Every major auto manufacturer is committing to the connected car in some way. What “connected” means is likely to vary according to which manufacturer you talk to, but there’s little doubt we’ll see cars get more sensors, more apps, more in-dash control systems and more automation. According to Gartner, one in five cars on the road will be self-aware enough to discern and share information on their mechanical health, global position and status of their surroundings. Industry-wide growth is expected to stay at 30% annually between now and 2020 as a result.
Less clear is how we’ll take advantage of the technology that’s working its way into millions of new vehicles. Making cars smarter is one thing; we also need to improve the IQ of roads, cities, bridges, garages, traffic systems, and more so that connected cars have things to connect to. At Hewlett Packard Enterprise, we’re helping to usher in a smarter driving experience with a unique combination of technologies, expertise and partnerships.
Car as a mobile device
Beyond the basic concept of a connected vehicle equipped with Internet access, new markets have emerged, such as vehicle-to-infrastructure (V2I), vehicle-to-vehicle (V2V), vehicle-to-cloud (V2C), vehicle-to-pedestrian (V2P) and vehicle-to-everything (V2X).
A recent study by the Centre for Automotive Research highlighted that “the average car now contains 60 microprocessors, and more than 10 million lines of software code — more than half the lines of code found in a Boeing Dreamliner airplane.” Cars are becoming increasingly intelligent, and by 2018 one in five cars on the road will be self-aware and able to discern and share information on their mechanical health, global position and status of their surroundings. This self-awareness, together with the need to be constantly on, requires reliable connectivity and internet of things solutions.
The rollout of 4G LTE, and subsequently 5G networks, will further increase the capabilities of the connected vehicle, and facilitate faster transmission rates and higher volumes of data. Tier-1 communication service providers and telcos are ideally suited to provide such connectivity while needing an IoT solutions partner to address the automotive needs.
The car of the future will be safer for passengers and other road users. V2V and V2X communications coupled with high-speed analytics will make this a reality, and introduce heretofore unimaginable conveniences. Just imagine being able to pay for gas and parking charges from your car. And with analytics built in, the connected car will be able to offer not only pay-as-you-drive insurance, but also pay-how-you-drive insurance — rewarding good drivers and penalizing bad driver behavior. When cars are connected, the entire ownership and driving experience is more integrated and engaging.
Collecting, crunching and communicating data
To fulfill this vision, onboard systems need to do more than just compute. They also need to collect, collate, translate and share data instantly to enact what we call microservices.
Think of a driver heading for a bridge two miles away. The wind sensor on the bridge is recording the wind speed and direction. If this data is transmitted to the cloud, the connected car platform can recognize if that wind will impact handling and provide the driver with advance warning of the hazard and in plenty of time to take action.
Or think of how telematics information shared between vehicles, using a concept called swarm intelligence, can give drivers accurate, real-time information on road and weather conditions. You may not know a patch of black ice is stretched across the roadway ahead, but tire sensors connected to the onboard systems in the cars ahead will detect the loss of traction. With shared telematics and swarm intelligence, those vehicles could broadcast sensor data for others to consume and analyze, allowing your connected car to automatically adjust systems and reduce the risk of losing control. Changing gears or increasing traction, for example. In each case, connected car platforms gather and translate data — from devices with connectivity as diverse as 4G LTE or 3G/2G cellular, and low-power wide-area network technologies such as LoRa and Sigfox — to form insight that can then trigger hundreds of unseen but vital actions.
Connected car services are still an optional extra for many cars, but they are fast becoming a standard item, even in family sedans and hatchbacks.
Here at Hewlett Packard Enterprise, we recently worked with IAV, a leading automotive industry engineering consultancy to create a fully-functional proof of concept for testing the ways connected sensors from vehicles and infrastructure can optimize the driving experience — from real-time monitoring of weather and road conditions to warn against approaching hazards to checking to see if your garage is already occupied to collecting data about the state of the road surface for the relevant authorities. Connected car services can change how we drive, and keep us safer as a result.
But they’re also like any other networked technology in that the more nodes that connect and share data, the more useful the entire system becomes. That’s why analysts expect such big growth in this market and why companies are trying to simplify connected services development and deployment. A fully intelligent driving machine may not be here yet, but it’s also closer than most of us think.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Data integrity has often been associated with industries such as medical and finance, areas where dips in accuracy can create ripple effects that impact the everyday lives of people. In theory, government records should also fall in line with that. The old way of thinking is that government agencies are slow moving and have records in dusty old boxes stuffed in a warehouse similar to the one at the end of Raiders of the Lost Ark. However, as government paperwork has gone digital, the truth is that these types of records are as modernized as possible — and because of that, they require the same level of security as bank statements or medical records.
In a post-Snowden, post-WikiLeaks world, this is becoming increasingly vital. In some cases, data integrity has less to do with the actual content of records and more to do with the public trust. This scrutiny has heightened tenfold with the purported hacks into the Democratic National Committee’s email servers prior to the 2016 election. Removing the political aspect of that example and focusing solely on the cybersecurity aspect, such an attack shows the depth, range, ease of attacks that can hold powerful organizations hostage and disrupt business. Beyond the risk of foreign bodies accessing proprietary or classified data off servers, the other concern is the possible manipulation of databases. Every CIO’s worst nightmare.
