Research Spotlight: IoT Security in the Public Sector

The public sector is undergoing a profound transformation, driven by the widespread adoption of Internet of Things (IoT) technology. This adoption extends to every corner of government, encompassing numerous departments, agencies, public utilities, and other organizations. Public hospitals, elementary and secondary schools, universities — even libraries, museums and other cultural institutions — have embraced internet-connected devices, ushering in a new era of service excellence. Equipped with IoT devices, the public sector gains the ability to deliver information and experiences tailored to the needs and preferences of individuals, resulting in elevated satisfaction levels among the public and fostering a stronger sense of trust and confidence in the services provided.

The impact of IoT technology extends beyond enhancing the citizen experience. It also empowers the public sector to identify and address operational inefficiencies, leading to improved cost-effectiveness. Additionally, IoT plays a crucial role in enhancing public safety and sustainability. By leveraging IoT, public sector organizations can minimize resource wastage, optimize maintenance processes, automate supply chain management, and discover new revenue streams, all while ensuring public safety and well-being.

To illustrate the application of IoT in the public sector, consider the following examples: A municipal authority implemented IoT sensors to monitor energy consumption in public buildings, optimizing lighting, heating, and cooling systems to achieve significant cost savings while reducing environmental impact. A transportation agency utilizes IoT technology to track the performance of its school bus fleet and optimize maintenance schedules, ensuring reliable and

efficient student services. A law enforcement agency responsible for public safety implemented a smart surveillance system using IoT devices, including cameras, motion sensors, and facial recognition technology, which are integrated with an analytics platform. The agency utilizes this system to detect suspicious activities, monitor crowd movements during events, and provide real-time alerts to local authorities.

In another example, a Midwest city’s water utility department implemented IoT sensors to monitor water distribution networks in real-time. These sensors provide data on water flow, pressure, and quality, enabling the utility to detect leaks, optimize water usage, and improve maintenance efforts. A local municipality installed IoT sensors in waste bins to monitor fill levels in real-time, enabling optimized collection routes and reducing unnecessary trash pickups. A municipal government implemented an IoT-enabled parking system that provides real-time information on available parking spaces. Drivers can access this information through a mobile app, reducing congestion and improving traffic flow.

These examples provide just a glimpse of the potential of IoT in the public sector. Given the evident benefits, it is no surprise that the IoT market in the public sector is experiencing significant growth. According to Allied Market Research, the global market for IoT in public safety alone, which involves the use of IoT devices to enhance safety and security in cities, public buildings, transportation hubs, and other public spaces, was valued at $12 billion in 2019. By 2027, this market is projected to reach $30 billion as more government authorities, including law enforcement agencies, embrace IoT to strengthen public safety measures and mitigate the impact of natural disasters.

As the public sector embraces IoT technology across many different areas, it’s crucial at the same time to address the security risks associated with these internet-connected devices. One of the primary concerns revolves around the inherent lack of built-in security features in IoT devices. This vulnerability makes them attractive targets for cyber attackers, who can exploit weaknesses to gain unauthorized access to sensitive data. A successful attack on compromised IoT devices can potentially lead to large-scale security breaches, jeopardizing the reputation, finances, and legal standing of public sector organizations.

To provide some perspective, the cost of a data breach in 2022 averaged $3.86 million globally, as reported by IBM. Considering the potential impact of an attack

on public sector operations, it is essential to proactively safeguard unsecured IoT devices. This is easier said than done, with many governments and other public sector organizations expressing relatively low levels of confidence in their current ability to fully protect their networks from attack via IoT devices. In fact, research conducted for this report reveals that almost half (47%) of survey respondents are “somewhat unconfident” or “not at all confident” in their ability to do so while more than one-third (34%) indicated that they plan to upgrade their IoT security capabilities within the next year.

Addressing this challenge requires the implementation of a next-generation technology solution with the requisite set of platform capabilities, supported by right organizational resources, practices, and performance metrics. When it comes to technology requirements, prioritizing a Zero Trust security approach becomes crucial as a primary objective. This approach mandates verifying and authenticating all devices, users, and applications before granting access to the network. By doing so, it ensures that only authorized devices can connect, employing encryption for all communication. Additionally, it empowers organizations to actively monitor network activity, enabling the detection of any abnormal behavior that may indicate a security threat.

Another essential technology requirement is edge computing capabilities. This approach involves processing data closer to its source, minimizing latency, and enabling real-time analysis. Both the Zero Trust approach and edge computing capabilities serve as key elements of a purpose-built IoT security solution.

Excerpted from: IoT Security: Best Practices of Top-Performing Organizations in the Public Sector, produced by Starfleet Reseach with underwriting support from Palo Alto Networks