Analysts and experts often focus on the potential impact that IoT will have on the consumer market, but few mention how significant the benefits will be for public safety. The ability to connect everything means opportunities to not only improve response times for first responders during emergencies, but also to engage in largely preventative measures in order to prevent infrastructure problems in the future.
Just like any other type of technological improvement, it’s important that the traditional groundwork for innovation is established. For example, LinkNYC, a project that established Wi-Fi hotspots across the entirety of New York City, only succeeded because it had a modernized telecom infrastructure already in place to build off of. The same could not be said for connectivity in deprived rural areas. The FirstNet initiative, where frequencies in the 700 MHz LTE band is being used to create a dedicated public safety network, is laying the appropriate groundwork for these IoT gains.
Here are five changes that first responders should expect to see in the very near future.
Improved response times
In cities such as NYC or LA, one of the biggest challenges for first responders is getting to the scene, often because of gridlocked traffic. While the sound of sirens and flashing lights will get other drivers to move, it’s often very difficult in heavily congested areas. With the use of IoT in driving, smart traffic signals and GPS will allow first responders to more easily avoid traffic, taking routes designed to most rapidly get them to their destination.
Early warning systems for medical emergencies
In the event of a health emergency, every second can be critical. As more smart health monitoring devices come online, it will be possible for first responders to receive early warning signals from individuals. In those cases, help can be on the way before an incident has taken place. We’ve already seen a mass market appeal for devices that monitor heart rates, like Fitbits and Apple Watches, but there are emerging technologies that look to monitor more organs and body processes to identify issues before they occur.
The end of high-speed chases
A USA Today story cited more than 5,000 deaths as a result of high-speed chases since 1979. For the police officers who have found themselves in pursuit, the prevalence of connected (and self-driving) cars can and should eliminate these incidents. A simple call from police to a company like Tesla can result in a vehicle automatically — and safely — being brought to a stop. While this scenario may have legal implications, the technology to achieve this is readily available.
It’s relatively simple to use GPS to identify the coordinates of where someone is, but far more difficult to identify their altitude. This has often meant that it’s impossible to know exactly which floor a firefighter in a multistory building in on, and this has left countless firefighters in harm’s way. This is changing rapidly, as a variety of approaches, ranging from Wi-Fi to magnetic field usage, are improving the ability to understand exactly where a person is in a building.
Failing infrastructure is always a talking point in the discussion of the economy, but it is also directly related to public safety by preventing accidents before they happen. Failing infrastructure can lead to death through falling debris, increased traffic congestion leading to more accidents, and other disasters. Filling a city with sensors to monitor buildings, roads, bridges and other forms of infrastructure can help keep up with changes before they become disastrous.
In truth, the coming IoT revolution will impact nearly every market in ways we haven’t yet begun to consider. For public safety professionals and first responders, though, some of the changes will happen in the near future and will lead to being able to perform their jobs in safer environments.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
It’s clear that the internet of things is transforming the business world in every industry — from giving companies the ability to track systems remotely, to providing doctors with patient data in real time, to automating building maintenance systems and more. As the technology has evolved over time, adoption among businesses has skyrocketed. In fact, according to research from Gartner, 8.4 billion connected things will be in use by the end of the year. It’s a sign that companies around the world are recognizing IoT’s potential to provide sophisticated data insights, better engage customers and employees, and ultimately drive business growth.
As 2017 comes to a close and we begin to look ahead to next year, there are five key IoT trends business leaders and IT teams should consider, no matter where they fall on the IoT adoption curve. These trends will impact how and where organizations implement IoT, which IoT technologies they adopt and how the technology will be integrated into existing systems and services.
Here are the trends businesses should watch for in 2018.
IoT will drive business transformation
Companies that have adopted IoT see the technology as mission-critical to their business. These companies are leading the way when it comes to digital transformation initiatives. According to Vodafone’s “IoT Barometer 2017/18” (registration required), 74% of companies that have adopted IoT agree that digital transformation is impossible without it. The businesses that implement IoT systems in the next year will have a clear advantage over competitors when it comes to evolving their digital capabilities.
LPWAN technologies will open up the IoT market
IoT adopters have great expectations for the future of the technology, and new connectivity options like low-power wide area networks (LPWAN) are making innovation possible. LPWAN technologies, like Narrowband IoT, allow for increased network coverage over a wide area at a low cost, making them an ideal technology for adding connectivity in hard-to-reach places. According to the analyst firm Analysys Mason, once there is greater awareness and understanding of LPWAN, there will be a new wave of growth in this area. LPWAN technologies will begin to open the IoT market to applications that have not previously benefitted from connectivity.