In a world of evolving cyberthreats, how can governments protect their data? Enter blockchain, a growing presence as we move further into the age of the internet of things. It offers novel solutions to these tough problems.
What is a blockchain?
A blockchain is a distributed database platform utilizing chronologically linked segments known as blocks. The blocks are a list of things that have occurred over a given amount of time. The term blockchain literally means chaining together these blocks. It first came to rise in conjunction with Bitcoin currency, and represents a new type of record-keeping for the digital age, one that is transparent, permanent and publicly vetted for accuracy. The general theory behind it is simple: a block is established when a vetted record is made. The block is secured through one-way cryptography (hashing), and every computer on the network has access to these records. The records are logged in chronological order with the preceding and subsequent blocks, locking it into place with hashes, and should any attempt to hack its network occur, the intrusion is quickly detected, and discrepancies would be recognized by other nodes on the network and restored to proper values.
This level of public vetting ensures that no stakeholder can influence records and changes will always be identified and restored. One-way hashing also enables this public vetting without putting any data at risk. It’s the crowdsourcing model — done with technology to power security — and it’s the next big thing in cybersecurity.
How the blockchain can protect our government
In response to public outcry for transparency, the United States Congress has pushed agencies such as the Department of Homeland Security to prove that they’ve upheld data integrity. Traditional auditing is a labor-intensive process, one that could expose national security secrets and sensitive data. Administrators with the highest levels of security clearance would be needed, but there are only so many available resources. DHS began looking to Silicon Valley for a solution, and the blockchain has demonstrated significant potential by hitting these key goals:
- Data integrity: With a permanent record constantly being vetted by network nodes, any attempted data changes/removals would be highlighted almost instantly.
- Classification: Using one-way cryptography, it is possible to vet data without exposing sensitive information.
- Resources: Because data remains classified and the blockchain vetting process is handled on a public network, auditing can take place without occupying high-level administrators.
Even in a case like the 2016 Presidential Election, where reports of Russian hackers only lifted data rather than attempting to change it, the blockchain could have provided detection and prevention. The most compelling progress made in creating blockchain systems is Hyperledger’s Chaincode and Ethereum’s Smart Contracts. These groups are in the early testing of turning complete programming locked into a blockchain. Hackers would have to attempt to break the blockchain network or execute the code in unexpected ways to gain access. IT administrators of high-stakes material can establish alerts for any attempts like these and take appropriate action, thus forming multiple layers of protection over sensitive materials.
To 2017 and beyond
In a post-Snowden, post-election world, the need for cybersecurity has only intensified. The next paradigm shift will come with the implementation of smart cities, as local governments attempt to integrate the internet of things into infrastructure, commerce and logistics. Because of that, cybersecurity is at the forefront of everyone’s mind, and blockchain represents an efficient, effective and secure way of handling that. The next step is getting Silicon Valley and the Beltway to truly collaborate — and the resulting partnership could finally bring proactive, not reactive, cybersecurity to the United States.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Nobody doubted that IoT security was a disaster when, well, disaster struck — the Mirai botnet took down swaths of the internet through a fairly simple, preventable attack.
But experts believe there are going to be more susceptible devices in 2017 than ever — and hackers will be on the lookout.
“Sometime during 2017 we should anticipate the release of an automatically propagating IoT worm that installs a small, persistent malicious payload that not only continues to infect and propagate amongst other vulnerable IoT devices, but automatically changes all the passwords necessary to remotely manage the device itself,” said Gunter Ollman, CSO at Vectra Networks. “The owners of the now locked-out devices will be forced to pay a ransom to the mastermind behind the worm in order to learn the new password, thereby taking the ransomware threat to the next level. To prevent this worm — and future versions – device owners will not only have to preemptively change default passwords of the devices, but also manage the patch level of the kernel software on the device to prevent exploitation of new vulnerabilities.”
Rick Howard, CSO at Palo Alto Networks, noted that while security researchers have been sounding the alarm for years, we need to make sure we’re not missing the bigger picture.
“The thing is, the network defender community as a whole already knows how to prevent about 99% of playbooks that exist on the internet — including the 2016 DDoS attacks,” Howard said. “We have not been diligent as a community to deploy those prevention controls across the entire community. Therefore, in 2017, in an effort to stop future large scale attacks leveraging IoT devices, we’ll see the network defender community begin deploying these controls for better prevention.”
However, beyond the tried-and-true security basics such as encryption and strong authentication, Ryan Lester, director of IoT strategy at LogMeIn, says the IoT security problem needs a new solution.
“IoT brings with it a whole new set of security challenges that can’t be solved by retrofitting current security solutions and following the same old rules,” Lester said. “Companies must think thoroughly about how to manage one-to-many relationships, which is an outlier in today’s more frequent 1:1 device relationship.”
