The impact of the internet of things is not yet as big as many market participants were expecting. At least if you take a recent study sponsored by IBM and ARM into consideration. One of the major obstacles for IoT implementation executives are concerned with is the practical implementation. While high costs have proved a major hindrance, one might also ask if the way the IoT industry is selling its products and services could also be a problem.
If you’ve been to one of the many IoT conferences, you’ve probably heard that phrase that “data is the oil of the 21st century”. That is probably why manufacturers of IoT technologies think they should offer closed systems that rely on a cloud that nobody else can touch.
Let’s take a smart home system, for example. You’ll find many technologies for a “smart living” experience, ones for smart lighting, smart heating, smart gardening, smart kitchen, smart surveillance and so on.
Closed systems won’t be successful
Yet, while each solution provider might be an expert in his specific field with outstanding products, closed systems are not what customers want. They don’t want to install a new gateway for each system that talks to its own cloud and uses its own app. One for the lighting, one for the heating, the next for the robotic vacuum cleaner and probably another one for their home security system. That jungle of different systems makes IoT installations complex, inefficient and expensive.
One cloud to rule them all
Internet giants like Amazon and Google are now making use of that technological gap by combining these systems under another cloud: their own. By introducing smart voice assistants that have become so successful, vendors of IoT products and services can’t hide away anymore and must offer support for Amazon Echo, Google Home and even Apple’s Siri and Microsoft’s Cortana smart voice assistants.
Connected clouds are unsatisfying
However, with that one major cloud that connects all the other systems, smart home installations are still too complex to become a bestseller. And one major issue remains: If the network is down, the whole smart living experience is rendered dumb within a blink of an eye. Nobody seriously wants that.
Common standards that enable devices from different vendors to interact directly with each other on a local level are urgently needed. With or without an active online connection, windows need to be able to tell the heater if they are open or closed. Motion sensors still need to be able to contact the lights, shades or doors.
Devices need more ‘freedom of speech’
Making devices less dependent on their respective cloud won’t necessarily cost the solution providers a source of income in means of information. Since smart home systems will always be used for monitoring and remote-controlling purposes, that business segment won’t die.
What needs to change is that too much unnecessary data is being sent around the globe. Devices need to be enabled to talk “more freely” with other systems. A common standard that enables direct interaction will not just make IoT systems less complex, it will make them cheaper to install, easier to maintain, more secure and, last but not the least, better selling.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
As IP-enabled technology for the home continues to increase, networks and security architectures are in dire need of change. Every IoT-enabled smart device inside the home needs to communicate with a server, which is typically located outside the home. The amount of data and frequency of communication between the device and the server varies, but even a single outbound connection increases vulnerability to security threats. The now infamous attack on Dyn, which was launched inside compromised IP video security cameras, is a prime example of the vulnerabilities currently existing in these connections.
How should networking evolve to allow smart home data to transport securely? The answer is actually minimally. This security lies in the network’s most basic building block: the router. IoT providers need to replace their basic access switches on-premises with increasingly smarter, session-stateful routers that can subscribe to registries of certified and authorized IoT services. By only recognizing the certified components, they should provide a secure route between a home and the IoT service while preventing any non-conforming traffic from being passed to/from the IoT device. This technique would essentially create a virtual private network between each IoT device and its server. With this approach, both the service and homeowners win; the service owner is ensured of the IoT device accuracy and location while the homeowner can now prevent any unauthorized outbound flows. Other benefits of this device-specific intelligent router would include clear end-to-end control, even through mid-network network address translations (NATs), such as NAT64 or carrier-grade NATs.
There are those in the industry that tout virtual customer premises equipment (vCPE) as a security technology for IoT. In actuality, vCPE just moves the security border from the customer edge to the service provider edge, meaning the same networking issues exist. However, by moving the problem from a customer edge to a provider edge, better systems for security and traffic analysis may be available in a cost-effective manner. Service function chaining of different types of deep packet inspection (DPI) or firewall technologies can also help. But sadly, the trend in IoT, as well as data exfiltration, is to use encryption. Encrypted packets that originate in a home and are intended for a service cannot be analyzed outside of their IP protocol headers. It seems unlikely that IoT devices can be forced to go through proxies, so this makes DPI and standard firewall technology less likely to work.
Intelligent IP routers that are service-aware, session-stateful and understand client/server directionality can have a huge impact on how we integrate smart home technology with larger networks in the future. These routers could add metadata to packets that are being routed between a home and a server to provide improved understanding of a customer’s identity, IoT device identity or service requirements.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Next time you get your annual physical, will the internet of things play a role in that checkup? Maybe. But what could that look like? IoT plays a role in a multitude of industries and verticals, we have heard how IoT will impact how John Deere helps farmers, how it impacts the way GE and Rolls-Royce manage their fleets of planes, and how ExxonMobile is using IoT to remotely monitor its facilities. The future of IoT has the potential for great influence on our personal wellbeing, but it will face some major hurdles.
First let us look at where IoT hold the possibility to impact our daily well-being.
IoT is bringing greater insights into what we consume and how it impacts our lives. OK, this might be a little too Big Brother for you, but the reality is our homes are becoming even more connected to the grid than before. This connectivity is moving well beyond devices such as the Nest thermostat or connected doorbells, with the increase presence of digital assistants in the form of Amazon Alexa or Google Home and the ever-increasing connectivity for appliances, such as our refrigerators, washing machines and even connected toilets. What this translates to will be homes that will be able to monitor our activity on an hourly basis. Your doctor has you on a low-cholesterol diet? Soon enough your doctor will be able to read data from the pantry and monitor whether you are truly cutting down on the potato chips and steak.