IoT will become central to enterprise IT functions
Today, most major enterprises have already integrated IoT into their core systems and initiatives to drive digital businesses. We will continue to see connectivity become part of the enterprise IT fabric — in fact, within five years, IoT will be core to millions of business processes. In the future, companies may even take for granted that devices and appliances like vehicles and HVAC systems can be controlled and monitored remotely, thanks to IoT connectivity.
Companies will be increasingly confident in IoT security products
As with any new technology, security remains a top concern when it comes to IoT. However, businesses with large IoT implementations are becoming more confident, given that they have the expertise and resources necessary to tackle security concerns. These organizations will begin to see these security measures as enablers that give them the confidence to push business forward. As the technology matures, trust in IoT-enabled applications and devices will only continue to grow.
Businesses will see unexpected benefits from IoT adoption
Companies that integrate IoT products and services will see a number of benefits from the technology. The benefits go way beyond just enabling better data collection and business insights. IoT will be seen as a driver of improvements across businesses — organizations are already using IoT to reduce risk, cut costs, create new revenue streams, improve employee productivity, enhance customer experience and more. Businesses are likely to see even more benefits as they implement the technology across operations.
IoT is rapidly becoming part of the fabric of IT infrastructure, moving from a “nice to have” technology to a critical asset. Businesses that take these trends into account when considering, building and deploying IoT capabilities over the next year are likely to realize the many benefits the technology can offer to the enterprise.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
The booming internet of things is on course to double in just five years, growing from 15 billion connections in 2015 to nearly 31 billion by 2020 according to IDC . As the number of connections and use cases explodes, so does the number of security vulnerabilities. The fate of the marketplace depends on our ability to trust the devices, data and networks that make IoT possible.
However, a sobering new market survey by industry research firm Vanson Bourne reveals that 90% of consumers lack confidence in the security of IoT devices. In addition, more than two-thirds of consumers and nearly 80% of enterprises surveyed support government regulation of IoT security, indicating a lack of trust in industry stakeholders to secure the ecosystem.
It’s clear that consumers and businesses alike have serious concerns about IoT security. But the good news is that security by design is proving effective in mitigating risk and preventing breaches, and biometrics is becoming an increasingly important part of the plan. By working together, consumers and enterprises can build a chain of trust across the IoT ecosystem that protects devices, data and networks and prevents IoT technology from becoming an open door for hackers.
Strengthen the security core
Enterprises across the IoT ecosystem, including software providers, device manufactures, service providers and the people that interact with IoT products and services, must all play a part in securing the ecosystem. Every link in the chain must be held accountable to this same set of core security objectives, which include four core goals:
- Availability: Ensuring timely and reliable access to and use of information is an essential component of any IoT system. Without actionable, real-time and reliable access to data, the benefits of IoT simply cannot be realized. Data must be securely collected, distilled and shared in order to support any negative effects on availability.
- Integrity: IoT technologies depend on reliable and accurate data. To prevent fraud and other harmful attacks, security measures must be taken to ensure that data is accurate and free from manipulation.
- Confidentiality: IoT systems generate huge volumes of data that must be collected, stored and analyzed. Some of this data will include sensitive details about citizens themselves. Steps must be taken to prevent unauthorized disclosure of sensitive information.
- Accountability: Users of any IoT system must be responsible and accountable for the actions they perform. This means that user interactions with sensitive systems must logged and associated with an authorized user. These logs must be difficult to forge and have strong integrity protection.
The IoT ecosystem is inherently complex and interconnected. However, complexity and risk can be mitigated though strong authentication and ID management technologies that enable a secure digital handshake between all ecosystem players. These systems encompass both hardware and software that either allows or denies access to devices, data and networks. When integrated throughout the ecosystem, they mitigate risk of attack and strengthen the four core objectives of IoT security.
Securing the chain of trust in IoT systems
In order to trust IoT, we need to validate the chain of trust throughout the ecosystem. Security mechanisms including secure elements, SIM and MIM cards, strong encryption, authentication and trusted key management technologies facilitate the secure digital handshake and serve as the backbone of IoT security. They ensure the four core objectives of security for all the links in the chain of trust, starting with the IoT device. They ensure that the device is not a rogue device, but a certified trusted element of the ecosystem. Second in the chain of trust is the software. Strong encryption and authentication ensures that the software running on the device has not been tampered with and is true. We also use encryption and key management to ensure that the data coming out of the device has not been tampered with. The final link in the chain of trust is authenticating the individual or the user that is interacting with the IoT product at the very edge of the chain is authorized to do so and can be trusted. This is where biometrics is booming.
