A decade ago, spurred by his concerns over the amount of waste plastic utensils created, an entrepreneurial Indian scientist had this idea: Why put in the landfill what you can (nutritiously) put in your stomach? So Narayana Peesapaty decided to invent an edible spoon, and last year his creation finally gained traction thanks to a viral video and his considerable determination.
There is much that the smart city can learn from this venture.
Consider that in 2014, according to an EPA fact sheet, Americans produced 33.2 million tons of plastic; and though around a third of that was recycled, that’s mountains of waste going into landfills. While Peesapaty’s approach, though admirable, won’t scale to address the sustainability needs of entire cities, it is an object lesson in how those issues can be addressed in — you might say — bite-sized chunks.
The internet of things will empower smart cities to achieve widespread sustainability in those discrete chunks. Indeed, it is in the very nature of IoT-driven smart solutions to reduce waste, eliminate unnecessary infrastructure and create cost savings in the process.
The key to this sustainability is the networking capacity of IoT sensors and the ability to analyze and act upon the data they provide, both of which produce a cascade of benefits. Consider what can be accomplished simply with networked waste receptacles:
- Because they are discoverable with mobile devices, residents and visitors to cities can be directed to the nearest to either dispose of or recycle their waste.
- The receptacles can monitor their own capacities and alert the waste collection agency when they are nearly full.
- The agency can then tailor collection routes to only service those receptacles, reducing the amount of fuel consumed by trucks.
- Since the trucks can be equipped with sensors as well, they can automatically deliver waste and recyclables to the appropriate processing facility when they’re full, eliminating wasted trips.
- Because the system helps divert recyclables from the waste stream, it extends the usable life of a landfill.
This domino effect on sustainability can be replicated within almost any smart solution. Smart lighting and utility metering reduces demand on electricity, saving money and allowing larger populations to be served without increased generating capacity. Electronic ticketing not only reduces paper waste, but by eliminating ticket vending machines allows for unhindered access to transit services, reducing journey times and energy costs.
There are also more passive ways IoT allows smart cities and businesses to affect sustainability and meet environmental regulations. Air quality can be monitored and adjustments made or alerts sent out as necessary. Sites where illegal dumping has occurred can be monitored remotely, and law enforcement alerted when more takes place. Utility usage in public buildings and other infrastructure can be tracked, providing data that can be used to determine where to invest in energy efficiency, or possibly alerting to situations like leaking water pipes or unauthorized access.
Key in all of this is the fact that sustainability benefits are frequently ancillary to other IoT implementations — they’re a bonus, in other words. Networked smart meters are not generally installed by utilities because they will cut down on fuel costs since no one has to drive around reading them, for example — they’re installed for the ability to holistically monitor the system enables more rapid response to problems and more effective maintenance.
Edible spoons are an imaginative approach to a serious sustainability challenge; they are, in their own way, a smart solution. But when cities apply IoT to the larger challenges facing them, they will broadly improve sustainability across the urban ecosystem while implementing solutions that improve the urban experience.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Whitfield (Whit) Diffie is a giant in the crypto world.
Whit sat down with Rubicon Labs for an extensive Q&A interview that we publish as the mammoth RSA Conference gets underway this week in San Francisco. The interview also coincides with the 40th anniversary of the publication of “New Directions in Cryptography.” The paper, co-authored by Diffie and Martin E. Hellman, laid the groundwork for public key cryptography, set the stage for the broad adoption of the internet and made e-commerce not only possible, but safe. The pair were named 2015 winners of the prestigious Turing Award, widely considered the Nobel Prize of Computing.
In part one of this two-part edited Q&A, Whit weighs in on the privacy risks in an unprotected IoT world, tells why it’s better to build a bank vault than hire a guard service, why using GPS to track truck drivers is an invasion of their privacy and shares why he doesn’t own a Nest thermostat. Part two of the Q&A will be published tomorrow.
At the 2017 RSA show there will be a lot of attention focused on products that detect intrusions and malware. Are these good investments in your view?
If the amount of money spent on antimalware were spent on something else, it would be better. The malware industry depends on the problem not being solved. Protecting against malware is like hiring guard services to protect something valuable.
Are you saying that more investment should be put into secure software rather than into detecting flaws in the fingerprints of malware?
Yes. That is what works with crypto and it also works with bank vaults. Almost nobody gets into bank vaults.
But, the software industry wants to run incredibly fast.
Well, yes, that may be an intrinsic problem. There are a whole bunch of fans of a moving-target strategy and I think they are mostly wrong. And I parody what they say as “let’s keep everything jumping and hope it confuses the opponents more than it confuses us.”
