IoT security risks are well known: IoT devices are fundamentally untrustworthy. Their designers typically have focused on functionality and longevity, not cybersecurity. Many OT systems were designed to operate in isolation, and are now connected to the Internet. IoT sensors and devices are often geographically distributed, making them easier to tamper with and harder to continuously protect. Many smart devices lack the compute power to directly run security agents.
Zero-Trust Security for IoT is mandated
OMB is stepping up oversight of IoT assets as cyber threats rise. In late 2023, the White House issued Fiscal Year 2024 Guidance on Federal Information Security and Privacy Management Requirements, which directed agencies to prioritize the creation of an inventory of IoT assets by the end of FY24 as a starting point to better gauge their security risk. This directive builds on the National Cybersecurity Framework and the Administrative Cybersecurity Priorities for the FY25 Budget memo, which prioritizes defending critical infrastructure. To modernize cyber-defenses in compliance with the guidance, agencies must advance their efforts to meet Zero-Trust Security maturity model goals, close gaps in Zero Trust, and prioritize protecting high-value systems.
As Federal IT leaders place a stronger focus on adopting Zero-Trust Security for IoT systems, they need a modern network that supports visibility into what’s connected, enforces Zero-Trust network access controls, and simplifies operations, while enabling the real-time data processing needs of IoT apps.
Accelerate Zero Trust for IoT with HPE Aruba Networking solutions
Security-first, AI-powered networking from HPE Aruba Networking can help Federal IT leaders apply Zero-Trust Security principles across their respective organizations to secure digital operations, whether IT or OT. HPE Aruba Networking delivers key Zero Trust capabilities, including comprehensive network visibility; strong authentication, authorization, and least-privilege access controls; and continuous monitoring and policy enforcement that delivers zero-trust protections and simplified operations to support a broad range of digital operations.
With HPE Aruba Networking solutions, Federal IT leaders can:
- Unify and simplify network infrastructure. With HPE Aruba Networking solutions, Federal IT organizations can connect IoT, IT, and OT devices to a unified network infrastructure, which simplifies the network infrastructure and reduces costs. HPE Aruba Networking wireless access points (APs) serve both as network access on-ramps and full-fledged IoT platforms. The APs support enhanced Wi-Fi radios with wake-up features for low-power devices, Bluetooth and Zigbee radios, and expanded USB functionality to allow IoT devices to be directly connected to the AP, eliminating the need for additional IoT gateways. The HPE Aruba Networking 730 Series AP, a new Wi-Fi 7 AP, delivers seamless edge computing capabilities, enabling it to store and run IoT containers and process data locally to support real-time IoT applications. Additionally, agencies can support multiple classification levels on the same HPE Aruba Networking APs, allowing confidential, secure, and top-secret communications to share the underlying network infrastructure, while each is managed by different mobility controllers and administrative staff.
- Gain visibility into what’s connected to the network. Knowing who and what is connected to the network is fundamental to cybersecurity, but gaining that visibility is particularly challenging given the wide variety of IoT and OT devices. HPE Aruba Networking ClearPass, which provides Zero-Trust network access control, can profile network-connected devices with 99% accuracy—including IoT devices. Additionally, IT managers can use Aruba IoT Operations to view all of their non-Wi-Fi-connected devices that are connected to APs managed by HPE Aruba Networking Central.
- Consistently define and assign policies based on identity, with continuous enforcement. ClearPass provides Zero Trust network access to ensure that people and devices—whether IoT, BYOD, or owned by the agency, have access only to the digital resources they are entitled to, whether they connect across the wired network, wireless network, or a VPN. The network continuously monitors the user and device security status, and if anomalous behavior is detected, the network can limit or revoke access to stop the spread of malicious activities, based on the predetermined policy.
- Enforce least-privilege access throughout the network. With HPE Aruba Networking solutions, IT can apply Zero-Trust security principles from edge to cloud to lower risk. Dynamic Segmentation applies least-privilege access to applications and data by micro-segmenting the network so that devices can communicate only with their intended applications.
- Ensure the highest levels of data protection. HPE Aruba Networking supports centralized, end-to-end encryption to safeguard data privacy and integrity. The HPE Aruba Networking encryption/decryption engine delivers the highest level of security without sacrificing performance, with support for FIPS 140-2/3 validated 802.11i, NSA Suite-B crypto termination.
Advance IoT adoption with confidence
With HPE Aruba Networking solutions, Federal IT teams can adopt or expand IoT use cases to connect smart medical devices in hospitals, lower energy costs on smart bases, enable predictive maintenance on machinery or fleet vehicles, more effectively track agency property, or deliver better digital experiences to staff, visitors, or constituents—with the confidence that a modern network with Zero-Trust Security built in from end-to-end can mitigate risks of smart, connected devices in a digitally interconnected world.
Learn more
Security-first, AI-powered networking for NIST compliance whitepaper
NIST compliance checklist for network security
John_Klopacz
John Klopacz is Vice President and General Manager, Federal, HPE Aruba Networking. John oversees the HPE Aruba Networking Federal business, including Field Sales, Systems Engineering, Channels, and Field Marketing.