The rise of biometrics in IoT security
The lines between enterprise and consumer IoT are blurring in objects and systems like connected cars, smart cities and smart energy. Biometrics, encompassing fingerprints, face recognition, iris scanning and more, are gaining traction in the mix of authentication technologies. The introduction of the iPhone 5s delivered a paradigm shift in the general acceptance of biometrics. Up to that point, fingerprinting was traditionally associated with policing and crime, which made people hesitant and cautious about allowing their fingerprints to be recorded. However, the widespread use of fingerprints to unlock smartphones, authorize downloads and approve mobile secure payments, coupled with the increased use of biometrics in the passport and visa process is helping to reposition biometrics as a more widely accepted identity assurance technology for convenience applications. In addition, scanning technology is continuing to advance, eliminating the need to touch sensors or stare into a camera for image capture, making it less invasive, more convenient and easier than other forms of ID management. To increase security for more sensitive applications, multifactor authentication methods including passwords, tokens and smart cards can be used in combination with biometrics applications to mitigate risk.
What specific IoT applications use biometrics?
In the autonomous vehicle industry, biometrics is a key component of the security and mobility services that brands like Volvo and Toyota will be delivering in the coming years. The ability of a car to recognize its owner as they approach, to unlock itself and activate personal settings, including mirror and seat position, temperature and musical preferences, is capable with existing biometric technologies. And exciting R&D is underway. For instance, carmakers such as Jaguar and Land Rover are patenting a biometric system to allow car owners to open the door based on a combination of facial and gait recognition technologies. Other leading auto manufacturers are testing biometric sensors integrated into door handles, key fobs, touchscreens and steering wheels that offer seamless authentication and customized mobility services. This includes using biometrics in combination with an automatic breathalyzer test to enable car ignition for drivers previously convicted of a DUI. Consequently, Markets and Markets is predicting that the biometric market will increase from $10.74 billion in 2015 to $32.73 billion by 2022, at an impressive compound annual growth rate of 16.79%.
In the future, fingerprinting and other biometrics will move not just to the car, but also to the home, potentially doing away with the need for keys altogether. Biometrics are being integrated into power meters, door locks, safes and guns, as well as home and office security systems for strong authentication. In these types of systems, where IoT devices are tied into a back-end system that interacts with critical infrastructure, identifying and authenticating an authorized individual on the other side of the network is crucially important. This is also true in the retail space where biometrics can be used to identify individual clerks managing a cash register or for use in marketing and customer loyalty programs to track a customer’s preferences as they shop and examine specific items.
In today’s evolving IoT landscape, biometrics is becoming an increasingly important method for authenticating the individual and securing the chain of trust. The trinity of identity, security and privacy is well supported by biometric technology, especially as more people become comfortable with physiology becoming an individual’s key to their home, car and office, as well as their passport to a myriad of essential services.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.
You’re a manufacturer of industrial refrigerators or wind turbines. You’ve built your business on selling goods to other companies or households, promising customers a high-quality product and the satisfaction of at least five years of function. And when parts snap or fridges stop cooling food, your business guarantees that a professional will arrive on the scene to fix the issue to restore function to the machine.
When something that you made breaks, you should fix it. But the reality is that all equipment will fail at some point. You will have to dispatch technicians right and left last minute. If these machines break enough and techs don’t have the abilities to fix them right then and there, it won’t surprise you that customers are quickly turned off.
To deliver the kind of service that will keep customers happy, it’s time to start thinking about the outcome that your products promise, rather than the products themselves. Reframing how you sell, deliver and service your products could transform your business, your relationships with customers and your bottom line. And in today’s world, where manufacturers are transforming faster than the latest technology hits the market, adopting an outcomes-based approach to service delivery could be the key to differentiating your offerings from competitors.
An outcomes-based service model can really only happen by way of technology — specifically the internet of things. The gist: Rather than manufacturers selling products to customers, they’ll sell outcomes. What does this look like? You, as the industrial refrigerator manufacturer, will sell “fresh, sanitary food that makes healthy dishes” to a restaurant in need of a fridge. It sounds like a small nuance, but this is where technology comes in.
Outfitting these refrigerators with sensors that monitor machines, and then connecting those sensors to the internet of things will allow for the manufacturer to keep a close eye on how your machines are running. If a part stops functioning, you’ll be the first to know — and eventually, learning these patterns and using a machine’s history can help you anticipate outages before they actually happen.