As we connect our homes and ourselves, we can do a better job tracking healthy lifestyles. By some estimates, there will be four times as many mobile devices as there are actual humans on the planet within the next few years. We have already witnessed the breathtaking pace of smartphone adoption. Now we are seeing the rise of wearables such as the Fitbit and Apple Watch. Soon, connected clothing will become more mainstream, as we see brands such as Under Armour, Adidas, Nike and New Balance putting more investments in the space. Technology giants such as Apple and Google have integrated health applications into their mobile operating systems. Many of these connected devices have leaned on gamification to incentivize us to allow them to track how fast we ran our 10k or how many steps we have taken daily. Companies such as Athos are even providing connected clothing to monitor and coach us when we are lifting weights. All this activity information is creating massive personal profiles that our doctors will be able to tap into, getting a much more accurate insight into our activities — and by extension, our health. And it is not just our doctors who might use that data to judge us. Insurance providers are starting to offer perks, such as lower premiums to customers who share fitness tracker data to prove they are living healthy lifestyles.
A more connected medical network
One of the biggest issues with our medical industry is in the timely and accurate exchange of vital information. Will IoT solve this issue? No, but it could begin to shine more light on a process that is otherwise in the dark. As our persons, homes, cars and appliances become more connected, these nodes will become integrated into a wider network that is connected to our medical network. The information flowing between the nodes will continuously provide a much richer and fuller picture of our environment, our activities and possible issues. All this data could be tied back into a connected medical network, where your primary care provider would gain a much richer and in-depth view of you and your well-being. The network would be a first line of digital information, pulling data together for yourself or your healthcare partners, insurers or even personal trainers to provide a single view of your overall health. It could help eliminate all the paperwork and repetitive discussions that take place between an individual and their many different providers, leading to better conversations about healthcare and ultimately producing better, more personalized outcomes.
The pitfalls and potential of IoT
This all sounds great, right? But what are the possible pitfalls? Privacy is the main area of concern. When it comes to connectivity, the closer it gets to our person; as the sensors get closer to us, the more sensitive we must be with regards to the consumers’ privacy. The data becomes more personal. While having greater connectivity can bring great benefits, there is also the risk of consumers having a backlash against the greater sharing of private information. Society is struggling with the balance between having access to more data versus privacy. What is the line that we are not willing to cross when it comes to more data versus less privacy? This might be determined on an individual basis, but the network must be ready to handle this question.
While the possibilities inspire hope for a healthier, more digitally connected future, there is still some work to be done for it to become reality. Many companies working within the IoT space are focused on one specific product and its use case in the home or as a fitness tracker. But it creates a challenging ecosystem of disparate data and systems that do not necessarily connect. As with many business models, we may eventually see a network emerge that brings all of the data from these connected devices onto one platform, acting as a translator for our providers (and ourselves) and helping to draw a single version of the truth. At that point, we can begin to realize the potential for these connected devices to truly make a difference in our long-term well-being.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The internet of things continues to be one of the hottest trends in the technology world these days. The technology has impacted all facets of tech development and, of course, the way that websites are designed and developed.
Web design and the internet of everything
There’s no denying the buzz about the internet of things, it is a notion that pretty much everything, from automobiles and refrigerators to industrial machines and environmental sensors to baby monitors and surveillance cameras can be equipped with circuitry, allowing them to connect to the internet, offering information continuously or on-demand. A lot of internet-connected devices are on the market already. In any case, each IoT device has to be accessed, managed, configured and manipulated at some point. Doing so requires a more familiar internet-connected device, like a smartphone or laptop. And this commonly means new web development and design techniques.
Design considerations for IoT interaction
A website design company should be aware and knowledgeable of the different considerations for design and IoT interactions. The following are some design considerations required to let users interact with IoT devices:
- Back end: To allow users to interact with IoT devices, a way of establishing communications among them should be established. Since each device has various commands, capabilities and data, it could transmit and receive exactly how to communicate device to device.
- User interface: A web-based UI for an IoT app should be clean, fast and intuitive. All the standard usability best practices would be brought to bear when it comes to designing the interface, which include meaningful feedback, good user assistance and logical flow. Keep in mind that many, if not most, usage instances involve mobile devices.
- Security and privacy: The downside of IoT is that it presents more opportunities for hackers. If one could unlock a web-connected front door, a hacker potentially could do the same and help himself to the contents of the home. Part of the privacy and security responsibility lies on the device designers, but a third-party web designer has to make security the main design consideration.
- Power management: A lot of IoT devices are battery-powered and wireless; excessive back-and-forth communications would prematurely drain the battery. Communications should be designed to minimize power usage.
- Speed: Unlike traditional websites, where requests go to a web server that sends back data, there’s another communications leg involved between an IoT device and web server. This possibly means more latency and the perception of slow response of users. Thus, design strategies for slow connections must be adopted.
- Testing considerations: Testing an IoT website is a bit more complicated than it is for a traditional site.
Many opportunities to make lives easier
The advent of the internet of things presents a lot of opportunities to build innovative, new and useful apps to make people’s lives easier. It is good to know that the IoT development landscape is improving, but the present ecosystem still is rampant with difficult-to-use and fragile devices, most of which come with disparate communication protocols and security flaws that prevent seamless integrations. Instead of squeezing embedded C to the web world, there are other web tools and technology that could be used.
Impact of IoT on web design
The growth of IoT already is beginning to exert influence on web design. The following are some considerations for businesses when building websites, as well as web-based user interfaces:
- Business sites should develop the growing sophisticated ability of responding to personalized data from web-enabled devices.
- With a business site, activities should interact more directly with IoT devices. For example, a surge in search queries or uptick in online purchases for a certain product could impact a machine’s activities immediately for both those companies that manufacture products and those that prepare them for distribution. A third-party vendor message on the availability of a new product could automatically and quickly lead to its promotion on the website.
- Flexible, clean user interfaces are imperative. Designing websites that look good on screens of various sizes is imperative. IoT has many demands of user interfaces and web design; people will not interact with various devices in the same manner. Rather, they will have different expectations for the information displayed on every device and how they could optimally engage with it. Intelligible icons and minimal text can make the most of small interfaces. There would also be an increase in the need for dashboards, which include apps that help people manage data from various devices.
