Endpoint Security , Internet of Things Security , Open XDR

US Army Apparently Rescinds IoT Device Ban

Policy Instructed Remote Workers Not to Use These Devices
US Army Apparently Rescinds IoT Device Ban
The U.S. Army believes IoT devices, such as Amazon's Echo, pose a potential security risk for those working remotely.

The U.S. Army has deleted from its website a directive requiring all remote workers to remove or turn off IoT devices, according to the security firm Bitdefender.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The new requirement was issued in a memo posted to the Army's website on May 20 by the Army's CIO, Dr. Raj Iyer, that has since been removed, according to Bitdefender. The security firm found a cached version of Iyer's note.

Bitdefender researchers say such a policy is essentially unenforceable. But they acknowledge that many IoT devices lack adequate security.

"Securing the home networks of all employees is not feasible, for obvious reasons, so you have to focus on picking up abnormal behavior from the worker's devices," says Alex Balan, director of security research at Bitdefender. "XDR/EDR solutions and SOC services like MDR are built for this specific situation, and it's my opinion that they're mandatory to have in a 'work from home' age."

The U.S. Army did not respond to an Information Security Media Group request for additional information.

Why the Ban?

The "Cybersecurity Requirements for Teleworkers in the Vicinity of Smart Internet of Things  (loT) Applications and Devices" policy that Bitdefender found in the cache says many IoT devices present a security issue because they constantly collect data and listen even when not in direct use.

"Although those virtual smart assistants and digital gadgets or applications may seem helpful, they pose a great threat to security, in your home and at the national level," the policy removed from the Army website states. "With the rise of telework due to the pandemic, IoT devices have elevated security risks, particularly for the Department of Defense, as teleworkers use personal devices while connected to DoD networks for business."

The policy stated all military, civilian and contractor personnel must:

  • Remove all IoT devices with listening functions from the work area;
  • Turn off or remove all personal mobile devices, such as smartphones or tablets, in the work area;
  • Disable audio access functions on personal assistant applications and devices.

The memo noted that the average home contains about 70 IoT devices.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.