Now that your devices are all connected, here’s where the real change comes in: Your entire business model gets disrupted. You’re offering a service contract as part of your revenue stream, paying you for ongoing maintenance, service and functionality. It becomes an upselling of your business and services.
What this looks like: A restaurant pays you $5.99 a month for “cold food,” which means that you as the manufacturer deliver a refrigerator, connect it via IoT and collect data overtime. You’ll constantly monitor the health of the machine, and you’ll dispatch a technician to service the machine before the customer has to call you and complain. As your technology advances, you’ll replace the machine with a new model and continue the responsibility of delivering “cold food” to the restaurants you serve.
The major difference here isn’t just semantics — it’s an entire process and structure of a business. And with the move to service comes major benefits for consumers, manufacturers and service technicians alike. Sounds like a win-win for all.
And when it comes to winning, manufacturers in particular have the chance to do it big. Because instead of selling goods à la carte, you’re signing customers up for an open-ended subscription. It’s a SaaS model, only products-based, and will bring your company up to the modern technology standard.
Outcomes-based delivery is the way of the future. As manufacturers begin to see the benefits of using technology, connecting machines and evolving to a service subscription model, the way all of us live our lives and do our jobs will change — for the better.
The internet of things and mobile devices are creating a convergence of digital technology platforms that will eventually create a “one-stop shop” for consumers and businesses.
Gartner predicts that by 2020 there will be nearly 21 billion connected devices in use worldwide. This includes consumer products, like smart TVs and in-car entertainment systems, as well as industrial applications that can predict necessary maintenance in a factory or the most efficient way to distribute energy from a power plant. The ability of these applications to connect and interact with each other offers new ways of communicating and, for enterprises, opportunities to realize new or additional revenue.
But, especially from an industrial standpoint, the uptake on this new type of platform has been slow as enterprises seek out the best practices for connecting with multiple endpoints (customers, partners, employees, assets). The movement to cloud-based mobile-first strategies, which optimize connectivity with customers, employees and assets deployed anywhere in the world, creates additional layers of complexity.
Consider the energy industry, for example. In short, too many organizations in the energy sector are operating infrastructure that is analog, aging and outdated. It’s time for utilities to switch out “dumb” assets for smart assets that can communicate digitally. New technologies, including sensors and digital control systems, can use real-time data to deliver better power plant outcomes with stable and efficient operations, while providing valuable predictive insights for higher reliability and optimization.
Perhaps the biggest challenge facing industry is that the various technology options supporting IoT remain fragmented, with many different standards and technology, each of which can apply to different applications, making the concept of an internet of things rather less plausible. In fact, Forrester says that this year, design teams will search through more than 19 new wireless connectivity choices and protocols to support the company’s diverse set of IoT devices.
Rather than internetworking, it is more like an archipelago with many islands.
To illustrate this, let’s say you’re getting ready to go to a meeting that’s on your calendar and you’re using your phone’s GPS to drive there. Right now, the parking app doesn’t say it will take 20 minutes to drive there and you’re going to have to park far away, so you better leave now. Google Maps knows the drive time, but can’t tell you the parking situation — that would be a different service.
The need for multiple apps will begin to change as the convergence of the technology creates synchronization between applications. We’re seeing this as the advent of cloud-based M2M device management systems has begun to lessen the need for multiple apps and create more streamlined platforms. On top of that, mobile network operators are now willing to forgo being the main service contractor and provider, choosing instead to partner with M2M/IoT platform providers and third-party system integrators in the realization of their M2M/IoT strategies.
The growth of these connected networks will have an impact across borders and across industries. For example, the automotive industry offers an opportunity to deliver a borderless and unrestricted connected car experience, regardless of location. Transportation and logistics companies can realize new cost efficiencies in their business.
Borderless connectivity enables airline aircrews to stay connected to their company network, regardless of their location. And building connectivity into aircraft will help in diagnostics and servicing, potentially helping to identify a problem with an aircraft before it creates operational issues.
We live in an era in which technology has enabled consistent, borderless communication. The always-connected nature of today’s world is breaking down barriers to innovation and communication that previously existed. While challenges remain, we are clearly moving towards digital platforms that enable this convergence for consumers and enterprises around the world, both in developed and developing markets.
Earlier this May I wrote that, following a year where the internet of things found the mainstream, 2017 would be the year for IoT acceptance, appetite and evolution. Key trends highlighted in the article, like security, strategic partnering and public sector uptake, were all central to the Internet of Things World 2017 agenda; three themes covered by FBI CISO Arlette Hart (among others) in her keynote panel session and subsequent interview.