The emergence of autonomous vehicles is radically changing the automotive business. This change is bringing in new revenue generation opportunities for the whole industry, but with it, also new risks — specifically cybersecurity. Since autonomous vehicles are completely dependent on connected software for all aspects of their operation, they are vulnerable to a broad spectrum of cybersecurity attacks. As we see in the news every day, even well-established sectors like the financial industry and government agencies are still struggling to deal with the same issues. Subsequently, the automotive industry will actually have to leapfrog existing approaches to cybersecurity to ensure that not only are all existing threats are mitigated, but also that future “unknown” threats are prevented. Automotive cybersecurity is much more than ransom, data breaches, stolen personal records, etc. — it is about the safety of our lives!
The recent sanction of an automotive-specific cybersecurity bill in the U.S. Congress, H.R. 3388 also known as the Self Drive Act, and the Senate’s advancements on the AV START Act have sent a clear signal that the automotive industry needs to get serious about cybersecurity. The immediate security risks to connected cars and long-term risks to autonomous vehicles must be addressed. The Self Drive Act outlines the cybersecurity plan for autonomous driving systems.
Traditionally, the automotive industry only adopts mature technology. Unfortunately, the rapid pace of software development requires the automotive industry to become more innovative with respect to how it views software. More importantly, the dramatic increase in cybersecurity attacks demands cooperation among OEMs, Tier-1 suppliers, software developers and cybersecurity firms at a scale that has never been reached before. Today’s automotive cybersecurity technologies in the marketplace are at best an afterthought. There are still many unanswered questions including how to safeguard internal vehicle systems from attacks and ensure data integrity while also providing data privacy and secure vehicle-to-cloud communications in millions of vehicles that each supports hundreds of ECUs, sensors, domain controllers, radars, LiDAR and ADAS. In order to deliver cybersecurity technologies to address these specific questions for connected and autonomous vehicles, a number of factors must be considered, such as scaling globally to a massive number of vehicles, detecting software tampering and malware, support an array of telematics, information and safety applications, enabling precision access control to vehicle software suppliers, and meeting regional safety, privacy and driving regulations.
Fortunately, there are two new emerging technologies, software-defined perimeter (SDP) and blockchain, that offer a path forward. SDP enables the provisioning of secure communications between the software process within the vehicle and cloud-hosted applications, while blockchain enables secure messaging. By combining the any-to-any connectivity of the SDP with the scale of the blockchain, an efficient cybersecurity model for connected and autonomous vehicles can be created.
In order to further provide secure connected and autonomous vehicles in a systematic manner and provide the required safety, a number of practices should be adopted:
- Incorporate an industry-wide automotive cybersecurity lifetime (from cradle to grave) compliance certification program. Make cybersecurity a mandatory part of a vehicle’s product development process;
- Establish a joint automotive cybersecurity taskforce that is responsible for proactive prevention, mitigation and correction of threats; and
- Provide regulatory agency access to vehicle metadata (non-personally identifiable information) for random cybersecurity compliance checks and validation.
What is a software-defined perimeter?
SDP is a new approach to cybersecurity that is designed to provide on-demand, dynamically provisioned secure network segmentation that mitigates network-based attacks by creating perimeter networks anywhere in the world, whether it is in a cloud or in a data center. The architecture comprises of three main components:
- Virtual gateway: An SDP virtual gateway is deployed in a cloud, data center or a connected gateway in the vehicle depending on the use case. This SDP virtual gateway combines the functions of a firewall, VPN and application-layer gateway in a single virtual appliance by only allowing approved software on authorized devices to connect to protected applications inside the vehicle as well as to the cloud.
- Client: To allow vehicle software processes to connect to protected applications, they must utilize the SDP client which can be embedded inside, e.g., an over-the-air (OTA) software management and data client. This SDP/OTA client has three distinct purposes. Firstly, it allows the automotive policy engine to determine the vehicle identity. Secondly, it allows the remote analysis of software and system processes to detect the presence of malware. And lastly, it provides a secure application layer connection between a software process or ECU inside the vehicle to a software process on a cloud application server.
- Controller: Tying the SDP/OTA client and gateway together is a controller. The SDP controller functions as a hub between the client and the gateway as well as external policy systems.
The SDP’s interlocked security controls protect software systems within a vehicle and their data from cybersecurity attacks. All SDP transactions are cryptographically certified to mitigate real-time tampering while the architecture scales to millions of vehicles supporting billions of software modules and ECUs.
What is blockchain?
Blockchain, also known as distributed ledger technology, is a decentralized database for ledgers and transactions. Bitcoin, also known as cryptocurrency, is one of the most famous and widely adopted global virtual currencies in the world and is based on blockchain. Users gain access to their Bitcoin balance using their private key.
Being immune to single-point-of-failure and security issues provides a lot of advantages to blockchain compared to traditional databases. The main advantages of blockchain are its immutability, scalability with data security, high data integrity, super transparency (all nodes have visibility into every messaging/transaction metadata) and its ultra-low cost per message/transaction, making it very suitable to for applications such as micropayments. Deployments of blockchain can be either public or private, where in a public blockchain (permission-less), any node on the internet can read from and write to the ledger with appropriate application, whereas in a private blockchain, all the nodes in the network are known and have explicit permission to read and write the ledger.
The above-mentioned blockchain characteristics make it ideal for automotive use cases, and OEMs could use a private blockchain as a platform to enhance their overall cybersecurity for vehicles, validate software bills of materials, enable cost-effective micropayments, strengthen identity management and improve data validation. Examples include pooling of data from vehicles, fleet management, optimization of business processes, and enabling peer-to-peer mobility-sharing capabilities that can all disrupt existing business models and improve overall operations.
Combining software-defined perimeter and blockchain for automotive
Blockchain enables secure messages that can carry a wide variety of payloads from the status of sensors to the delivery of private encryption keys, while an SDP provides secure in-vehicle and internet links. Thus, blockchain messages can be used by ECUs to signal management systems on their status. If a situation requires a secure bidirectional link, an SDP connection can be provisioned from a vehicle-to-cloud resource and, once set up, blockchain can be used to transmit messages between internal vehicle systems. The combination of SDP and blockchain technology creates a system that is very lightweight and scalable, and yet has the ability to create secure enclaves when required. In addition to supporting telematics and safety applications, this blockchain/SDP platform can also support multiple cryptocurrencies, such as Bitcoin or Ethereum, and thereby be a critical digital payment foundation for the automotive ecosystem.