Back when you co-created public key cryptography in the 1970s, did you in your wildest dreams ever imagine state-sponsored cyberattacks, ransomware or the Mirai viruses of today?
That was simply not a direction for crypto that I thought about in the 1970s. I knew about breaking into systems, but I didn’t so much think about system security as much as crypto security. My goal at the time was to secure the North American phone system because my collaborator Martin Hellman and I lived in North America, there were 100 million landline phones, lots of people, and there was just a sense of scale that we could achieve.
With the explosive growth of IoT devices, what are your biggest concerns?
My biggest concern is probably what is going to be built in an IoT device to snoop on everybody.
So you’re worried about “Big Brother” in your kitchen or living room?
I’ve believed for decades that human freedom cannot stand the decline in human communications. And I think this is just another sign of it. Truck drivers had a very independent job a generation ago. And now they are being watched by GPS all of the time. A generation ago, loosely speaking, a truck driver’s boss would say, “Here we are in Maine, get this to San Diego in a week.” And they wouldn’t know or even much care if he stopped to pick up some other stuff and went a little out of the way to take it to somebody. And, presumably now that is essentially impossible because they know where the drivers are every second. This is sort of an attack on privacy.
How do you mean?
Let me give an example on the other end of the spectrum. In the year 1800, the president would assign military generals and say, “Go take care of this problem,” and a year later he would either reward them or court martial them. The notion that the president — or in this case a company — is entitled to immediate control is one of the greatest security threats to the United States because presidents have a vison but not direct knowledge of a given situation.
Should people really be connecting all of these IoT devices in their homes or, would you say, the best thing to do is airwall gap your house so you have as few connections as possible?
You probably really don’t have a choice about it. I’m not sure you can fight these things, depending on how you can isolate your house. The truth is you may want to talk to the web and see the TV, etc. Look at Nest as an example, people want their thermostats viewed. They want to look over and see how the house is doing or turn up the heat because they are coming home from somewhere.
So would the father of crypto have a Nest in his house, and would you be concerned about privacy with smart thermostats?
I considered getting a Nest, but not for its communications features. No, the last time a thermostat broke, I went down to the hardware store and there was one on sale for $25. I didn’t buy a Nest because I needed a new thermostat and there was one that cost a 1/10 as much.
Should the burden be on the manufacturer to provide security for IoT devices?
Well I’m sure it should, but that doesn’t mean anything. In the first place, the basic principal of the world is that the more power you have, the more responsibility you have. But, the fact of the world is that the more power you have the first thing you do is try to negotiate your way out of responsibility. All sorts of things — including companies — that are tremendously powerful, in fact, in the end have very little responsibility.
Why do you think there are so many problems with securing IoT devices?
Most people think they can build something and then secure it later. It is obvious why they think that, because it is hard enough as it is to build it without security in it. So to tie your hands by insisting that it be secure at every stage of the operation will mean that someone else will beat you to market. Microsoft is the perfect example. That seems to be a basic problem of how we develop things fast and sacrifice the quality of the software.
What are your thoughts on hacking cars via over-the-air software updates?
Why you should be able to update it over the air or by radio is not clear to me. It is clear why it gets them into security problems.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The internet of things isn’t coming, it’s already here. New healthcare, industrial, home and personal devices are being connected every day, right under our noses. Gartner predicts that by 2020, nearly 21 billion IoT devices will be online. Yet as exciting as this explosive growth may be, it also brings new challenges — and chief among them is security.
As the adoption of IoT grows we are witnessing major security incidents. The Mirai botnet, for example, was able to hijack thousands of connected home devices and launch distributed denial-of-service attacks that knocked out large portions of the internet.
As more IoT devices come online, such attacks — and potentially more dangerous ones — seem inevitable. Keeping them from becoming commonplace will take new approaches to online security, and one of the more promising solutions that’s under research right now is rooted in blockchain.
You’ve probably heard of blockchain if you’ve looked into any of the various digital “cryptocurrencies,” of which Bitcoin is the best known. The success of these currencies has inspired a number of researchers to start applying blockchain technology to other applications, including to help secure IoT.
Without getting into all of the complex computer science behind it, a blockchain is a kind of distributed database that acts as a distributed digital ledger for transactions. With cryptocurrencies, for example, blockchain keeps a record of every time the digital cash changes hands.
What makes blockchain interesting to security researchers is that once it is created, a blockchain is immutable. By the nature of its design, blockchains are inherently resistant to modification of the data. Once the data is recorded, the data in a block cannot be altered retroactively. Any attempt to corrupt and modify the data instantly raises a red flag, because the validity of the blockchain is constantly verified and corrected using cryptographic algorithms and multiple distributed data records. The blockchain is itself secure and difficult for a person or a group of people to hack, making it an ideal tool for data security applications.