Of all the trends covered, the proliferation of big data and machine learning in conjunction with the growth of IoT across businesses seems the most exciting. The internet of things means nothing to anyone without the data it harvests; the next generation of business will be defined by the way in which companies apply artificial intelligence to this and analyze the data they collect. By 2019, Cisco expects IoT devices to be generating 507.5 zettabytes of data annually (the analyst estimates the world’s collective internet usage only hit 1 zettabyte in September 2016). These are gigantic data streams offering a virtually limitless number of insights.
Active examples of enterprises applying IoT data and machine learning to great effect already exist, with case studies from the Bay Area and beyond demonstrated at IoT Data & AI Summit in Palo Alto back in November. Here are four use cases that should grab the attention of all technology-oriented enterprises:
- Marketing and search engine applications. Right now, IoT and AI are combining for a more searchable and shoppable internet. eBay is leading the way, building on a concept first announced during its Hack Week in 2015. Find It On eBay allows users to upload images to the site from elsewhere on the internet or social media and run a product search without typing a word. This next-gen technology has wide-reaching implications for search marketers and the retail industry.
- Chatbots to transform customer service. AI chatbots are the next logical step in the world of customer service. Until now, making chatbots appear simultaneously intelligent, convincing and sincere has proven challenging. That’s why MindMeld is building AI systems where the number one priority is to hold a “natural” conversion. Once the company cracks that, one of the hardest obstacles faced by chatbots will have been overcome.
- Bringing AI to ride-sharing. San Francisco’s own Lyft had a big self-driving car breakthrough recently when it announced a partnership with drive.ai. It wants to bring more autonomous ride-sharing to the Bay Area as soon as possible — so much so that it’s developing retrofit kits for consumers that can be added to existing vehicles. It’s one of the many areas of consumer transportation undergoing disruption, with IoT Data & AI Summit speakers Ai Incube applying machine learning to rank roads by your chances of finding a parking spots citywide, and a host of other use cases promising widespread sustainability and convenience.
- Cybersecurity that mimics the human immune system. Darktrace is a machine learning company with a truly novel approach towards security IoT networks. The company has developed a platform that applies unsupervised AI algorithms that defend enterprise systems in a manner inspired by the human immune system. The AI autonomously searches for threats and breaches, detects them and evolves its own capabilities. It’s detected 53,000 previously unknown threats through doing so.
The internet of things is quickly becoming the next frontier of technological innovation for consumers, businesses, industry and governments. Gartner predicts that by 2020, IoT technology will be in 95% of electronics for new product design. However, the same Gartner study that published the former prediction also suggests that “through 2022, half of all security budgets for IoT will go to fault remediation, recalls and safety features rather than protection.” That’s a big “but” for those who embrace the benefits of IoT, which are many, begging the question: Why aren’t governments and regulative authorities doing anything about it?
With Bruce Schneier, CTO of IBM Resilient, stating, “You can’t talk about regulation versus no regulation — that ship has sailed. Now it’s about smart or stupid regulation,” at the RSA Security Conference in February, it’s time to get the ball rolling. But what’s already being done?
The truth is, not much.
The U.S. Senate introduced a bipartisan bill this August calling for minimum security requirements for IoT devices used by the federal government, though its recommendations are very general, not to mention limited in scope. According to the proposed bill, vendors will be required to ensure that their devices are patchable, rely on industry standard protocols, do not use hardcoded passwords and do not contain vulnerabilities. While the senators introducing the bill expressed their concerns about the lack of security for IoT devices, little is being done by regulatory authorities to address commercial and consumer applications of the technology.
Some of the first vestiges of regulatory policy are now being drafted in the EU, as IoT security and privacy relates to GDPR compliance initiatives, and in the U.S., though currently the only state that seems concerned about the impact of emerging technologies is California. In the latter case, the State of California Senate drafted Bill 327, not yet ratified, asks for built-in security features from connected device manufacturers. It also would require manufacturers to “equip devices with reasonable security features,” “design the device to let the consumer know when information is being collected,” and require direct notifications to consumers of relevant security patches and updates.
Alongside California, the U.S. FTC pales in comparison. The regulatory body has done little but encourage device manufacturers to take security into account, and, to date, has only issued one formal report on the topic that pertained solely to consumer devices, failing to take enterprise and commercial applications into account. There are other initiatives, such as the Open Web Application Security Project and NIST, which has issued reports governing specific security issues, but has yet to address overarching security and privacy concerns arising from IoT devices.