Matt Rodgers, head of security strategy at E8 Security, agreed, adding that traditional tools simply won’t be effective in the connected world.
“In 2017, monitoring an IoT environment with traditional tools will no longer be an option, both cost-wise and technically for the IoT owner,” Rodgers said. “With so many devices doing so many things, an attacker will have a very large surface area to find and exfiltrate personally identifiable information, which will increase the quantity of attacks and further reduce the potential cost of each attack for the attacker.”
Geoff Webb, vice president of strategy at Micro Focus, said that Mirai was potentially just the beginning — things could be a whole lot worse next time around, and it’s time for regulations to come up to snuff.
“With the number of IoT devices expected to reach into the billions, the potential scale of a well-coordinated IoT attack could be used to present a very real threat to the critical infrastructure of this country, online banking, emergency services, and commerce in general,” Webb said. “We should expect IoT security to quickly become part of the national security agenda, and to see governments starting to evaluate the role of legislation and safety standards for internet connected devices.”
Jeannie Warner, security strategist at WhiteHat Security, agreed, “I’m expecting/hoping to see a shift from the term ‘security’ to ‘safety’ as well as an increase in legislation mandating increased rigor of IoT security testing. I think that NIST’s SP 800 or a similar body will form guidelines for a comprehensive security assurance through the integration of dynamic application scanning technology and rigorous device controls testing. New guidelines will ideally force more application security vendors to partner with device control testing labs to support manufacturing earlier in the development process, helping the innovative organization manage risk by identifying vulnerabilities early in development, continue to monitor challenges during testing, and help release more secure product.”
The internet of things’ growth spurt over the past year leaves many wondering what the next 12 months will bring. Industry experts looked in their crystal balls and offered IoT predictions for the days and months ahead.
IoT prediction #1: Disembodied voices seeking recurring revenue
“Customer experience and engagement will drive business,” said Ryan Lester, director of IoT strategy at LogMeIn. “IoT product companies will rely less on the initial device purchase and more on recurring revenue opportunities, subscriptions and up-sell opportunities.”
“Amazon’s Alexa and Google’s Home Assistant are only the beginning,” Blanka said. “All of the major players will be making efforts to integrate this technology into their products. With a heavy focus on natural language processing and clarity, you’ll see algorithms and chipsets designed to enable intelligibility for two-way voice communications between users and their devices.”
“Next year will see the proliferation of IoT solutions in any number of product categories that classically have not included technology or connectivity features,” said Mitch Maiman, president at Intelligent Product Solutions. “[But] not all of the ideas will offer a significant enough value proposition to succeed in the marketplace. Expect to see new players, but also expect to see many startups fall by the wayside. Competing in this space is expensive, and there are a lot of ideas out there that lack sufficient value to keep consumers engaged.”
As the commonly cited statistic goes, nine out of 10 companies will fail within their first four months of operations. As such, Michael Beamer, president at goTransverse, knows that companies must start with a clear view of monetization, especially in IoT.
“Companies who haven’t yet figured out how to bill for these new products and services will be left behind by those who have,” Beamer said. “Without an aligned go-to market strategy, the groundwork that has been laid merely becomes a blueprint without infrastructure. Figuring out what model works, articulating ROI and understanding how an IoT initiative impacts the entire business will become mission-critical for companies looking to emerge victorious in the competitive world of IoT.”
“Increased volumes in device shipments mean costs will continue to come down,” said Dermot O’Shea, joint CEO at Taoglas. “As a result, more business plans will make financial sense. There is a great buzz around the industry now and investors are scrambling to get in to the latest and greatest IoT opportunities.”
IoT prediction #2: The data lakes will be drained
McKinsey and Company made headlines earlier in 2016 when it estimated that only 1% of data collected from IoT is ever used. While later estimates show this number increasing, it isn’t nearly where it should be. The promise of IoT hinges on its data — so what will make it more useful and consumable?
First, Adam Wray, CEO and president at Basho Technologies, recommended that organizations stop letting data lakes be holding ponds for dank runoff. “Rather than a data lake-focused approach, organizations will begin to shift the bulk of their investments to implementing solutions that enable data to be utilized where it’s generated and where business processes occur: at the edge. In years to come, this shift will be understood as especially prescient now that edge analytics and distributed strategies are becoming increasingly important parts of deriving value from data.”
Rich Catizone, CTO of Morey Corp., further sees data at the endpoint as an opportunity for increased intelligence.
“If you can take action at the endpoint, rather than shuffle data around from the cloud to the gateway, you can save time and money in data collection and storage. This also sets the stage for the proliferation of machine or ‘active’ learning,” Catizone said. “Once our devices become more peer-to-peer based rather than client-to-server, they can begin to collectively track instances and become smarter by auto-correcting their own behavior, bringing forth emerging insights that are new and novel.”
Mark Bregman, CTO at NetApp, predicted that this edge intelligence will really take off provided open platforms are used. “An open platform provides integrated and simplified access to data protection and management services and enables new approaches to data modelling and analytics that will eclipse the advances we’ve seen to date,” Bregman said.