The distributed and decentralized nature of blockchain-based technology also makes it a natural fit helping secure IoT. IoT itself is a fundamentally distributed system composed of countless devices, any of which might jump on or off the network at any given time, making it a poor fit for centralized controls.
Who (or what) goes there?
So how can blockchain help secure IoT? One way is through blockchain-based identity and access management systems. The idea is to use a private blockchain to store cryptographic hashes of individual device firmware, creating a permanent record of device configuration and state. This record can then be used to verify that a given device is genuine and that its software and settings haven’t been tampered with before allowing it to connect to other devices or services.
Such systems can be an effective defense against IP spoofing attacks like those launched by later versions of the Mirai botnet. Because blockchain can’t be altered, devices that attempt to connect can’t disguise themselves by injecting fake signatures into the record.
Another application for blockchain to secure IoT is as a directory for device and service discovery. The advantage over other discovery mechanisms is because a blockchain is distributed and cryptographically verifiable, it’s less vulnerable to man-in-the-middle attacks and other exploits. By comparison, not only could centralized controls or intermediaries be compromised, but they also limit the ability of the IoT network to grow and reconfigure itself organically.
Putting the pieces in place
While this is all exciting stuff, however, it’s still too early to say definitively that blockchain will be a major component of IoT in the near future. This is a new and evolving area. There is much work to do in the way of industry standards to make IoT security systems from multiple vendors interoperable.
It should go without saying that blockchain-based security is no panacea, either. Early versions of Mirai relied on simple vulnerabilities like weak passwords and well-known default passwords to compromise devices, some of which were baked into firmware. IoT will never truly be secure until manufacturers accept greater responsibility for locking down their devices and adopt highly secure technologies such as blockchain.
Hardware, however, is only part of the equation. As IoT evolves toward greater autonomy, the need for innovative, end-to-end systems that can secure this new type of network environment becomes increasingly urgent. Blockchain, while still an emerging solution, is one of the more intriguing technologies with potential to set us down that road.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
Technology advances like the internet of things, big data and cloud-based services have generated an explosion in the number of IP connections. To keep them secure, all connections must be underpinned by basic cybersecurity measures comprising cryptographic keys and digital certificates that are tracked and protected.
When an enterprise fails to apply these basic security measures to its assets, it risks leaving whole systems vulnerable to attacks.
A 2016 report by Gemalto and the Ponemon Institute found 92% of businesses encrypt just 75% or less of their sensitive and confidential data when it is sent via the cloud. The proportion of respondents that encrypt data stored in the cloud was even lower at 40%.
Encryption in the cloud
Encryption is one of the most basic methods for securing data, however many companies make the mistake of failing to encrypt sensitive information. If they did, only authorized users with a matching key would be able to actually see private documents and information if they were to be breached.
Data stored in the cloud is often not within an organization’s control. Instead, it may rely entirely on best security practices by third parties. Unfortunately, with third parties it is almost impossible to guarantee that best practices will be applied. Trends like shadow IT are increasingly putting organizations at risk. According to Gartner, one-third of security breaches will come in through shadow IT services by 2020. Also known as bring your own app (BYOA) or bring your own cloud (BYOC), shadow IT is in direct conflict with enterprise data security.
The growth of bring your own device (BYOD) in the workplace means employees may be tempted to use their own cloud-based apps to store or share customer data with colleagues. The result may leave sensitive company data vulnerable with only the strength of an employee’s password to protect it.
Virtual private networks
A simple way to protect data stored in the cloud is with encryption using a VPN tunnel. A VPN enables remote off-site employees to create an encrypted, end-to-end connection with their company network and transfer data securely regardless of their location or the application they are using.
In summary, failure by cloud providers, enterprises and employees to implement basic security measures when handling sensitive cloud-based data is a major contributing factor behind many of the high-profile breaches reported in the media.
With more employers allowing employees to use their own cloud-based apps at work, the risk of sensitive data being leaked is set to increase. Using a VPN will keep company data private and secure whenever it is transferred to and from the cloud.
At IoT Evolution Expo in Fort Lauderdale, Fla., one question that emerged repeatedly was how best to build IoT infrastructures that can then be leveraged for new uses, uses that we haven’t necessarily yet devised. Speakers mentioned commercial lighting systems, traffic control signal systems and of course cellular data networks, with particular focus on the emerging wider-area, lower-data-rate standards.
