• 05/23/2014
    7:00 AM
    Jim O'Reilly
  • Jim O'Reilly
  • Commentary
  • Connect Directly
  • Rating: 
    0 votes
    Vote up!
    Vote down!

The Internet of Things: Not So Scary

IoT will increase the flow of data, but should be manageable with proper attention to WiFi requirements and security.

Whenever the Internet of Things (IoT) gets mentioned in the press, there is a sense of an awesome monster about to be unleashed on a poor, unsuspecting IT industry. Billions of devices, more big data than we have ever seen (maybe we need to call it bigger data), and computing up the wazoo!

Is it really that way? An unbounded cosmos of newly connected things monitoring our health, checking our every move, and knowing how many calories we had for dinner three weeks ago? Indeed, the idea of unlimited data, unlicensed and perhaps out of control, is scary for anyone in IT.

However, portraying IoT as a vast river of information is a bit simplistic, to say the least. Most of those connected devices are going to be bought and paid for, so one assumes they have a value to someone. The owner will want to control the data the things generate, milking it for value. This isn’t a model of rivers; it’s a model of many streams.

As an example, a retail store may have dozens of display monitors dotted with blue-light specials. These are going to be driven by a big data application that figures out who is nearby, from cellphones or facial recognition, so they’ll be talking to the company’s computers at a datacenter. Every store will have connections, but there’s no way another retailer will get access to the data streams.

That model of separate streams will repeat everywhere, and the implications to IT departments are that IoT big data, for them, will be bounded and reasonably sized.

That’s not to say it won’t be large. The end product of many IoT streams is a gem of knowledge, and knowledge is fungible. Those buying habits may get sold on to other retailers or marketing companies, or to vendors of goods. These add to the big data flow, perhaps by considerable amounts.

How is all that data going to move around?  The IoT is going to be almost exclusively wireless for the simple reason that "things" will cost mostly in the low hundreds, while wired connections cost over $500. The flexibility of the wireless connections from a positioning point of view also counts for a lot.

This means a lot more WiFi bandwidth will be needed, which will need to be backed by good WAN links. Shopping malls might want to think of fiber connections, for instance. This is going to ruffle a few feathers at the big telcos, at least in the US, which publicly state that DSL is fast enough for everyone.

In addition to WiFi requirements, IoT presents security issues. The IoT has to be encrypted or 10-year-old hackers could be playing games with real people!

That’s easy, right? We know how to encrypt? The truth is IoT is treacherous ground in this area. As anyone at Bletchley Park would have told you, repetitive short messages with the plaintext in a fixed known format are easy to break, and that’s what IoT will be if we are not careful. Here's one potential scenario: A door lock says, "I’m shut" every minute from midnight to 7:00 a.m. It would be easy to figure out the encryption and to send a message to unlock the door, or of course, you could just sense the guard opening the door in the morning.

It isn’t just door locks that need consideration -- medical implants will be tied to the IoT. From RFIDs on artificial hips and breast implants to drug dispensers and heart monitors, wearable tech and implants are vulnerable to the same hacking problems, but the resulting mayhem could be very serious.

Still, IoT isn’t a frightening giant ogre. If we stop admiring how big it is and realize the devil is in the details, we should be able to handle IoT just fine. The IoT approach will make deploying smart gear much easier and can improve our lives, but we must knuckle down to on issues such as security and wireless bandwidth before we have a billion IoT defibrillators deployed.


Kinder, Gentler IoT

Jim, I agree that it's possible for the IoT to develop in a completely reasonable and secure way and for it to function well. It actually *should* as a natural evolution of our technology and society. But when I think about the security breaches we have now and corporate crime that goes on, it makes me worry that the IoT will not actually develop in a responsible way. So I understand where the FUD comes from; at least from my own perspective, it's not the immensity of it, but how it might be used.

Re: Kinder, Gentler IoT

And if history is a guide, security won't necessarily be a priority ingredient in IoT; security is usually an afterthought. Researchers already have uncovered a lot of vulnerabilities in various medical devices.