IoT prediction #3: Latency is the enemy
“Interconnections will become very important for instantaneous access to networks, clouds and working in a multi-application environment that enables the success of IoT,” said Tony Bishop, vice president of global vertical strategy and marketing at Equinix. “The increasing number of real-time IoT apps will create performance and latency issues. It is important to reduce the end-to-end latency among machine-to-machine interactions to single-digit milliseconds.”
To address these concerns, Christian Reilly, CTO of Workspace Services at Citrix, said networks must evolve with the times.
“New devices and workflows will augment existing systems,” Reilly said. “2017 will be a pivotal year in which networks become smarter to adapt to the combinations of devices and data.”
Roei Ganzarski, president and CEO of BoldIQ, found room for skepticism in his 2017 projections: “Not enough will be done on the integration of [smart devices] in the next few years since it is less sexy and creates less news and media coverage. Thus adoption of these will be slower than people anticipate.”
If Ganzarski is right, 2017 won’t be the first year when predictions ran well ahead of actual timelines.
And what about the security of all this? Check out what the experts’ IoT predictions for security in 2017.
Opportunities with the internet of things abound, and generally speaking those opportunities make themselves available to those taking action.
In that spirit, we share five IoT resolutions for 2017, a starting point to get your organization on track for IoT success.
1. Capture a new data source
Every day, companies capture data from interacting with customers and suppliers, as well as third-party data based on the economy, weather, social media and more. Here is how to get going:
Find an entirely new data stream
Set a plan to capture a new data source for your organization. For example, some industrial equipment may already have the ability to output information but it might not be captured today. Or readily available public data might be easily integrated and correlated with current information.
Add structure to an existing stream
You may have an existing source of unstructured data that is not particularly useful in its current form. Taking that same data and adding enough structure to make it accessible to others in the organization can bring new insights.
- Look into popular message queues like Apache Kafka to build a central traffic hub for message streams
- Dig into the industrial internet of things by seeing what information can be captured from existing industrial equipment
2. Scope a new application
Brainstorm a new application that delivers new customer benefit or operational efficiency. Options include:
- A new mobile application
- A user experience boost by delivering more accurate and relevant information
- Time-saving tools for customers and the internal business
While planning and building, ask yourself:
- What combination of data sources will provide the most value?
- Can this application benefit from real-time data?
- Can I move to a push model instead of just a pull model for application interactivity?
3. Build an IoT analytics application
Analytics on a fresh view of existing or new data helps drive a business forward. Consider applying existing machine learning models to existing workflows, or applying models to new incoming streams of IoT generated data.
For example, many machine learning models, or in earlier parlance statistical models, can be exported using the Predictive Model Markup Language, or PMML.
Specifically, tools like SAS export models to PMML that can be integrated directly into real-time pipelines. Modern transformation tiers like Apache Spark and distributed databases like MemSQL can natively host these models so that incoming data can be scored in real time.
Architects can expand on the popularity of libraries such as MLlib and TensorFlow to create predictive analytics applications using these tools.
4. Ensure the right foundational data infrastructure
Successful IoT deployments need to span from edge data collection all the way to the data center. Companies like OSI Software provide just one example of collection tools to help feed data into your pipelines.
Once in the data center, a common architecture involves integrating the following tiers.
At the messaging layer Apache Kafka and AWS Kinesis are popular options to aggregate data streams, connecting producers and consumers of information.
Most data pipelines require modifying the data from its state at capture to its state for long term persistence. Converting sharding schemas so data is properly categorized can take place at the transformation tier.
The most accurate model for predictive analytics involves both real-time and historical data, so being able to persistently retain data, including records over time, sets the proper context.
Nothing says “wow” like a real-time dashboard that enables quick visualizations of current data. Popular business intelligence dashboards like Tableau, Zoomdata or Looker, along with custom dashboard options using frameworks like D3.js, allow companies to provide widespread access to fresh data.
5. Set an organizational model for IoT success
There is no question data plays a more important role in today’s business climate with everyone clamoring to “transform.” New CxO roles like the chief data officer and chief analytics officer make that more apparent than ever.
At the end of last year, Gartner estimated that 25% of large global organizations had already hired a chief data officer. By 2019, Gartner expects that number to reach 90%.
Further, Gartner sees a rise in advanced analytics:
By 2018, Gartner predicts that over half of large organizations will compete using advanced analytics and proprietary algorithms, disrupting entire industries. This, in turn, is being driven by the proliferation of devices, connected “things,” connectivity and computing power — all of which creates more opportunities to collect data, analyze it, and potentially monetize it.
There is no better time like the present to get started on your IoT infrastructure planning.
Happy IoT Year!
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
It has been proven beyond a doubt that the internet of things is a risk for organizations large and small. From connected surveillance cameras to HVAC controllers, smart devices can be easily leveraged for nefarious purposes — most recently to power some of the largest distributed-denial-of-service attacks such as the recently devastating Mirai botnet threat.