Smart lighting, for instance, means wirelessly connected lamps. At a panel in a track on connected buildings, two representatives of the commercial lighting business argued that lighting in a commercial lighting installation is the least of it. The bulbs that replace traditional, higher-energy bulbs use bulbs with computing and radio components built into them and thus get networking components into shop floors and the like without explicitly creating a traditional IT network.
A lightbulb went off
Kaynam Hedayat, vice president of product management at Digital Lumens, said companies “can increase energy savings up to 95%.” As compelling as that might be (and, one should note, some eyebrows in the room went up at that figure), both Hedayat and Don Barnetson, chief product officer of Lunera Lighting, Inc., argued that selling lighting for a living is a loser’s game. That’s primarily because new lamps based on LEDs rather than hot filaments, last 10 to 20 years, so each sale is effectively a one-time affair, rather than an ongoing series of replacements.
“The lighting is the way we Trojan horse a wireless infrastructure onto the shop floor,” Barnetson said, to agreement from Hedayat.
This leaves the question of how the infrastructure works and what you’re able to offer in the way of services across that infrastructure once it’s there. Options Barnetson and Hedayat discussed included interior location services using Bluetooth beacons built into the lamps, collecting sensor data from devices other than lighting and providing highly granular control over HVAC systems.
Wireless IoT comparisons
One clear takeaway from IoT Evolution Expo as a whole is that there isn’t particular agreement over which wireless infrastructure makes the most sense.
Digital Lumens uses a customized (and therefore not standard compliant) Zigbee mesh network. Lunera uses Wi-Fi. Each has its benefits and downsides, but one striking downside for the mesh approach is the degree of bandwidth used merely to administer the mesh itself. Many of the sessions at IoT Evolution Expo took it as a given that cellular connections were the answer for most IoT applications. But cellular has considerably higher costs for the hardware along with ongoing network data costs.
The range of options for cellular connections is evolving, however. In a keynote presentation at the event, KORE CEO Alex Brisbourne said that the emerging LTE “categories” at lower data rates will make cellular connections for lower-cost devices economically feasible. “We’re starting to talk about ubiquity and very, very low cost,” Brisbourne said. “More importantly, you’re starting to build networks with relatively low latency. So LTE is a way of taking us up the chain to the richer applications, the ones that are being hosted in clouds, where we really want to have richness of content.”
As Brisbourne sees it, the highest volume of IoT transactions will be coming from consumer devices that only very occasionally check in with the network. “These devices may only need a signal out to them once a week or even once a month. Those kinds of requirements need devices that are extremely low cost, that can get on and off the network easily, running on very low power.” For this, Brisbourne favors NB-IoT.
But while there was interest in low-power, low-bandwidth connectivity options in some sessions, in others it was clear that enormous data streams would be generated by each machine on a shop floor, or by hundreds of sensors in a building, or from individual connected autos. Pavel Cherkashin, managing partner at GVA Capital, argued in a plenary panel on the financial dimensions of IoT investment that “most of the world doesn’t have the throughput at the level that we need it. Core communication technologies are going to have to be reimagined.”
For many companies, the internet of things has suddenly become the thing: a techno-competitive mega-trend that can no longer be ignored. However, creating an effective IoT strategy — and carrying it out with excellence — can be difficult and confusing.
In a recent survey, all CEOs in the Fortune 500 were asked, “What is your company’s greatest challenge?” The top answer was, “The rapid pace of technological evolution.” IoT is a prime example of the rapidity of this technological evolution. The methodology for companies to stay abreast of this pace and meet it with the talent required to navigate it is no small undertaking, but success in the process will define the parameters of technology competition over the coming decade.
Innovation programs are historically the vehicle that protects against internal stagnation and external irrelevance. However, the larger an organization gets, the more difficult it becomes to innovate outside of historical core competencies and market-facing product lines, both of which are common with IoT.
The global trend of the increasing need for smart connected products and services poses a number of challenges to traditional internal corporate innovation programs. These include:
- An unprecedented competitive landscape. With the rapid pace of technological change, it’s never been easier to create a technology startup company that anticipates user needs before they are well-articulated and disrupts an established market player. If you don’t understand the why, then the how doesn’t matter. With the internet of things, often the why — and the corresponding response behavior of the competitive landscape — is elusive.
- A heavy dependency on cross-divisional collaboration. The internet of things requires cross-divisional collaboration that many companies are not used to. By definition, developing a connected product implies an ongoing service that requires support, manufacturing integration, and a new sales and marketing strategy that transcends traditional corporate walls. Often this cross-divisional collaboration results in the formation of several new ecosystems in what had been a traditionally laid out corporate ecosystem.