Re: Kinder, Gentler IoT

Marcia hits the nail on the head. Most developments, despite our experiences with security issues, seem to start with getting functionality working, then attempt to bolt security on rather clumsily as an afterthought. This is a result of the maxim that we should not attempt to boil the ocean - and I suspect few corpoations consider a completed security architecture as a valid place to start; they want to see functionality first. And rinse and repeat even for supposedly critical safety systems. I see no reason to assume that the IoT will be any different, unfortunately. 

Re: Kinder, Gentler IoT

The thing about having proper security and making something functional could be done if security was thought about from the begining. Security usually means slowing something down but is that such a bad thing if it is air tight?

Re: Kinder, Gentler IoT

@PaulS681> Are you asking me or the people who are waiting to make some money out of this thing? Cos you know you're going to get two entirely different answers, right? ;-)

Re: Kinder, Gentler IoT

Yes, unfortunately I think it's not even necessarily functionality that's the goal. That would be ok, in my book. It's investors and profit that are driving this, which is always the case in business, I suppose. But when you are dealing with stuff like people's real-time health data, banking information, location tracking, the power grid, air traffic control, etc, it gets a little scary. I am not sure who the "security watchers" are that were mentioned earlier, but so far they don't seem to be doing a fabulous job

Re: Kinder, Gentler IoT

We haven't any serious Ethernet of Things products in the market. As the interest increases, secuirty watchers will address the issues and I think that will resolve a lot of problems. We'll see standards that inherently include encrypted communication, fo instance.

But there will be some whoppers. I hope we won't see a heart pacemaker company use the same password on all their units, then let it slip to the Internet! Sadly, reality is that it could happens...there have been a couple of recnt cases like this with network gear.

One article I wrote on the subject got a lot of comments on RFID and privacy intrusions, and that is an issue if we don't conrtol it. Balancing between improved security and authoriterian control is difficult. After all. a tag that reported who is in a room or near a murder victim is good -right? A tag that tells Homeland Security where you are all the time??? And a tag that can zap you and immobilize you?

This isn't really an IoT issue. The questions are deeper and IoT is at worst the connection scheme.


Re: Kinder, Gentler IoT

Good points, I think, many of the rules that have been formulated for the internet can be utilized for the internet of things, because at times the trade-offs are the same, however, many new areas will have to be worked out as well.

If RFID tags are helping detectives to solve murders, which in turn is making society safe, then, good idea. If homeland security needs to track individuals then, we must first carefully evaluate the advantages and disadvantages. 

And if someone has to be immobilized, I feel that civilization has not progressed up a level that it deserves such a technology. However, I can imagine it could be useful to have the ability to immobilize an animal that is attacking a kid on the street. Having said that, I have seen 10-year olds with a magnifying glass and an ant -- the outcome was not very pleasant.   


Re: Kinder, Gentler IoT

Besides using RFID, the tagging of things was achieved through near field communication but i did not noticed much awareness in this area apart fact that this technology was supported in Nokia phones.

Re: Kinder, Gentler IoT

I have seen NFC used for banking, financial transaction and e-wallets, etc. Apart of these use cases, I have also not heard of NFC been enable in many application, but NFC and the ability to wirelessly charge a device is an interesting area.

Re: Kinder, Gentler IoT

Now when you start talking about RFID tags that can immobileize people, that is scary. If it were done 100% correctly then it's a good idea. However, history tells us it will not be.



The part about everything being wireless is a little scary. I understand this is where we must go but not convinced all companies will protect that data like it needs to be protected. If not done correctly this will mean more breaches, and there are already too many.

Re: wireless

The growth of wireless just emphasizes how ALL data in transit needs to be envrypted. That includes wireless keyboard USB for instance.

Re: wireless

Jim, I think you are saying that the security issues are really data security issues and I agree with that. The IoT just magnifies them when there are so many more connection points potentially collecting data. I am sure we can come up with ways to try to manage that, but so many others with hostile motives are trying to manipulate and subvert that.

Re: wireless

Interesting development on the IoT security front: Broadcom announced a new Bluetooth system-on-a-chip into its embedded devices product series. It includes encryption and decryption capabilities plus Apple's iBeacon technology.