What NIST does do is identify the constraints of IoT devices that may present security concerns, such as the need for continuous power consumption, which could cause the prices of the devices to increase if encryption or security features are required, the low cost (referring to the previous point) and the lifecycle of the products, which is usually short, therefore making patches and updates a burdensome, if not impossible, process. So, if some of the Western world’s largest and most authoritative regulatory agencies aren’t willing to take action, who will?
At this point, that also remains an open question, but there are some necessary areas that IoT security and privacy regulations should address. Firstly, there is the issue of unauthorized access. IoT device manufacturers should be required to tie a strong authentication factor into use of the device. This can be easily achieved through existing methods like multifactor authentication or creating unique user credentials.
Second, there is the issue of access. Who in their right mind would keep the default passwords issued by the manufacturer when they are usually “1234” or “default?” Many of these passwords are accessible online through services like the Shodan Network, where you can look up nearly any connected device and extract its factory-issued username and password. The sad part is that so many consumers and even enterprises trust the manufacturers to be “security first.” The sadder part is that they aren’t. That’s why a security-first mentality is essential if any IoT regulation is going to work.
Another issue is data privacy — what is the limit to the information that can be collected, stored and shared over the internet? Consumers, and even more importantly enterprises, need assurances that their data is protected, and they need to be able to protect such data with strong passwords and authentication credentials. What happens if the smart IT guy hacks the smart coffee machine, thereby gaining access to data-loaded areas of the network with everyone’s salary information? The consequences could be significant, but such scenarios are usually afterthoughts in light of IoT’s innovative appeal.
No matter the structure or source of the regulation, what’s true across the board is that it needs to come fast. The FTC issued its third IoT-related enforcement complaint against the company D-Link at the beginning of this year because the company promised consumers that its wireless routers and IP cameras were secure, when they were far from it. According to the FTC, D-Link could have taken reasonable steps to secure its products against “widely known and reasonably foreseeable” risks. A slap on the wrist or a fine is not enough to make IoT manufacturers change their way of doing business. To achieve the desired security-first approach, stringent top-down directives are needed.
The one obvious drawback of regulating IoT technology in what is still considered an early and transformative phase is that it may have the reverse effect, or make IoT inoperable. However, with the number of real-world examples of IoT going haywire and wreaking physical and monetary havoc on companies and individuals, there is little time to consider how to lightly drop the IoT security bomb.
Earlier this year, the IoT-focused security firm Senrio discovered a hackable flaw called Devil’s Ivy, which has the potential to put thousands of different models of security cameras at risk. The vulnerability is found in a piece of open source code called gSOAP, created and maintained by a small company named Genivia. At least 30 companies use gSOAP in their IoT products.
The criticality of this hack is not yet known, but gSOAP code is used to implement a key protocol called Open Network Video Interface Forum, a networking language for security cameras and other devices used by the ONVIF Consortium. The consortium has nearly 500 members that include Canon, Cisco, D-Link, Hitachi, Huawei, Netgear, Siemens, Sony and Toshiba, among many others.
Security experts at Senrio believe that the hack leaves server-side devices like cameras and sensors open to attack — either disabling them or allowing the collection of images and video. Senrio experts also believe that client computers could be susceptible to hackers through the vulnerability.
While Genivia issued a patch to the code in June, it is unclear how many manufacturers that use the code have issued security-patched updates or notified their customers about the need to update their firmware.
Manufacturers selling enterprise clients and consumer mobile devices have patched security vulnerabilities found on operating systems and applications via a push model. Yet, no standardized system currently exists to administer such robust security for IoT manufacturers or customers. Hence, IoT platforms have become an easy, inexpensive and susceptible target of cyberattacks.
But customer negligence contributes as well. IoT cameras become even more prone to hacker attacks as users often dismiss the importance of changing the devices’ password.
Earlier this year, hackers exploited IP cameras used to keep track of pets and as CCTVs for home security. Hundreds of households in South Korea were victimized by these hackers, who took control of more than 1,400 digital cameras, exposing many peoples’ private moments. Some of the cameras were attached to live feeds. Others collected intimate moments, which were turned into videos and uploaded to pornography sites. In one testimonial, a victim recounted her attempt to prevent such violation by turning the camera lens toward a blank wall. When she returned to the premise, she was horrified to find her camera lens facing her direction, indicating that hackers were following her movement by manipulating the camera’s orientation.
Later investigations of the events discovered that users of the hacked cameras had not updated their passwords from the manufacturer’s default. This negligence enabled hackers to easily take control of the cameras.
