Again I’m back from Cisco Live and in this 2017 edition, we can be grateful that the focus was predominantly on security. But how do security and IoT play hand-in-hand? And what the hell is IoT? It refers to the « Internet of Things » acronym, i.e. a broad array of commodity devices/sensors who communicate between each others or interact with humans to provide augmented functionality on many things. Think about home connectivity, thermal sensors, industrial sensors.. the possibilities are nearly infinite.
IoT: a lack of credibility in consumer space
One of the major problems with IoT lies with the extremely low production costs, which makes the production of low quality products affordable. These are mainly produced in China by local manufacturers, where there is little regard for privacy and for security. We’ve seen many cases where passwords were hardcoded, where security is inexistent or even where malware/trojans are embedded (knowingly or not) at the production stage, before the product is released on the market.
“But.. China is the factory of the world! How comes you criticize China?” you will say. I don’t want to roam on the mined fields of politics, but there is indeed a difference between an Apple device and a no-name low end Chinese mobile phone. Apple (or any decent manufacturer, regardless of the region they come from) will make sure to create a bulletproof design to the best of their technical abilities – Xiaomi or Honor devices are quite good in this regard. And what applies to mobile phones or tablets also applies to IoT devices.
The abundant offer of cheap, unsecured IoT devices is putting a strain on the credibility of IoT. In fact, I’m steering clear of any IoT based toys, games etc, as there have been mutiple cases of insecure transmission and storage of data (vTech, Spiral Toys, etc.).
This is especially true in the consumer world, where cheap, lacklustre products of dubious quality often inundate the market. Consumers should be educated about the security implications of leveraging IoT technologies in their daily lives. Beyond the practicality of using IoT devices, customers are waiving off a part of their responsibilities and privacy, they should thus consider and weigh whether the tradeoff is worth it.
IoT and Sustainability
Another challenge is the sustainability aspect of this industry, i.e. the ecological aspects of the entire lifecycle of an IoT device. We had a very interesting presentation at Cisco Live on the LoRaWAN technology where presenter spoke about rugged IoT sensors that can be attached to virtually anything (think physical containers, trash, any piece of urban equipment, crates, goods etc.), with very low power/bandwidth requirements. These low-power IoT devices can have a lifespan that lasts over 10 years and come with an integrated battery. What came immediately to my mind is how we as a society will handle the lifecycle and recycling of these devices.
Should the industry consider an eco-friendly way for IoT devices to operate, with integrated solar panels and stateful configuration (config is stored in non-volatile memory to cover for partial/full loss of power) as an alternative to integrated batteries? That seems like a minor issue, but thinking on a larger scale, there could be billions if not tens of billions of low-power IoT devices around in a decade or two. There should be a way to track these and ensure that they are disposed properly of, in accordance with the regulations surrounding disposal of battery-powered devices.
Fixing IoT Shortcomings
The IoT industry needs to discipline itself and to come up either with a consensus-based set of standards, or at least have consortiums to their own set of standards – remember VHS vs BetaMax? If it is not able to discipline itself in adopting a baseline of security standards and best practices, then we will only see an increase in IoT-based botnet attacks such as what we’ve seen lately with the Mirai malware.
There seems to be an IOT consortium but I’m not seeing any major data center industry player there (no Cisco, Intel, etc.) and members appear to be from disparate industries, so the question is what this consortium is all about.
The strongest actors need to be bold enough to force a set of minimum security standards if nobody else has the balls to do it. I like for example the fact that Apple are restrictive with their HomeKit, they are forcing heavy encryption to be used between the Apple devices and the IoT endpoints. While this may not please the industry actors who must overhaul their designs if they want to benefit from juicy profits coming from the closed Apple ecosystem and its cultists, the approach has its merits.
IoT hardware creators operating in the general public space should also think about the mess they’re creating for end users with a plethora of applications that need to be installed to manage their own tech. If the IoT industry wants to simplify customers’ life, they should think of a way to unify or simplify the management of the devices. I don’t want to run 20 applications (if not more) to handle lightning, smart watches and so on, speak alone about door locks (the horror!). That’s where again Apple HomeKit has a real advantage in the consumer space.
What about the data centre world?
Moving back to the data centre world, is Cisco’s « Digital Ceiling » initiative still a thing? It seems to be alive and well, and is now called Digital Building Solution. The latest Catalyst Digital Building series switches are a proof of Cisco’s commitment to the industrial IoT world. Through their platform, Cisco is building the infrastructure bricks that will firmly hold industrial IoT to the plateau of productivity.
There seems to be a consistent ecosystem of partners in this initiative and security is being baked in as well, according to this presentation we’ve had. Just like Apple is setting the tone in the customer world, Cisco seems to be setting the tone in the data centre / industrial world.
On the IoT consumer space
I’m not a consumer IoT die-hard. I’ve had a sort of « laggard » attitude towards IoT adoption. Like every technology, IoT is a double-edged sword. It allows us to live an easier lifestyle but also introduces constraints and dependencies. The need to control multiple devices often means using a dozen different apps. Each manufacturer bakes their own management protocol, their own security layer, there is no standardisation at all. The security conscious will also consider whether they are not opening their home network to hackers. Imagine situations where you’re being held ransom locked within your apartment, without any way to exit, and with your nest turned at the maximum temperature. Oh of course I’m being catastrophic – just wait until it makes the news in a few years.
The road to hell is paved with good intentions and with IoT, in its current form (and at least in consumer space), there seems to have been good intentions all along the way. Unless there is a firm will from the industry to standardise, I propose to cast all of these folks into Bolgia Five of the 8th circle of Hell of Dante’s Inferno, until they eventually come to their senses and bake something meaningful. IMHO only Apple HomeKit is currently able to deliver up to the expectations.
On Industrial IoT
The overhyped IoT fad from Cisco Live 2016 has dissipated and has made room for concrete offerings with a seemingly rich ecosystem. Not that IoT is no longer seen as a priority – it’s a strategic market for Cisco with a lot of perspectives – but we moved from spectacular, overplayed announcements (was that because of that ephemeral CTO?) to a kind of « business as usual » mode. Of course security has been taken in consideration although it means, in Cisco’s case, that you would have to leverage their own security ecosystem (Cisco DNA – Digital Network Architecture).
There would be just so much to write on IoT and as you guessed, it’s not my specialisation field. Nevertheless, whether we love it or loathe it, IoT is here to stay, at least until we get brain implants or until our Boston Dynamics robots overlords finally take over. Since IoT is here to stay until the next digital (r)evolution, it would be great for the powers that be in the industry to get it right and make it simple, manageable and secure, at the very least.
This post is a part of my Tech Field Day Extra at Cisco Live Europe 2017 post series. I was invited to this event by Gestalt IT. Gestalt IT covered travel, accommodation and food during the event duration. I did not receive any compensation for participation in this event, and I am also not obliged to blog or produce any kind of content.
Any tweets, blog articles or any other form of content I may produce are the exclusive product of my interest in technology and my will to share information with my industry peers. I will commit to share only my own point of view and analysis of the products and technologies I will be seeing/listening about during this event.