- A rapidly-expanding digital ecosystem of products, services and data. Creating value with internet of things technologies often involves creating new products (e.g., a smart connected version of a legacy product), a new service (e.g., a predictive maintenance service for connected industrial assets) or new data streams (e.g., environmental condition data that can be consumed by an adjacent product or service). This rapidly expanding digital ecosystem is causing companies to innovate outside their comfort zones into new areas including data science, information security, outcome-based business models and enterprise software integrations.
- A knowledge deficit of IoT technologies, business models and market needs. Companies that stand to benefit the most from deploying IoT technologies and business models are the least prepared to do so. It is not uncommon for a durable goods manufacturer to have historical expertise in materials science, mechanical/chemical engineering or metal bending. These types of companies have historically faced challenges in being able to develop adaptive user experiences, integrate products in the field with enterprise IT services, sell recurring subscription contracts or monetize the value of data. The challenges are often due to a knowledge deficit that can easily hinder the effectiveness of any corporate IoT innovation program and obscure the success of the undertaking.
An evolutionary perspective
Many companies already have innovation programs in place. Adding an internet of things focus, although a revolutionary trend in thinking, usually requires surgical evolutionary adjustments in the following five areas:
- Clarity of strategic direction. IoT innovation program participants must know why the internet of things is important to the competitive success of the company. A lack of clarity or outlined, forward-looking goals that include a designated timeline can be detrimental to success. For example, having a vision that an enterprise needs to become known as a software and data company by 2025 in order to remain competitive helps drive critical direction, focus and momentum.
- Emphasis on cross-departmental collaboration. Product innovation historically focuses on the products themselves. However, smart connected products usually also include IT. The blending of operational technology (the physical products themselves) and information technology requires a new type of cross-departmental collaboration, introducing new people and roles to the entire innovation process itself.
- Identification of reusable technology, business models and processes. Companies often have multiple product lines, business units and/or market segments. Companies can get an edge in the competitive landscape by intelligently understanding how to reuse not just technology components, but also business models and process improvements. All components should be included as part of the innovation process.
- Adaptation of business processes to data and services. Many companies have business processes (e.g., order fulfillment and billing) that center on the manufacturing, distribution and sale of physical products. However, with the advent of smart sensors and data, new business models are possible by selling services (which may include a product or consumable), or by selling the data stream itself. Leading innovation programs lead participants to think outside the box of traditional product features and business processes, and expand the scope of thinking to data and services.
- Revised approach for capturing and acting on market feedback. Product companies usually have a new product introduction (NPI) process for ensuring a high-quality and normalized market launch. Although releasing software and products early to gain market feedback is a best-in-class approach, doing so prematurely can be detrimental to building a long-term trusted brand. Adapting existing NPI processes to gather critical market feedback while at the same time supporting and building a high-quality connected brand is a critical success factor for IoT innovation programs.
Change: The new competitive advantage
Leading organizations that have become the key innovators in this process got there by harnessing the reins of IoT innovation and focusing on early success with a small number of projects. Only after that do they then accelerate upon that success through the creation and establishment of corporate-sponsored IoT funding. This process naturally helps subsidize bright new ideas that help the company achieve its long-term vision.
Once the pace of IoT innovation is moving, the momentum continues to be driven by many forces: things like effective training, support readiness, manufacturing integration, adaption to business process changes, thoughtful talent acquisition and pricing calibration. While there is a tapestry of the aforementioned pieces to weave together, by fostering a culture of technology innovation and cross-divisional collaboration along with a keen focus on services and data, organizations can turn their ability to change into a competitive advantage for long-term success.
The internet of things is coming to a supply chain near you.
There will be 50 to 200 billion connected “things” by the end of this decade. Regardless of which research numbers you follow, we are about to be inundated by connected devices and things. IoT will be throwing off mountains of data — even more information to be added to our existing mountain of big data. This information will take on a new form and pace. Possibly smaller data points, but at a more rapid pace and coming from parts of our supply chains that were otherwise dark. The promise of this is to not only light up these dark parts of the supply chain, but also to fundamentally change how our supply chains operate. We should view this as a key component of the digital transformation of supply chains.
The digital journey is only beginning. IoT will be a vital part.
There is very little in our day-to-day lives that has not seen the impact of the digital revolution. How we think of point-to-point transportation will never be the same due to Uber. Where and how we stay when we travel has been radically changed due to Airbnb. How we listen to music no longer revolves around CDs, records or tapes. The very idea of purchasing a full album is foreign to many who have been accustomed to accessing music via services such as Pandora, Spotify, Apple and Amazon music. Watching television is not limited to our family rooms, nor is the activity restricted to time slots. Commercials, in some ways, are becoming a thing of the past.