For now, the customer must be the prime maintainer of IoT device security. Customers and enterprises should follow some basic guidelines when purchasing and operating IoT devices:
- Customers should ensure that the IoT devices they purchase can in fact be updated with the latest firmware.
- Prior to making a purchase, customers should ensure that the IoT device is produced by a manufacturer with a solid track record of issuing patches.
- Once an IoT device is acquired, the first step in securing it is to change the password.
- Once the password is changed, customers should investigate whether the company has issued any software updates.
- If software updates are available, customers should immediately download and install new firmware to their devices. Patches could have been issued in the months since the device was manufactured, purchased and shipped to distributors or retailers.
- Every month, customers should visit the IoT device manufacturer’s website to see if any additional software updates are available for download and installation.
IoT devices have the potential to deliver incredible breakthroughs in efficiency and entertainment, as well as enterprise and home security. However, until manufacturers create an effective push firmware update model and can effectively generate randomized passwords for each device, the customer must be hyper-vigilant.
Did you graduate from college? Chances are that if you’re reading this article you probably did.
The lack of a college degree, however keeps many from getting a job in the IoT field. Requirements for prior work experience and software certifications further limit their options. At the same time, tech firms have a hard time hiring talent to grow. We need to do better for job seekers and for IoT firms. How can more people be trained with the skills employers need? How can training be made affordable and delivered close to where the openings are? How can disadvantaged youth, vets and people making a career transition be trained to fill these entry-level jobs with tech firms?
There are nearly a quarter-million unfilled software job openings in the U.S. today according to ACT, a trade association that includes Apple, AT&T, eBay, Facebook, Intel, Microsoft, Oracle, PayPal and Verizon.
The demand for workers far exceeds supply, which is forcing firms to scramble in order to find the employees they need to grow. Exacerbating the problem is that training is often only available in certain locations, and the content doesn’t reflect the changing needs of employers.
Bridging the technical divide?
New approaches are needed to train people broadly for entry-level technical jobs. It’s going to involve candidates, IoT firms and training organizations.
- How can those with limited resources pay for such training? How do they sustain themselves and their families while getting trained?
- How can training be delivered locally or online so travel is minimized?
- How is the training aligned with the skills needed by local employers?
- How can the soft skills needed for the job also be delivered?
- How can the odds of finding a job after the training be optimized?
Here are some groups and programs that show how it can be done:
Year Up helps talented youth gain the skills they need to gain jobs and build successful careers. Its year-long program includes six months of training on technical and soft skills, followed by six months of an on-the-job training. Students receive a stipend during the program so they can support themselves and focus on the training.
This short video sums the immense impact of Year Up, which Gerald Chertavian, an Ashoka Fellow, founded in 2000. It has been featured on 60 Minutes and even recognized by President Obama for giving thousands of disadvantaged youth a “hand up” to a better future. How can you help? Year Up needs volunteers to train students, firms to provide internships and financial support. Bank of America, Salesforce and Microsoft are just a few of the firms providing internships and hiring Year Up graduates. (Personal note: Royce Spencer was my Year Up intern. His commitment to learn and make a better future for himself was an inspiration!). See how you can volunteer with and support Year Up.
Eleven Fifty Academy is a nonprofit based in Indiana that provides immersive training for coders of all skill levels. The training simulates real work conditions with students working as teams and on their own to develop applications and write code. It revises its curriculum by collaborating with technology employers to ensure that training covers the needed skills and that students’ coding projects reflect current customers’ needs. Students extend their learning through apprenticeship and internship programs with local firms. Employers benefit by hiring workers custom trained on the skills they need and being able to first vet job candidates through internship programs.
Eleven Fifty Academy has been recognized as one of the best coding bootcamps in the country. It also belongs to the Council on Integrity in Results Reporting, which helps prospective students understand a school’s outcomes before enrolling. This prevents students wasting their savings on deceptive graduation and job placement marketing claims. John Qualls, the founder, is a former marine and successful tech entrepreneur. See how you can support Eleven Fifty Academy in its mission.
Esri bridges the tech gap for vulnerable populations by working directly with local schools. It provides students software and training to improve their odds of getting a job. Esri works with Roosevelt Math, Science & Technology Academy, an inner-city high school in Los Angeles. Over 400 students at the school have learned how to use ArcGIS since the program started in 2013.