But so far we’ve only scratched the surface of these troubles. The problem extends beyond simply aiming enslaved mindless devices at a given target to simply create a service outage. IoT attacks will get more sophisticated. They can and will become points of entry into sensitive networks and gateways to exfiltrate sensitive data.
Until recently, security concerns around IoT were heard, but not acted on. Fortunately, that’s beginning to change.
The IoT security difference
Staying on top of IoT device security is particularly important for three reasons: IoT increases the attack surface of a given network, can exist in networks without updates for a long time and, more often than not, these devices are developed by companies that manufacture them without enterprise-grade security in mind. When combined, all of these factors make a recipe for disaster.
Understanding why IoT devices incur such risk is actually quite simple. For one, most IoT devices are created with the average consumer in mind and do not meet industry standards for security. Take smart TVs for instance — virtually every corporate conference room has a TV that is connected in some manner (e.g., video conferencing technology). However, these consumer-first TV sets can become a gateway for attackers because they lack enterprise-grade compliance requirements and their firmware and configurations are not as hardened as they should be.
Further, the workforce can introduce this kind of insecure, smart technology without letting IT know via mobile, wearable and other kinds of embedded devices. Not to mention the tens, if not hundreds, of devices that are networked and likely not seen by traditional security and visibility methods. The fact that all these devices could comprise the network but are not well tracked also means the traditional perimeter is gone and old methods of protection focused on walling off a given network are obsolete. For example, smartwatches with built in Wi-Fi connections are often able to log on to the same networks as their connected phones automatically without letting their users know.
How these devices are hijacked
Understanding why IoT devices generate risk, let’s see how it can be exploited. A very realistic scenario of a compromise is leveraging IoT for corporate espionage. All it takes is downloading a malicious app to a smart TV to be compromised. It’s been proven that hijacking a smart TV for these purposes is not an impossible feat and even manufacturers are tapping into their TVs to learn about consumers. If manufacturers can listen in, hackers can hijack the same mechanism. It’s frightening to imagine a compromised TV, which is integrated with video calling capabilities, being hijacked and used for eavesdrop on sensitive board meetings or to conduct IP espionage.
IoT devices could also become a stepping stone — entry and exit — for hackers looking to infiltrate a network. For instance, HVAC systems are not always updated and can be an easy target for hackers. But as the infamous Target breach proved, lateral movement can lead to disastrous results if a hacker makes his way from a connected device to a sensitive system on the same network. No one wants to be the victim of the same.
Shoring up defenses
Fortunately, there are immediate steps that can be taken to reduce the risk of a breach through IoT. Begin with building out comprehensive visibility. Keep in mind that although discovery of your IoT devices is critical, you can’t get a holistic picture by just looking at domains and IP addresses (i.e., static log analysis). But often, IoT devices are sharing infrastructure with other services — AWS, CDNs, etc. — so seeing additional metadata like URLs and headers is crucial.
Device communication is also important to monitor. SSL encryption can present a huge irony in this process in that the same measure used to protect sensitive data can be used to hide malicious activity. You can’t discern what encrypted packets are really carrying into your network until it’s decrypted. But this issue can be overcome by leveraging monitoring tools that can decrypt deeply inspect encrypted data. Traditional methods of security like blocking malicious URLs and files, inline endpoint protection, deep content inspection and sandboxing should also be applied.
Ultimately, the wave of IoT is unavoidable, but you don’t have to be at its mercy. Take a comprehensive approach to security. Ensure visibility of devices and communication and be aware of the all the smart devices and their activity in your network. Fail to do so and you’ll regret it.
Some key questions to ask in order to protect your network from IoT-based threats:
- Can devices join your network without permission?
- Do you know how many devices are on your network at any given time?
- Can devices on your network download untrusted applications?
- What level of permissions do your devices have?
- Can you read all traffic to and from connected devices on your network?
Steady adoption of the internet of things continues to dramatically influence industrial architectures. Organizations can now gather and draw insight from a greater volume and variety of data across more diverse sets of applications. And as the movement of information between disparate hardware and software grows, so does the need for data security.
We’ve seen the repercussions of security breaches in recent months with the Mirai malware attacks, a series of sophisticated, highly distributed hacks involving tens of millions of IP addresses. Now more than ever, IoT experts share warnings about the threat of unsecured devices connecting to the internet. It’s not surprising that many companies believe IoT is fundamentally insecure, or consider security infrastructure investments to be too complex. But the benefits of IoT outweigh the possible risks — and delaying the appropriate measures needed to safeguard against malicious data exploitation is doing more harm than good. If industrial organizations are serious about IoT, they must become serious about industrial IoT security.
Here are three key steps you can take to ensure robust IoT security while enabling connectivity to thousands of devices and other data sources.
1. Educate and communicate
The first step is developing a company-wide defense strategy that sets clear corporate standards and goals. Most large industrial companies are concerned about security, but do not have a clear view of their own operational shortcomings. Operations and IT departments must break their silos and come together to determine the criticality and vulnerability of site operations. By distinguishing areas of operational disruption and potential vulnerability, employees can then develop standards around cybersecurity and establish what the company defines as “trustworthiness” for a secure IoT effort.
