Not long ago, securing a public sector site, whether a government office, school, or transport hub, was largely a physical process. CCTV cameras connected via coaxial cables, alarm systems triggered by opening doors or windows, and access controlled by lock and key.
These systems, while basic, had a significant advantage: they were not connected to the internet and, therefore, secure by design – no passwords to hack, no firmware to update, and no risk of remote interference.
Today, however, the landscape is vastly different, with the rapid adoption of internet of things (IoT) devices across public infrastructure. From smart traffic systems to access control in public buildings or environmental sensors in social housing, these interconnected systems enable real-time monitoring, remote management, and smart automation. Still, they have also opened new gateways for cybercriminals, with each connected device representing a potential vulnerability.
This technological leap is both a blessing and a burden for organisations striving to enhance operational efficiency. While it delivers unprecedented control and data insights, it simultaneously expands the “attack surface” – every device, sensor, or gateway is now a potential entry point for hackers.
The scale of cyber threats facing IoT devices is alarming. We recently conducted a live experiment, ‘One Hour Under Attack’. The goal was to assess how quickly an exposed IoT device would face intrusion attempts when connected to the public internet. The device recorded 2,266 attacks from 120 different sources in just sixty minutes!
These attacks probed for default or weak usernames and passwords, targeted open ports, and attempted to exploit outdated firmware – all tactics commonly used by cybercriminals to gain remote access or deploy malware.
Common vulnerabilities include:
This underscores the reality that any device left exposed and visible on the public internet is a target. Hackers now use artificial intelligence and machine learning techniques to rapidly identify and exploit these vulnerabilities, often before organisations know of any threat.
The public sector’s growing reliance on IoT means these risks cannot be ignored. Worse still, these types of cyberattacks aren’t just about stealing data; they can cause real-world disruption. Imagine a hacker gaining control of a city’s smart traffic system, energy distribution or even a school’s security cameras – the consequences extend beyond data loss to public safety.
As today’s cyber threats evolve, so must our approach to IoT security.
Many organisations attempt to secure IoT devices using familiar tools like encryption and virtual private networks (VPNs). While these measures are essential, they have critical limitations when it comes to IoT:
Ultimately, the issue stems from the public internet itself. If devices rely on it for connectivity and remote access, they will always be vulnerable.
The most effective way to secure IoT deployments is to remove devices from the public internet altogether. Spitfire’s One Network solution offers a fully private, secure network that seamlessly integrates fixed-line, cloud, and mobile connectivity. This approach ensures that IoT devices remain invisible and unreachable to external threats.
This approach significantly reduces the attack surface by isolating critical infrastructure from external threats.
Consider the example of a local authority managing multiple public buildings equipped with IoT devices. These may include access control, building management systems (BMS), environmental sensors, and emergency lift lines. If these devices rely on the public internet, each becomes a potential entry point for hackers.
By implementing Spitfire’s One Network, the authority can:
This improves security and reduces operational overhead and the likelihood of human error. IoT deployments remain secure, cost-effective, and easy to manage.
In a world where IoT rapidly reshapes public sector operations, security cannot be an afterthought. Hackers are leveraging AI and sophisticated attack methods to target vulnerable devices – but the solution lies not in adding more complex cybersecurity tools but in simplifying the connectivity itself.
By moving IoT devices off the public internet and into secure private networks, organisations can reduce risk, save time, and protect both their data and the communities they serve.
Public sector leaders must act now, because when it comes to IoT security, invisibility is the best form of defence!
Open Access Government produces compelling and informative news, publications, eBooks, and academic research articles for the public and private sector looking at health, diseases & conditions, workplace, research & innovation, digital transformation, government policy, environment, agriculture, energy, transport and more.
As a Crossref Sponsored Member we are able to connect your content with a global network of online scholarly research, currently over 20,000 other organizational members from 160 countries. Crossref drive metadata exchange and support nearly 2 billion monthly API queries, facilitating global research communication.
© Adjacent Digital Politics Ltd
About The Author
More Stories
Anatomy of a Scam
Climate and Environmental Sustainability Within the IETF and IRTF
From Commitments to Practice: Internet Society’s Priorities for WSIS+20 Implementation