While these are consumer-centric examples, the digital revolution’s impact is felt throughout B2B commerce, specifically in the supply chain. Supply chains are beginning to reap the benefits of digitization. How? From greater visibility throughout the supply chain. Industries from agriculture to automotive and consumer goods, heavy industry and retail, have all started to extract value from enhanced digitization throughout their supply chains.
In the chocolate industry, brands such as Mars have a greater view into cocoa production in sub-Saharan Africa through greater usage of connected farms. Companies such as Harley Davidson are more in tune with their manufacturing facilities thanks to IoT. Logistics firms lean on telematics to do a better job with fleet and asset management, and to capture greater efficiencies with regards to load management and routing.
However, many of these digital enhancements are being felt in pockets of supply chains. The digital revolution is not a tidal wave impacting all aspects of the supply chain with a giant bang. Rather digital, and in large part IoT, is taking hold at specific parts of the supply chain. At times this is being leveraged to enhance existing processes, while in other situations we are seeing new transformative business models emerging. A good start. The exciting opportunity for supply chains will be when they are fully connected, fully networked. For this IoT holds out much promise.
IoT is a vital step towards a truly digitized and networked supply chain.
A truly digital supply chain is one where processes and business models are centered on digital communications. It’s a world where the mechanical and digital are integrated in such a way as the physical world has a digital mirror of information and data. This digital mirror allows the physical to be more efficiently managed, to be used in different ways and to allow the physical world to take on new business models otherwise not possible. This digitization revolves around a greater access to, and usage of, data. This data is rich with information, consumed in a timely fashion and leveraged to make greater business decisions.
Supply chains shouldn’t simply look to place sensors on objects and assets, but rather, understand why being able to “see” more from these objects can benefit their business. IoT plays an important role in this vision. It will add a layer of visibility and access to data that supply chains are otherwise blind to.
As supply chain professionals continue to work down the digital road, they need to take into consideration a number of these technologies and innovations. IoT is just one cog in an otherwise complicated and dynamic ecosystem.
Even though they differ greatly, what analyst and vendor projections all agree on is that the number of connected internet of things devices will essentially go through the roof over the next couple of years. Estimates range anywhere from 20 to 50 billion connected IoT devices by 2020 — with Gartner, for example, projecting 20 billion devices as more a “conservative” estimate, if there ever is a conservative view in light of these stunning figures. But no matter how many billions of devices it will finally be, one thing is for sure — it’s going to be huge!
While this sounds encouraging and almost too good to be true, there are downsides, namely security flaws and the unprecedented threat of cybercrime. Nobody wants to be the party pooper and demonize the technological advance toward a bright and shiny digital universe, but it would be fairly naive to bluntly ignore the facts.
Let’s face reality: As much as the IoT universe grows, so does the security challenge
Over the last few months, the cybersecurity industry has been observing some quite interesting trends such as an uptick in distributed denial-of-service (DDoS) attacks with unparalleled data traffic. Cybercrime has become a vast ecosystem that keeps soaring. Experts predict that data breaches could cause damages of up to $2.1 trillion globally by 2019, which is essentially right around the corner. According to Juniper, the average cost of a data breach in 2020 will exceed $150 million as more business infrastructure gets connected.
In a recent study, nearly 52% of the participating consumers believed that IoT products do not have the necessary security in place. And far worse, 85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented. A shocking 90% of developers surveyed didn’t believe that IoT devices on the market currently have the necessary security in place.
One of the driving forces for this drastic increase of devices is simply price. With cheap internet pretty much accessible around the globe and wearables becoming a commodity, the price spiral is heading south and the market is simply flooded with low-cost hardware. This enormous price sensitivity, however, almost inevitably precludes to inherently embed comprehensive security features, as this is nothing else but a mutually exclusive trade-off.
On average, IoT devices are inexpensive. With 50% of all connected devices targeting the consumer space, manufacturers are caught between the devil and the deep blue sea. As a consequence, those targeting the mass market have little financial margin to invest into the security challenge as it’s simply a costly undertaking.
For the bad guys on the other hand, it’s literally the land of milk and honey with vulnerable devices accessible in abundance. In other words: The hunting ground for the predators is full of possible prey and fence season is long gone.
DDoS attacks are just an example, but once these devices are filled with user data, the issue will be taken to a whole new dimension. Unfortunately, the circumstances aren’t getting any better as more IoT devices will continue to go online every single day.
The security challenge: How to get out of here?
While the above might sound rather scary, it’s far from being hopeless, though it does require action now. Ultimately, there are two sides of the same coin, the first being technology and the second being the human factor.