2. Find the right partner(s)
Finding the right partner is key to creating a strong defense infrastructure for your IoT. Implementing a scalable security solution requires a partnership with software vendors who are open with their designs and work as a team with their customers. Proactive partners will monitor the domestic and international development of cybersecurity rules to ensure their solutions stay ahead of hackers changing attacks. They also recognize that the data they protect is vital to businesses’ success, and can integrate effective IoT security strategies without causing downtime.
3. Use proven technologies and standards
When evaluating industrial automation vendors, look for offerings that consider both security and innovation. A product with centralized security architecture (built into the core) and remote programming configuration is a good example of balanced best-in-breed technology and data protection. With these features, users can organize security permissions on channels, devices and tags based on the role of the user. By defining authorized users and assigning them to appropriate user groups, administrators can focus on roles rather than setting permissions for each individual. This ensures a secure solution with a smart communications layer that enables access only where it is absolutely necessary. For example, a manager must be allowed to monitor the system, but should not be allowed to control it.
Most importantly, IoT security solutions must be built on open standards and offer secure data tunneling capabilities. The OPC Unified Architecture open standard was developed to help streamline the movement of high volumes of data between the device and application layers. Solutions that have these protocols embedded at both the interface and user levels can help organizations better configure trusted relationships with various clients and servers across the industry.
More data, more problems … more options for control
We’re currently in the midst of a catch-22 agreement with IoT: as data becomes increasingly available, it also becomes increasingly vulnerable. With every new connection, there is a new potential point of failure or malicious breach. Honing your company’s ability to securely move information between software applications and hardware appliances is critical to any automated process. Operations, IT developers and IoT vendors have an important role to play in promoting best practices that ensure the industry becomes smarter about IoT security.
As the internet of things has gained steam, more and more organizations have harnessed the power of connected systems. The benefits of these systems are vast — they help streamline production, improve employee environments and reduce energy costs.
There is a general consensus on the value of IoT. In fact, a recent IoT 2020 Business Report by Schneider Electric, which surveyed more than 2,500 decision makers around the world, found that 70% of respondents see business value in IoT and believe it will create new opportunities for their companies in the near future.
While organizations have been quick to adopt IoT solutions and are realizing some benefits, most have faced challenges when it comes to finding a way to make these systems live up to their full potential. This is specifically true in industrial and warehouse spaces, for a variety of reasons including the perceived (or actual) complexity of the system, reluctance from busy employees to fully embrace the system, inability to manage new data sources coming from the systems, and existing infrastructure that’s extremely siloed and doesn’t support data and information sharing. These barriers impact the amount of usable data that companies can collect from their systems as well as the cost savings they are able to generate.
Much of this stems from the fact that “IoT” is often not found in job titles or descriptions, and IoT responsibilities can be found among several different departments, often falling into either the IT or facilities camp, but rarely straddling the two or expanding into others. And while a more formal role might be on its way — in fact, Machina Research predicts that at least one Fortune 500 organization will appoint a chief IoT officer this year — until it is widespread, how can organizations fully leverage the power of IoT?
One way for organizations to usher in IoT initiatives is by identifying one internal person — an “IoT Champion” — that can work with all of the key stakeholders across departments, despite it not being within their job function. Once this person is identified, there are several steps he should take to identify — and deploy — his own internal IoT initiatives.
Start with one goal: Data collection
The goal at the heart of any IoT initiative is to collect data that can be analyzed and applied to benefit the business. Ideally this data can be used cross-functionally, though each function may use it to solve a different problem. For example, in a warehouse environment, IT might leverage occupancy data from sensors that show a lot of activity in certain areas and help spot trends that inform opportunities to implement new systems or processes that further improve productivity, efficiency, or safety and security, while a facility team might use that same data to justify the purchase or repositioning of equipment to ease traffic issues. Understanding that data is the core goal of any IoT initiative will keep implementations focused and help organizations make the most of their investments.
Implement a pilot program before launching a full-scale initiative
As mentioned above, one of the factors holding organizations back from implementing full-scale IoT systems is the perceived complexity. This is true both in the case of organizations that are just installing the first intelligent system within their space and those that are working to integrate systems with one another.
To combat this barrier, start small and be prepared to scale (or iterate). While deciding which pilot program to implement varies by organization, it’s always a good idea to assess existing infrastructure to understand if there are untapped IoT platforms or conduits that may minimize the complexity of starting completely from scratch. In Schneider’s IoT 2020 Business Report, decision makers indicated that the organizations that are piloting IoT initiatives are the ones observing the most success.
Highlight energy-efficiency benefits as proof of concept
A very attractive benefit of IoT is cost savings — in fact, IoT is helping buildings become up to 90% more efficient. A great (and relatively easy) way for IT and facilities teams to make early strides is through energy-efficiency benefits. While IoT benefits go well beyond energy efficiency, quickly realized energy savings are a surefire way to show that IoT is making a difference, thus getting other functions on board.
