of both exploiting IoT devices for our own uses abroad, while protecting our own IP and technologies at home.