Salesforce offers Vetforce, a job-training program and career accelerator for military service members, veterans and their spouses. The program provides structured, self-paced training to achieve the Salesforce certification needed to apply for jobs with over 150,000 Salesforce customers. Pathfinders is a joint project between Salesforce and Deloitte that offers four months of technical training and support for students to become certified Salesforce administrators and developers. Deloitte provides training on business-effective presentations, solving for the customer, and business writing and proposals. Pathfinder graduates also get career coaching and access to interview opportunities.
A hand up is not a handout
“Americans love the notion that we can all pull ourselves up by the bootstraps. Yet, in this time when millions of jobs have vanished in the United States, supports for struggling Americans are crumbling, and education budgets have been squeezed and slashed, we need to focus on another enduring American ideal — strengthening the rungs on the ladder of opportunity,” wrote Randi Weingarten, president at American Federation of Teachers.
So, if you’ve done well in the tech field, pay it forward and give someone else a hand up!
The primary challenge to building a smart city has nothing to do with pouring concrete and erecting steel beams. It’s knowing better the city’s flows to optimize the city for its inhabitants. It’s turning all of the data that comes streaming in from myriad sources into actionable information. App developers can turn this data into better knowledge of the intents of their users in the city and deliver a better service when and where it is the most pertinent.
Apps typically know about their users in their service, but not about their environment and the city events. Let’s say you’re heading to your office and you have several transportation options. You may use one app to share a ride, another to check the bus arrival times or get a taxi, and yet another to alert your friends when and where to meet. Each step requires you to initiate an action. That process could be so much more efficient if at each step it is the city that provide the data to the app so it can trigger an action for you based on your behavior and your intents in the city.
Now imagine the same scenario, but with the key difference that the city detects that you are at transportation stops and shares it with your services. Your devices and daily apps can take the initiative to provide you with transportation options instead of waiting passively for your instructions. Before entering the subway, your smartphone app informs you about traffic delay and the taxi app wakes up and notifies about carpooling options in two minutes. Before taking your cab, you receive real-time notifications from businesses around you for tonight’s events and promos.
Performing these actions based on user-intent knowledge requires the combination of an accurate location system that is able to pinpoint your exact whereabouts and a city-wide platform that works together to collect information and “learn” about your intents from the data your apps generate. That data is integrated with places and context data flow, local businesses and government agencies data. When you use one app to book a reservation, the platform collects and analyzes that information, and share intents with other apps to take related actions based on your location, context, intent and the time.
That scenario just scratches the surface of how a smart city can provide a significant economic boost to the business sector and improve overall quality of life for residents and visitors. The technology exists today to enable government agencies, local businesses and residents to interact and provide services in real time, at the perfect moment where people need it in the city — at train stations, bus stops, airports and even parking spaces and streetlights. Converting these “dumb” places into interactive meaningful places enable commuters, residents and visitors to receive hyper-contextualized, proximity-based, relevant notifications tied to proximity services and businesses, transport and cultural information on their mobile devices.
Private and public entities can then engage with people in real time while they’re riding on a train or waiting at a bus stop and collect data on the traffic in the cities. Government agencies, schools and public safety officials can generate alerts with relevant up-to-the-minute information about a broken water main on Main Street that is affecting traffic patterns, businesses, schools and homes in the area.
In Austin, Tex., the Austin CityUP (ACUP) Consortium has launched a project to use technology, data and analytics to improve city services, infrastructure, policies and quality of life. That includes using the city’s mass transit system as a real-time news and information delivery service. The first step is creating an open beacon network as part of the Smart 2nd Street Project, a busy shopping, dining and entertainment district. ACUP has installed IoT devices (beacons, sensors, etc.) throughout a five-block section of 2nd Street, with plans to expand throughout the city.
Data is collected and analyzed on a wide range of activities and interactions, such as pedestrian and vehicle traffic, sound levels and air quality. This data will help project and city leaders identify safety issues, mass transit ridership, pedestrian traffic and opportunities to improve quality of life.
Developers and their public sector partners can look outside the U.S. for examples to follow. For instance, officials in the City of Barcelona have created a massive network of sensors that constantly collects and disseminates information citywide. It launched the Connected City mobile service in Europe, creating a network of 5,000 city points of interest (i.e., tourist attractions and bus stops). Residents and visitors use their mobile devices to access real-time, hyper-contextualized information related to transport and nearby city points of interest.
One key takeaway for developers is how important it is that a smart city’s network be trustable for everyone. That is why app developers should expect municipal officials to only partner with developers and systems integrators that ensure user data protection across all mobile devices and across the city to ensure their residents can use the connected places, control and share their data, and will more easily scale as additional smart services are implemented city-wide.