Understand that it can (and likely will) take time
Given that IT and facilities departments have rarely (or never) had cause to work together before, organizations must recognize that getting these departments to collaborate efficiently, even if everyone is on board, may not happen overnight. By demonstrating early success and pilot projects, it’s easier to inspire everyone, including senior-level management, to get behind the implementation. IoT initiatives require incremental changes that complement existing investments and time to get teams to embrace this new normal.
Companies must examine all projects — especially the non-IoT ones — and consider how they can benefit and accelerate future IoT projects. When updating facility functions or equipping new builds with lighting, for example, think about it as a deployment of a connected system that starts with energy savings and at the same time will accelerate future IoT projects via a connected or open platform.
Assess and make known the benefits and risks of implementing an IoT system versus not implementing it, and again of integrating it with other systems that may already be in place. Additionally, make sure employees are aware not only of the benefits that both the company overall and its customers will see from this change, but also of the benefits that they will see within their own workplace.
While implementing an IoT initiative or integrating existing systems can seem like a daunting task, IoT is here to stay. Organizational data collected, analyzed and made actionable in a scalable manner will soon be the cornerstone of success for agile operations, and companies that do not participate will be at a disadvantage when it comes to their competition. However, by working to communicate the benefits of these types of initiatives and systems to employees, promoting an environment that encourages employees to work together to make the initiative a success, and finding the right person to spearhead the project, organizations have the potential to reap massive long-term benefits.
About 100,000 internet-connected devices – thermostats, baby monitors and other “smart” devices embedded with the brains of a computer – compromised by malware launched a distributed denial-of-service (DDoS) attack against Dyn, one of the premiere providers of DNS – the equivalent of the internet’s phone book. Overloaded with fake requests, Dyn’s DNS servers were unable to provide legitimate services to its clients, like Amazon, The New York Times and Twitter.
IoT botnets may be one of the biggest emerging internet threats, and you should pay attention. Not because of the ability to launch crippling attacks to take out large sections of the internet as we saw the Dyn attack, but because your organization may be complicit in the attack.
Enterprise adoption of IoT devices – including commercial and government – will account for almost 80% of IoT adoption, creating one of the largest attack surfaces for your enterprise and an intrusion vector possibly eclipsing phishing email as a top risk exposure.
If your organization has difficulty managing traditional enterprise IT risk today – servers, workstations, mobile devices and even a cloud deployment – the upcoming wave of IoT devices will be larger by an order of magnitude (10 times larger), creating an unmanageable attack surface expansion for almost every organization operating today. This is the greatest risk to enterprise IT risk managers as they absorb the impact of future IoT DDoS attacks.
Who is responsible for risk management of these connected devices? For unmanaged IoT devices deployed at home, the answer today is not clear; it may be the consumer, the manufacturer, or the internet service provider. However, responsibility for enterprise IoT devices is very clear; the company responsible for installation and maintenance of the IoT device is responsible for safety and security. This even applies as IoT vendors go out of business or stop supporting firmware. As modern enterprises move their essential operations to connected, digital corporate ecosystems, the scope of traditional IT risk management must be expanded to compensate for the evolving threat landscape.
Safe and secure operation of these systems captures executive and board attention, and many leading organizations have identified this risk as an existential threat to their organizational competitiveness and survival. Leading organizations have designated a chief risk officer or digital risk officer – sometimes as a direct report to the CEO, or sometimes under the chief legal officer. Undoubtedly, this not only the chief information security officer’s or the chief information officer’s duty, but there must also be an enterprise-wide movement to accountability.
As you adopt more IoT, have the following conversations with your business and IT stakeholders:
- Ask “How many IoT devices should we have?” and “Does that make sense?”
- Ask “How do we scan/monitor our network for IoT devices?” and “Do we know their purpose?”
- Consult with subject matter experts on possible impacts from an IoT deployment, and run tabletop scenarios of the major risks posed to your operations from IoT devices.
- As an organization, decide the amount of risk your organization is willing to take for the benefits of an IoT deployment. This is your digital risk appetite.
- Finally, use your digital risk appetite to estimate a risk-benefit tradeoff that translates your digital risk impact into business action for your executives.
Opening this dialogue within your organization will help your business adapt to evolving technology and understand the important shift into digital risk management. Discovering, developing and communicating your digital risk appetite is the first step in preparing for tomorrow’s emerging digital risks.
The internet of things continues to prove its relevance in organizations’ digital transformation strategy. Companies big and small invested in it in 2016 and are realizing opportunities in extending IoT uses out into the field to enhance customer relationships and driving business growth. Throughout 2016, technology providers of all sizes started to truly realize that alignment is vital to relieve fragmentation and that they don’t need to “own” every piece of an IoT solution to add significant value and succeed.
2017 will continue to bring more complexity to the market, but companies will start to find their uniqueness, allowing us to focus on the real problems at hand together.
Below are five predictions for what 2017 holds for IoT.