Overall, the cybersecurity industry is progressing with its R&D efforts in order to come up with solutions that will alleviate various security challenge pain points. If everyone involved is committed to fixing the problem, then developing new technologies with built-in security features will become the norm and the result will be a much safer IoT. With the emergence of software-defined technology, tight security protocols and encryption can be implemented at the fraction of the cost of hardware components.
Vendors should consider de-commoditizing and coming up with a more differentiated product offering that, for example, includes security features. It’s obvious that these features come with a price tag. However, only when vendors translate these features into tangible benefits will consumers be prepared to pay a higher premium.
At the same time, it’s an important task for society to drastically increase its awareness of how to deal with data and teach at least basic principles of how consumers can protect themselves and mitigate cyberthreats. Consumers need to understand the implications of their actions and should think twice about what kind of data to store on which IoT device.
Finally, governments must take appropriate action and shift their attention toward the rising threat of cybercrime in the 21st century by strengthening their cyberdefense activities and making it a strategic component of their security policies. Policymakers love talking about it, but the time has come to walk the walk. As a wise man once said, “Let’s not close the barn door after the horse has bolted.”
Below, we will explore the technical elements of a security-oriented wearable, and subsequent posts will concentrate on the balancing act between great security and end-user convenience.
To establish identity, we’re all used to our username/password combination, and probably have started using our fingerprints to log into our phones. Password policies are really hard to get right — so much so that, in most companies, it is the number one tech support question.
Fingerprints and other biometrics are better for a few reasons — mostly that they’re based on who you are, rather than what you know. So, you’re not going to forget your fingerprint, your retina or other things that make you who you are.
But if your fingerprint is not changing and someone steals it, what happens? Well, the short answer is that you should hope that this “template” is safely stored locally and not shareable across devices, networks and so forth. The beauty of a wearable is that it allows for the proximity necessary to keep that information close.
For example, part of a new phone setup is to capture your fingerprints. Even if you’ve owned three generations of the same phone, you can transfer your data to your new phone, but not your fingerprint. The reason was mentioned above. It is undesirable for both user and vendor to store sensitive, static data about a user.
Hopefully, this serves as a piece of useful information. In the world of wearables, portables and the like, the device should be assumed to be self-authenticating if well designed. That the information it shares is simply, “yes, this is the right person” or “no, it’s not.”
If you would like to rely on a wearable as a source of identity verification, there are some key things to keep in mind. Firstly, these devices should be able to confirm the known wearer’s identity. The next thing is thinking about how to query the wearable. Given the state of standards today, prevailing technologies for sharing this confirm/reject are Bluetooth Smart, NFC and USB.
In the real world, one would assume that a wearable must have Bluetooth Smart or NFC or both to communicate with IoT devices. Bluetooth Smart gives better range, but establishing a transient relationship with a thing is complicated and not yet standardized. NFC has less perceived threat to man-in-the-middle attacks and works well under certain circumstances, but you should assume that the wearable is on or near the user’s hand (NFC range is <20cm).
Another key component is tamper-resistance and/or tamper-proofing. A well-designed wearable will prevent a nefarious person from being able to access algorithms or biometric data. There are both physical and logical ways to preserve this data, but secure wearables can and should see tampering as a major threat.
Lastly, one should assume that a wearable has cryptographic functions. There are many options, but these devices can exchange keys with another device. This allows for encrypted messages between devices.
Experts at many security-minded companies have found these building blocks to be elemental to a credible secure wearable. My organization has demonstrated the ability to unlock computers, phones and physical doors from major players with these basic features, and these safeguards have provided the needed assurances.
Are there other considerations here? Yes. This is the beginning of a journey, but these are the lessons that we’ve learned so far.
In addition to a series of high-profile acquisitions (including Jasper, Wyless, Solair, ARM, PLAT.ONE and Bit Stew), 2016 saw some of the largest individual funding rounds for commercial and industrial internet of things companies. While total funding may be slowing down, the size of the individual rounds is, if anything, ramping up. Sigfox led the charge with a massive $173 million Series E, bringing its total funding up to $323 million, and its post-funding valuation up to $648 million. Investors threw huge piles of cash at several other companies developing innovative technologies centered on devices, connectivity, applications and analytics — these companies target a wide range of use cases, including energy, manufacturing, commercial buildings and connected products.