A simple but powerful example of how short blockchain messages and SDP connections complement each other is the challenge of driving an autonomous vehicle in the snow. As an autonomous vehicle drives through a snowstorm, it can continuously send blockchain status messages to cloud-based safety monitoring systems. However, if the vehicle gets stuck in the snow and is unable to dislodge itself, a secure SDP connection can be provisioned which will backhaul all the vehicle image sensors to a specialized cloud application for processing.
Both SDP and blockchain represent the cutting-edge of technology. For example, Gartner listed SDP as one of the most important new technologies in 2017 to reshape the enterprise market. Similarly, blockchain is being adopted as a secure messaging protocol in a wide variety of applications due to its low cost and high scalability. The automotive industry could adopt both technologies as a foundation for secure OTA software/firmware/content updates, secure data exchange and autonomous driving communications. Both blockchain and SDP are open, license-free public domain standards, and both concepts are proven in large-scale critical deployments in areas such finance and telecommunication. This restriction-free model means that there is no barrier for the automotive industry to adopt and innovative on top of them.
With attacks rising every year, cybersecurity has become one of the most important focal points for the automotive industry. A disruptive approach must be incorporated to battle the threat of cybersecurity attacks that are becoming more sophisticated each day. With a blockchain-based SDP, OEMs have a unique system that can empower the global automotive industry to secure connected cars and autonomous cars with confidence.
This article was co-written by Junaid Islam. Junaid is the CTO and founder of Vidder, which provides distributed access control solutions to Fortune 500 companies. Prior to Vidder, Junaid founded Bivio Networks, which developed the first Gigabit-speed software-based security platform in the industry. Earlier in his career, Junaid helped create networking standards such as Frame Relay, ATM and MPLS at StrataCom and Cisco.
In addition to his work in the technology industry, Junaid has served at community and national levels as the Human Relations Commissioner of the Santa Clara County (Silicon Valley) from 2002 to 2009. Currently, Junaid is the co-chair of the Software Defined Perimeter research group, which supports a number of U.S. national cybersecurity initiatives.
Taking a smarter approach to creating “smart everything”
Making physical objects or systems “smart” is all the rage today. Terms like smart houses, smart cars, smart cities, smart grids, smart refrigerators and even smart hairbrushes pop up everywhere. But there’s something not smart in the way this trend is progressing. Securing smart systems is being often overlooked.
Cyber-physical systems and the smartification of our world
Smartification of our world depends on cyber-physical systems (CSP) — technologies such as the internet of things and industrial control systems (ICS), whose primary purpose is to sense and actuate the physical world.
The benefit of this is enormous. Think of all the cyber-connected objects in your life: recent model year cars have cyber-enabled safety features that help prevent accidents. Home management devices let you turn lights on or off in your home, adjust heating or air conditioning and much more simply by giving a voice command. Apps let you adjust functions of your home or car from miles away. Some can even alert you that someone has rung your doorbell — even if you are half a world away — and can show you who that person is.
CPSes also make distribution of essential services, such as power and water, more efficient. Sensors embedded in distribution systems detect imminent failures before they happen and dispatch repair personnel to the location to fix the problem before consumers are inconvenienced. Traffic control systems monitor traffic patterns and adjust traffic light timing to optimize traffic flow. Many other city services are cyber-connected, too, to maximize efficiency. These, too, are run by IoT or ICS.
Sensors in factory equipment monitor and take action to enhance productivity. Sensors even enhance how our food is grown; sensor-connected systems in the dirt of many large agricultural operations administer proper balance of water and nutrients in the soil.
These technologies play a role in healthcare, too. No one who has seen the high-tech equipment used to diagnose and treat patients in a hospital would be surprised to hear how much of it is cyber-enabled. Perhaps more surprising, though, is how frequently cyber-enabled devices are being implanted in people’s bodies. Cyber-enabled pacemakers, heart monitors, defibrillators and insulin pumps enable doctors to remotely monitor patients’ conditions and make adjustments as necessary. That makes each patient part of a smart cyber-physical system!
Cyber-kinetic attacks: The unintended consequence of smart technologies
There’s no debate that IoT provides many benefits. Yet, a downside exists to cyber-connectedness: the growing threat of cyber-kinetic attacks. Even though IoT and ICS technologies are very different in their implementation, from a security perspective they share many similarities. The physical layer common for both allows for attacks in which manipulation of physical processes is the target. Cyber-kinetic attacks hijack ICSes or IoT devices and use them to control physical elements of our world in ways that can hurt people or damage the environment. We better learn from ICS mistakes as we keep rapidly putting more and more of our physical processes under the control of IoT and keep opening ourselves up to increasingly devastating cyberattacks.
Consider the consequences of an attack that releases toxic chemicals into a region’s water distribution system or that disables the mechanism that prevents unsafe pressure buildup on a dam or that manipulates pressure in an oil pipeline so it explodes.
The attacks described above are real. Only the inexperience of the attackers and the quick work of responders prevented catastrophic damage.
Even in small-scale systems, the results of someone compromising the system are serious. A November 2016 attack on apartment buildings in Finland left residents without heat or water for days before technicians could undo the damage.
A bored teen took control of his city’s tram system and rerouted trains recklessly for his entertainment. His “game” of rerouting trains eventually caused a collision — with a dozen people injured.
A disgruntled former waste management contractor took revenge on the town that terminated him by manipulating the system to discharge more than 264,000 liters of raw sewage across town for months before he was caught. Environmental damage was massive, not to mention the nuisance experienced by those who lived near the discharge points.
Those attacks are only the tip of the iceberg as to what has been accomplished by attackers or demonstrated by researchers to be possible. Some researchers have demonstrated vulnerabilities that can allow a hacker to take partial control of cars that contain cyber-connected functions. Other researchers have demonstrated vulnerabilities in implanted medical devices that could allow an attacker to remotely kill the person in whom it is implanted. The list of vulnerabilities is endless. I have been tracking many key cyber-kinetic attacks and incidents. Other researchers track 1,000+ such incidents and attacks and claim to be able to link 1,000+ deaths to date to cyber-failures and vulnerabilities in cyber-physical systems.