1. Measuring business impact and security fears will be the greatest inhibitors of IoT projects and solutions
There’s no doubt that IoT has huge potential for business impact, but end users need to get comfortable with the anticipated ROI in order to move beyond maker projects and proofs-of-concepts to real investment. Without understanding business value and potential ROI, IoT adoption will stifle and slow. There’s a bit of a catch-22 in these early days because companies that have successfully deployed an IoT solution typically don’t want to share metrics of their success with competitors. We’re seeing progress on this front with more and more companies willing to document measurable benefits in case studies, but it will take time for this to become the norm.
Once customers are confident enough in the business value and how to calculate it, the second biggest inhibitor becomes security fears. 2016 brought the largest DDoS attack ever delivered by a botnet made up of IoT devices, which shut down 1,600 websites in the U.S. A month later, a major attack on Dyn led to a massive internet outage across the U.S and parts of Western Europe. According to analysts and industry experts, this is just the beginning. Most of the hacks to date have been conducted through consumer devices that had limited to no security measures applied — products that promoted ease of use and instant gratification over security. That said, as the business value and associated attack surface grows for IoT so will the interest of attackers.
Throughout 2017, hackers will continue to exploit IoT device vulnerabilities to launch broad-scale attacks. To help fight this battle, the fractured IoT market needs to come together to develop security measures that render devices less vulnerable by default and promote best practices in deployment while also recognizing the importance of retaining usability. After all, for IoT solutions to be successful the business value needs to be far greater than the complexities involved with deploying and maintaining them.
2. Consolidation of IoT platforms through broad-scale collaboration
It’s no secret that the IoT market is fragmented. Currently, there are over 400 platforms, which is confusing to customers and slows down the process of research and development. The market needs to consolidate so that it’s easier for customers to leverage preferred technology and they don’t feel like the rug might get pulled out from under them with a failed platform that built its entire data integration foundation in a silo. We have seen a distinct trend in 2016 that companies have gotten it out of their system that they must “own” everything to be successful. In fact, many have realized that it’s simply not possible to cover all facets of an IoT solution well. In order for the industry to scale, we need to come together on a more common foundation so we can focus our differentiation where it matters in areas such as analytics, advanced security, vertical expertise and services.
A key factor that will accelerate interoperability efforts is open source collaboration. Open source platforms are increasingly being used in industrial, smart cities and utility industry projects. I think historically conservative industries will continue to get more comfortable with open source in 2017. We will see a leading open source platform project emerge that provides a center of gravity for data integration. This will mitigate between the fragmentation in connectivity standards. As more open source tools are developed and mature, they’ll become a vital part of the research and development process, too.
3. Increased focus on use cases within verticals
A lot of the IoT hype comes from the consumer segments — connected baby monitors, refrigerators and toilets. We have been focused on commercial and industrial sectors from the broader markets have started to realize that’s where the real ROI is. In 2017, the market will have deep conversations on use case development within industrial verticals. By creating and sharing blueprints and solution architectures for these use cases, we’ll learn from each other and make more progress quicker. The consolidation I mention above will get us closer to the utopia of an open and flexible horizontal IoT platform to which specialized tools and vertical domain knowledge can be applied to address targeted use cases. Meanwhile, proprietary platform and service providers focused on highly specific use cases will see traction and jacks-of-all-trades will be masters of none.
4. Vendors will focus on certifications to help advance IoT growth
Becoming a certified expert in one of the countless IoT platforms doesn’t mean a whole lot. However, as the industry works towards a de facto standard for data integration (and leaders that apply this foundation with their own differentiation emerge), the stage will be set for industry-specific certifications to take hold in an effort to keep the bar high and ensure that certifications hold weight. These certifications will help prepare top talent with the required IoT skill sets and will cover industry-standard tools, specific platforms that apply them and domain expertise in security, analytics or specific industries and use cases.
As a result, large companies and innovative start-ups will begin to invest heavily in low- or no-cost training certifications. This trend is already being seen in IBM’s Watson IoT Academy and PTC University’s ThingWorx Certification — and enterprises should be ready to keep track of what their IoT vendors are doing in the area of certifications.
5. Artificial intelligence will increasingly be used to mine the data coming from IoT devices
As IoT gets distributed across the edge and cloud, the insights will be boosted by the use of AI deployed via containers. AI has already been making a mark through aiding real-time decision-making. In AI’s future, developing more natural language capabilities will help to further realize the potential of a connected IoT world, as natural language-based data descriptions will provide a universal way to understand data among various types of devices. This approach will not only break down silos, but also allow people to communicate with IoT directly through voice or text.
This will come with challenges, especially culturally in the workforce. In countries where traditional industries dominate, such as manufacturing in Brazil, our Future Workforce Study found that 41% of workers said they worried a robot might take their job. Some companies are using the opportunity to retrain employees and teach them new skill sets. For example, data scientists will start training machines to go beyond reviewing large data pools for insights and answers. This will help machines to develop the knowledge to read between layers of data. AI will be able to interpret data differently, break it down more succinctly and identify and share nuances otherwise overlooked.
Do you agree with these? What other predictions do you have for IoT in the New Year?