Below is a list of companies Lux has covered that raised big rounds in 2016:
- Sigfox: $173 million Series E / November 2016 — Sigfox builds public low-power wide-area networks (LPWANs) and sells data plan subscriptions geared towards connecting low-power sensors and IoT devices. The radios are smaller and consume less power than traditional cellular radios. The company has active networks deployed across a large portion of Western Europe and the UK, as well as small portions of Central Europe, North America and Oceania, with over 7 million connected devices. This latest funding round will help the firm increase its global coverage and put it in position for an IPO that it expects to achieve in late 2017 or early 2018.
- C3 IoT: $70 million Series D / September 2016 — Founded in 2009 by software veteran Thomas Siebel and originally focused on application and analytics platforms for energy organizations, C3 recently rebranded to focus more broadly on IoT. The firm has developed a platform for connecting sensors, IoT devices and enterprise systems to an environment that offers prebuilt AI and machine learning applications, an application development environment and analytics tools. This round, led by TPG Capital, brings the firm’s total funding up to $131 million. In addition to attracting this investment, C3 IoT won some big deals in 2016, including enterprise contracts with Engie and the U.S. State Department.
- GreenWave Systems: $60 million Series C / January 2016 — Greenwave was founded in 2008 by several former Cisco executives. The firm offers a horizontal IoT platform, called AXON, which enables connectivity between devices and the cloud. The company is currently targeting applications related to energy management, building controls, health care, asset tracking and smart cities. This funding round brings the firm’s total funding up to $76 million. GreenWave plans to use the funds to accelerate its global expansion and provide growth capital for strategic investment.
- Ayla Networks: $39 million Series C / June 2016 — Ayla has developed an IoT enablement suite that helps companies deliver internet-connected products. The offering includes an embedded software stack installed on devices and gateways, an Amazon-hosted cloud platform for device management, basic analytics tools and a set of applications for controlling devices from supported iOS and Android devices. Ayla has a strong footprint in connected home appliances and building systems, and a major presence in China. This latest round was led by China-based Ant Capital Partners — it brings Ayla’s total funding up to $59 million and will help the company continue to expand globally.
- Maana: $26 million Series B / May 2016 — Maana was founded in 2013 to develop an operational analytics platform focused on industrial use cases — the solution crawls and mines different data silos, indexes the information gathered, generates models and helps users operationalize insights. Maana has won a few big customer deals, including GE, Chevron and Shell, all three of which are also strategic investors. Saudi Aramco Energy Ventures led this round, bringing Maana’s funding up to a total of $40 million. Maana plans to leverage the capital to expand product development and ramp up the sales and marketing teams.
- Enlighted: $25 million Series D / February 2016 — Enlighted integrates a compact sensor and controller unit for commercial space sensing and lighting optimization. The sensor and controller is compatible with any type of lighting fixtures, such as fluorescent or LED, and it has embedded intelligence to control nearby lights in response to occupancy and light level. The firm has won several big deals to optimize office buildings at customers like Apple, AT&T, Barclays, Google, Oracle and LinkedIn. This Series D round brings the firm’s total funding up to $80 million — the company plans to use this new funding to “accelerate its IoT app development” and expand its international distribution to France, Germany and the UK.
- Electric Imp: $21 million Series C / April 2016 — Imp was founded in 2011 to develop a platform that helps manufacturers deliver connected products. The firm offers a toolset that includes a line of Wi-Fi/Ethernet modules, a proprietary embedded operating system, a cloud platform and a set of application development tools. Imp is well-regarded for the strong cybersecurity posture inherent in its platform architecture. This Series C round was led by London-based Rampart Capital — Imp plans to use the funds to ramp up strategic growth and product development.
In many ways, 2016 was the year of the IoT platform, and the financing truly tells the story — investments in and acquisitions of IoT platforms totaled well over $2 billion in 2016 (possibly even $3 billion, depending on some undisclosed figures). Sigfox broke the mold in this regard, as it is not a true platform, but rather a network operator and networking IP developer. However, Sigfox offers a preview of what’s to come in 2017: based on client enthusiasm and ongoing deployments, 2017 may be the year of the LPWAN (meanwhile, the reign of the IoT platform will likely continue, since platforms naturally manage the data from the things connected to LPWANs).
Between Sigfox, LoRa and the emerging LTE standards, a huge portion of the globe will deploy LPWAN in 2017, which is why Lux Research is currently writing a report on the topic and plan to publish during the latter portion of Q1. Those looking to invest in IoT startups should understand that platform and LPWAN startups will be desirable investment targets in 2017, with the potential for even more exits in 2017 than we saw in 2016 (several of the above companies are indeed poised for 2017 exits at huge revenue multiples). Those shopping for acquisitions to broaden capabilities and pursue new business should be on the prowl for top platform and LPWAN startups, like the ones mentioned in this article.