Not-so-smart security practices and the vulnerabilities they cause
How did we reach this point where so many cyber-physical systems are poorly protected? It starts with benefits that people see in cyber-connecting our physical world.
In the rush to connect, security is placed in the realm of wishful thinking. This thinking goes, “Hackers are interested only in high-profile targets, like the Pentagon or government or major banks. With so many more attractive targets, why would they target us?” This rationalization leads to — at best — installing only basic security and trusting that their best defense is the obscurity of their system.
“Security by obscurity” is illusory, though. Ransomware attacks, one of the fastest-growing forms of cyberattacks, seek any system that has vulnerabilities rather than seeking predetermined targets. This makes the common argument of “who would want to target us?” not only irrelevant, but irresponsible. Vulnerabilities put any system that has them at risk.
The unique security challenges of IoT
Unfortunately, the nature and purpose of IoT complicates security further. Someone hacking a traditional information system generally wants to extract information. Someone attacking IoT devices generally wants to manipulate what they do. That expands the scope of attack vectors from protecting just data to protecting the myriad elements that an attacker could use to alter the underlying physical process. New approaches to IoT security need to be interdisciplinary and connect traditional engineering domains, wireless communications, systems engineering and cybersecurity.
In addition, not all traditional security testing processes can be used to test IoT devices. Penetration testing is designed to find system failure points. But with systems controlling critical physical processes that cannot afford interruption, such processes are worthless. Thus, security protocols and testing processes must be rethought and redesigned to meet the new reality.
Recognizing growing threats
The common approach of relying on the statistical improbability of a given IoT device being targeted is the same logic behind Russian roulette. And to make this approach even worse, the number of hackers is growing.
Nations are increasingly building armies of trained cyberwarfare specialists. Organized cybercrime groups are shifting their attention to IoT (and CPSes in general) for ransomware and other imaginative nefarious purposes. Terrorist organizations increasingly turn to cyberspace for targets that can disrupt the states they target. And many disaffected youths learn advanced hacking skills on the dark web.
Consider this sobering fact: When my research team assesses critical infrastructure systems in various countries for vulnerabilities, we rarely find one that hasn’t already been breached. We almost always remove some form of malware or backdoor that would let the hackers who placed them there return whenever they want to trigger them.
While the Russian roulette approach has worked for many vulnerable CPSes so far, the number of cylinders in the revolver is increasingly being filled with potential devastation. Ensuring that IoT is properly secured is essential.
Where do we go from here?
No one would suggest we go back to when our physical world and the cyberworld were separate entities. The benefits of connecting them are too great.
Cyber-kinetic attacks are real, though, and their numbers are growing. Wishful thinking is not a defense. Additionally, IoT technologies present new challenges that do not exist in traditional information systems.
To keep our increasingly smartified world safe, we must get serious about securing IoT technologies. Security must be addressed from the start of the IoT development — not left to chance, not patched on as an afterthought.
And security professionals must address the new challenges that IoT creates. Traditional security protocols and testing processes must be rethought and revised to catch up to current technologies. Only by securing the growing world of IoT can our smart technologies truly be as smart as they need to be.
With the growing popularity of wearable devices for things like fitness, medical monitoring and tracking things like keys, their use in occupational health and safety seems like a given. Wearable devices with the right combination of sensors can be used to monitor not only the surrounding conditions of a work environment, but also bodily vital signs that may be affected, as well as any effects of hazards or stress on the wearer. Fortunately, the different sensor packages that may be needed for different situations do not need to be designed from scratch. They can be modified packages based on a single versatile combination of processor and real-time operating system. And of course, their associated application software provides their unique characteristics.
One example already in development is a wearable sensor system for athletic activities including cycling, football, marathon racing, rugby, hockey and more. This sensor system consists of a bundle of three sensors in a 28 mm x 13 mm x 8 mm package that is applied to the skin of the head underneath a helmet. There are three sensors integrated into this package: a six-axis accelerometer that can detect both direct and radial impacts, an optical pulse/blood oxygen sensor and an IR temperature sensor. The latter two are in contact with the skin. From the data supplied by these three sensors, coaches and medical staff can be alerted to values in bodily vital signs that may signal danger in time to prevent serious medical conditions.
Chief among these is concussion. A player who sustains a concussion that is not treated and goes back into the game still suffering from the effects can be exposed to a second concussion impact, which may result in a fatality within hours in a seemingly healthy patient. Other vital signs that can be detected as well, as evaluated in relation to each other, include heart issues such as arrhythmia, impending heatstroke, respiration problems and internal bleeding.
The advantages of modularity and the ability to modify such a design also apply to connectivity. IoT devices, of course, come into their own when they connect to edge computers, which in turn connect to the computing power present in the cloud via the internet. For personal safety systems, this means wireless communication. In the case of the athletic sensor system, this comes down to three choices. For team sports that are played on a court or playing field of limited size, 6LoWPAN is used to simultaneously connect multiple players to edge devices around the playing field. For wider-ranging sports such as marathons, the longer-range yet low-power LoRa is used. And for situations such as cycling, where it may not be a disadvantage to carry a smartphone, the device can use a Bluetooth connection and the phone will carry the signal on to the internet.
Improving industrial safety
This example serves to highlight the kinds of possibilities available for other areas, such as industrial safety, mining, oil field activities and more. Each specific area will have its own unique needs for the integration and placement of sensors. They will also have their own specific wireless communication requirements. And it goes without saying that each area will have very focused needs for the application software that gives them their specialized functions.
Consider the possibilities, for example, for different occupational safety helmets. Today’s models are aimed at protecting the head from impacts with steel beams, overhead machinery, rocky ceilings in mines, heavy equipment swinging from cranes in oil fields … the list goes on. But each of these areas also have their own unique hazards that may or may not directly involve the helmet.
Take, for example, the environment of a chemical plant. Today’s workers of course often wear badges to detect hazardous materials in the atmosphere. However, they do not deliver dosage data in real time. A safety system with a detector on the helmet combined with additional sensors for vital signs attached to the skin under the helmet (say, in the helmet’s internal webbing) could instantly deliver an alert to spike in hazardous material while also delivering data on stress, respiration, pulse and so forth. A similar design for a mining operation could sense the air in the shaft for the presence of gases, coal dust, etc. At the same time, it could also monitor respiration, blood oxygen and more for each individual worker. Additionally, an electronic location sensor could pinpoint the exact location of any anomalous readings and sound alerts. The placement of sensors can be tailored to their function. For example, sensors for carbon monoxide or hazardous airborne particles could be mounted in the jackets of firefighters. Construction workers could have shoes with weight-bearing sensors to alert for heavier-than-allowed lifting. The list goes on.
On the connection end, different wireless techniques would be appropriate for different situations. For example, use in a mine or an industrial plant would require the distribution of multiple gateways to get around the signal blockage of rock or steel walls and equipment. An open environment, like an oil field, would need a longer-range radio with distributed gateways and a different location approach to identify the points of alerts.
Easing the development process
Such diverse technologies do not require a complete redesign if they are based on a platform that supports easy connection of devices, such as sensors and radios, and that comes with a wide selection of proven software support for the needed sensor devices. Coming up with a design focused on a specific area of activity is then a matter of selecting and connecting the right peripheral devices (both sensors and radio), along with their support software. The selected radio must also be used in the edge devices. Then the bulk of the value is added with the proper application software.
Part of that code would, of course, reside in the wearable device, but the bulk of the value would be in the analysis, storage and management code developed to run both on the edge devices and in a service in the cloud. For example, critical decisions, such as an alert to a radiation spike or signals that a particular worker was having breathing difficulties, could be quickly made at the edge in a gateway device. Other functions involving administration, worker history, assignments, scheduling, storage for longer term record keeping and so on could be done in the cloud application.
The future of industrial safety, as well as safety in other areas like athletics, can be richly addressed with creative technologies based on a common platform, but differentiated using specialized sensors and connection schemes — and, of course, creative applications. When these work together to signal specific hazards that can be either avoided or detected before becoming critical, the result is a safer and healthier participation in activities for both work and play.
The right solder paste must be used to ensure components are solidly connected to IoT rigid-flex and flex circuit boards. Otherwise, without getting a good handle on solder paste, both large and small IoT product companies may be throwing away thousands of dollars, as the wrong solder paste can create flaws such as shorts, opens and latent defects can occur, which could be very costly and time-consuming.
The industry uses solder paste by types. There are types 1 through 7, according to the Institute for Interconnecting and Packaging Electronic Circuits standard J-STD 005A dated Dec. 2011. Types 1-5 are the most popular, while types 6 and 7 are not as prevalent in PCB manufacturing. Powder metal serves as the paste’s basis, and it’s made up of millions of metal particles or so-called “solder spheres.”
That powder metal is combined with flux to form the solder paste, thus creating the necessary adhesion. Then stencil printing applies the paste on the IoT rigid-flex or flex circuit board to temporarily hold the components on the board.
The board is run through pick and place for component placement, and the assembly subsequently goes through the reflow oven so that the IoT components are soldered on to the board.
The key part of this process is to understand the size of the solder spheres comprising the solder paste. At one end of the spectrum, types 1 and 2 have significantly larger solder spheres compared to types 4 and 5. Type 5 has the relatively smallest solder spheres.
Also important to keep in mind is the larger the solder sphere size in the paste-flux combination, the greater the demand for a thicker stencil design. To meet proper dispensing requirements, large solder spheres work better and more effectively when thicker stencils are used. The reason is better solder paste can be more easily dispensed using the slightly larger stencil openings. For example, a 5-mil stencil might dispense better paste compared to a 4-mil stencil while using type 3 or 4 paste.
Types 1 through 3 work for larger conventional PCBs, but not for the smaller IoT ones. The IoT PCB stencil design requires a considerably smaller stencil design.
Therefore, it’s prudent to focus on types 4, 4½ or maybe 5 for IoT rigid-flex and flex circuit boards. Aside from its association with stencil design, solder sphere size again takes center stage because we have to keep in mind that extremely small components populate an IoT rigid-flex and flex circuit boards. These are micro ball grid array (BGA), quad flat no-lead (QFN) and dual-flat no-lead (DFN) component packages. The pitch between package leads ranges from 0.25 mm or less, although in today’s technology people are beginning to use 0.15 mm pitch or in extreme cases, 0.1 mm.
These micro packages have literally thousands of leads, bumps or tiny balls used to make connections to the circuit board. The tiny spacing between each lead, bump or ball is called “pitch,” and it is less than the diameter of a human hair strand.
In effect, the smaller, finer pitch of these micro packages calls for smaller solder sphere size associated with a given solder paste. The smaller metal particle or sphere provides greater viscosity for fine pitch devices so that the solder paste performs considerably more accurate stencil printing within those tiny crevices. These smaller solder spheres can be dispensed more accurately because they are designed to be used on fine pitch geometries with finer pitches in the range of 0.25 mm or lower.
With IoT technology still in its infancy, inexperience can creep into promising IoT innovations and sabotage what can potentially be highly rewarding market opportunities. Here’s where a case of using the wrong solder paste — as mundane as it may sound – can derail those highly promising IoT projects.
PCB manufacturing and assembly have been so traditional over the years that using the same type solder paste for larger PCBs can be the norm at some contract manufacturers and electronics manufacturing services providers. That’s not where you want to go with your new IoT project. In cases like that, the manufacturer may inadvertently rely on types 1, 2, or 3. So, here are some of the consequences. The larger metal particles or solder spheres in those types of solder paste means the stencil may need to be adjusted accordingly. And under stencil printing may need to be performed, which should be avoided because the size of devices and their pads are smaller to begin with. With underprinting, there may not be enough paste to create a solid solder joint. Also, if too thick a paste is used, overprinting is the result, leading to shorts between BGA or QFN/DFN bumps. Other problematic areas can occur, requiring costly rework and longer assembly and manufacturing time. All this is avoided by using the right type of solder paste.
As cable and TV operators are losing subscribers to new competition, including streaming platforms like Netflix and Amazon Prime, as well as pay-TV providers like HBO and Showtime, operators must look for fresh revenue streams that will improve dismal churn rates and set a course for improving the bottom line for the coming years.
Many operators are rightly looking at the internet of things as the much-needed lifeline.
Estimates vary somewhat, but IoT numbers are staggering. Some 34 billion devices will be connected to the internet by 2020, up from 10 billion in 2015. IoT devices will account for 24 billion, while traditional computing devices (for example, smartphones, tablets and smartwatches) will make up the remaining 10 billion.
Advantages for operators
Operators are the primary provider of internet services for consumers. Many operators are also extending these internet services into Wi-Fi support, helping consumers install and maintain their internet connectivity throughout the home. As those consumers increase their adoption of IoT devices, they will become ever more attached and dependent on their internet connections — and by extension, the companies that provide them.
This puts operators in a prime position as the keepers of the keys to connectivity. Even better news? Operators already have a tremendous customer base, along with marketing and billing systems, call centers for support and trucks on the road. Some operators are already deploying security services bundled with other service subscriptions. The set-top box is the gateway for these service offerings, effortlessly connecting numerous home sense-and-control devices in one integrated set of smart home applications.
But there’s much more potential here. Smart home services like remote control doors, thermostats and lighting, all centrally monitored and controlled by the set-top box or gateway, represent enticing opportunities for cable and service operators.
These new, high-value services can provide increased customer loyalty along with additional revenues. By offering a turnkey solution, operators can position themselves as providing relatively inexpensive services — just a few additional dollars on top of the monthly fee already paid by subscribers.
Examples of smart home IoT services
Think of smart home IoT services as a smart home butler that assists residents in living their lives securely, more efficiently and comfortably. More than just a network of connected devices, this is an entire intelligent service that combines information from a diverse variety of sensing and input devices in a house, and enables easy management and control of the home’s systems and appliances.
The first step in creating this interconnected home is the use of various sensors that provide data to the cloud regarding the home’s environment, as well as the whereabouts of the individuals in the household. In addition to the immediate family members, grandparents, visitors and even pets can be included. This data is uploaded to an algorithm in the cloud, stored and analyzed via data analytics to create behavior patterns so the system learns how the residents live — where they normally are during specific times, who is present and when.
If the kids get home from school at 3:00 p.m., and the system senses someone entering the home at 11:00 a.m., the anomaly is recognized and will send an alert to the parents. If the system knows that everyone is out of the home by 8:00 a.m. and doors are left unlocked, it can automatically close and lock them. If the heating system has been left on and the home is empty, the smart home system recognizes the issue and turns it off, improving energy efficiency.
Suppose the water heater in the basement springs a leak. In addition to recognizing the problem and sending an alert to the homeowner, the system can turn off the water flow, limiting the damage and the expense of wasting water and energy. The list of potential services goes on and on.
Nothing comes for free
To capitalize on their advantages, operators must invest in their wireless networks to keep pace with the increased data usage and transmission from connected devices. They must also learn how to deal with data and understand data analytics. Finally, operators must retrain installation and support crews to not only place set-top boxes, but convert consumers’ homes into smart homes.
Setting the course for long-term success
In short, IoT represents tremendous opportunities for operators. It enables them to retain more current subscribers, attract new subscribers and provide new services.
There are also less tangible benefits. By digging into IoT services, operators will increase their customer knowledge, leading to ideas for new services. Operators will be known as innovators, leaders and early adopters, which will increase loyalty and set the stage for longer-term success.
Enterprises and the public sector worldwide are looking for ways to increase security, improve productivity, provide higher levels of service and reduce maintenance costs. Many of them are using IoT technologies to improve their critical business processes or to drive innovation across their product lines. According to MachNation forecasts and the IoT Edge ScoreCard 2018, worldwide IoT application enablement revenue will be $1.8 billion in 2017 growing to $64.6 billion by 2026 at a compound annual growth rate of 49%.
According to our definitions, IoT edge computing is a technology architecture that brings certain computational and analytics capabilities near the point of data generation. IoT edge computing enables certain processes to occur in an optimal location to create more secure, reliable and scalable IoT deployments. An IoT deployment using edge computing takes advantage of connected IoT devices or gateways that offer functionality in areas such as device integration, data ingestion, data processing, analytics and device management.
Since the edge is critical to IoT success, leading IoT platform vendors must provide edge capabilities. In this post, I will discuss five required capabilities of edge platforms.
Five capabilities of IoT edge platforms
MachNation research shows that IoT edge platforms excel in five capabilities. Vendors that have a complete set of capabilities for addressing edge requirements offer extensive protocol support for data ingestion, robust capability for offline functionality, cloud-based orchestration capabilities to support device lifecycle management, hardware-agnostic scalable architecture and comprehensive analytics and visualization tools.
Extensive protocol support for data ingestion
Enterprise IoT systems need an edge platform that supports a wide ecosystem of devices and best-of-breed hardware vendors. Given the many verticals and use cases being transformed by IoT, we expect an extremely heterogeneous mix of devices that will be used to gather machine data and make it available to other IoT systems. In addition, there are at least several dozen well-accepted standards used in enterprise applications and a long list of proprietary ones that are being used in custom and off-the-shelf point products.
Leading IoT platforms must support an extensive mix of IoT devices that have myriad protocols for data ingestion. Platforms with a focus on edge provide a comprehensive set of protocols that can be used out-of-the-box. The list of protocols for industrial-minded edge platforms generally includes brownfield deployment staples such as OPC-UA, BACNET and MODBUS as well as more current ones such as ZeroMQ, Zigbee, BLE and Thread. Equally as important, the platform must be modular in its support for protocols, allowing customization of existing and development of new means of communicating with connected assets.
Finally, leading vendors provide encryption, authentication and data protection functionality to address elevated enterprise security requirements of connected mission-critical hardware. Retrofitting brownfield deployments to secure machine data at the source is a capability exclusive to leading IoT edge platforms.
Robust capability for offline functionality
Enterprise IoT systems need an edge platform with robust capabilities for offline functionality for resiliency, performance and reduction in operating costs. To save energy or minimize risks due to connectivity interruptions, IoT assets are not always connected to the cloud. It is becoming increasingly clear that most, if not all, enterprise IoT deployments will lean on edge processing technologies. The technologies make it possible to process a large amount of data generated by connected assets, adhere to low-latency requirements of industrial systems and meet established service-level agreements of mission-critical assets.
According to MachNation research, leading IoT edge platform vendors provide offline capabilities in three functional areas: data storage with normalization, event processing using rules and machine learning algorithms, and a set of edge-based integrations with local enterprise systems.
First, edge systems need to offer two types of data normalization and storage. They must offer these services to (a) successfully clean noisy sensor data and (b) support intermittent, unreliable or limited connectivity between the edge and the cloud. Providing both makes the overall system more reliable and cost-effective.
Second, a flexible event processing engine at the edge makes it possible to generate insight from machine data. By analyzing this data with machine learning tools, enterprises can identify behaviors that are valuable to solutions including predictive maintenance and cybersecurity. In addition, by applying a set of rules to this data, enterprises can automatically send fault alerts to identify troubles in real time.
Third, an IoT edge platform should integrate with local systems to optimize existing operational processes. Enterprise locations including manufacturing facilities, warehouses, oil refineries and remote field sites have many local systems including ERP, MES, inventory management and supply chain management. A leading IoT edge platform will provide edge-based integration with these types of existing operational systems to help ensure business continuity and access to real-time machine data.
Cloud-based orchestration capabilities to support device lifecycle management
Enterprise IoT systems need an edge platform with cloud-based orchestration capabilities to provide a centralized set of management and oversight functions supporting connected devices. An often overlooked yet critical aspect of distributed IoT platforms is their ability to manage and orchestrate newly deployed technologies and processes associated with connected devices. In order to harness the true value of IoT, an IoT platform has to provide a set of centralized, efficient and scalable tools for orchestrating the edge- and cloud-based requirements of connected assets.
The cloud-based orchestration provided by IoT platforms addresses provisioning, monitoring and updating requirements of connected assets. First, to simplify on-site deployment and add a level of security, a platform should provide factory provisioning capabilities for IoT devices. These API-based interactions allow a device to be preloaded with certificates, keys, edge applications and an initial configuration before it is shipped to the customer. This greatly reduces the amount of on-site work and troubleshooting that will be required to get the device online. Second, once the device is deployed and operational, the platform should monitor the device using a stream of machine and operational data that can be selectively synced with cloud instances. Third, using over-the-air update capabilities, the IoT platform should securely push updates to the edge. This includes updates for edge applications, the platform itself, the gateway OS, device drivers and also updates for devices that are connected to the gateway. This allows virtually all aspects of a device’s lifecycle to be managed centrally and gives the enterprise complete control over a locally, nationally or globally distributed IoT deployment.
Hardware-agnostic scalable architecture
Enterprise IoT systems need an edge platform with a hardware-agnostic scalable architecture to support a heterogeneous mix of deployed devices at scale. Today, most enterprise information technology environments are made up of heterogeneous assets from different makers, each with a unique set of capabilities. IoT deployments are no different. Actual IoT deployments use equipment from several vendors. And over time, systems tend to amass a mix of components with each subsequent launch.
IoT platforms that provide leading edge capabilities are capable running on a wide range of gateways and specialized devices. IoT hardware is powered by chips that use ARM-, x86-, and MIPS-based architectures. Using containerization technologies and native cross-compilation, the platforms offer a hardware-agnostic approach that makes it possible to deploy the same set of functionality across a varied set of IoT hardware without modifications. This improves performance and reduces the technology and labor costs of maintaining multiple versions of production software and hardware.
In addition, visionary platform vendors employ the same software stack at the edge and in the cloud, allowing a seamless allocation of resources and ensuring that edge-based operations are not limited by cloud-based tools. Platforms that are capable of shifting resources between the edge and cloud are better suited at meeting anticipated and unexpected application demands. This makes the overall system more scalable by improving resiliency and operational efficiency.
5. Comprehensive analytics and visualization tools
Enterprise IoT systems need an edge platform with comprehensive analytics and actionable visualization tools to deliver insight to a diverse group of stakeholders. The most valuable element of an IoT system is the insight that it generates for the enterprise, but distilling that insight from copious amounts of machine data is extremely difficult. Due to resource, latency and bandwidth constraints, a lot of the data generated at the edge must be processed and analyzed at the point of generation. IoT platforms that fully support the edge with analytics and visualization tools will enable an enterprise to analyze data, generate insights and provide actionable visualizations for end users.
IoT platforms with leading edge capabilities will offer an open and modular approach to edge analytics. Out-of-the-box edge platforms can aggregate data and run common statistical analyses. For capabilities that require specialized analytics, the platforms should make it easy to integrate leading analytics toolsets and use them to supplement or replace built-in functionality. Then, leading IoT platform vendors will enable edge data to be visualized and actioned on a set of mobile-ready customizable and interactive dashboards suitable for different end users. This makes it possible for a truck operator and a fleet manager to access interactive dashboards that deliver a combination of useful information and relevant controls for each of their respective roles. For development of other types of bespoke presentation layers, customers should be able to select their own best-of-breed visualization or application provider.
Enterprises and the public sector worldwide are looking for ways to increase security, improve productivity, provide higher levels of service and reduce maintenance costs. Yet, enterprises face many challenges when choosing to deploy an IoT technology. These challenges can impact overall IoT deployment costs and timing. So many enterprises are using IoT edge platforms to improve their critical business process while overcoming these deployment challenges.
Enterprises should select leading IoT edge platforms that have five key capabilities — extensive protocol support for data ingestion, robust capability for offline functionality, cloud-based orchestration capabilities to support device lifecycle management, hardware-agnostic scalable architecture and comprehensive analytics and visualization tools. Platforms that meet these requirements will simplify the short-term deployment experience while offering long-term flexibility as enterprises choose to innovate with new IoT services.