Explaining Internet of Things (IoT)

What is IoT?

The Internet of Things (IoT) describes the network of physical objects—“things”—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the internet. These devices range from ordinary household objects to sophisticated industrial tools. With more than 7 billion connected IoT devices today, experts are expecting this number to grow to 10 billion by 2020 and 22 billion by 2025.

Important?

Over the past few years, IoT has become one of the most important technologies of the 21st century. Now that we can connect everyday objects—kitchen appliances, cars, thermostats, baby monitors—to the internet via embedded devices, seamless communication is possible between people, processes, and things.

By means of low-cost computing, the cloud, big data, analytics, and mobile technologies, physical things can share and collect data with minimal human intervention. In this hyperconnected world, digital systems can record, monitor, and adjust each interaction between connected things. The physical world meets the digital world—and they cooperate.

Secure?

The Open Web Application Security Project (OWASP), a non-profit foundation for improving software, has published "the IoT Top 10 vulnerabilities", which is a great resource for manufacturers and users alike.

The five most important are:

1. Lack of Secure Update Mechanism:

Unauthorized software and firmware updates are a major threat vector for launching attacks against IoT devices. A corrupted update can disrupt the operations of critical IoT devices and have physical consequences in sectors like healthcare or energy. To secure the firmware and software updates, we need to secure access to the updates and verify the source and the integrity of the updates.

2. Use of Insecure or Outdated Components:

The security of IoT ecosystem may be compromised by vulnerabilities in software dependencies or legacy systems. The use of outdated or insecure software, including open-source components by manufacturers to build their IoT devices creates a complex supply chain that is difficult to track. These components might inherit vulnerabilities known to the attackers creating an expanded threat landscape waiting to be exploited.

3. Insufficient Privacy Protection:

Many deployed IoT devices collect personal data that need to be securely stored and processed to maintain compliance with the various privacy regulations, such as GDPR or CCPA. This personal data might be anything from medical information to power consumption and driving behavior. Lack of appropriate controls will jeopardize users’ privacy and will have legal consequences.

4. Insecure Data Transfer and Storage:

The protection of IoT data—either at rest or in transit—is of great importance to the reliability and integrity of IoT applications. This data is used in automated decision-making processes and controls that can have serious physical repercussions. It is critical that we effectively protect this data. The use of strong encryption throughout the IoT data lifecycle and adaptive identity and access control will help secure IoT data from compromise and breaches.

5. Lack of Physical Hardening:

IoT devices are deployed in dispersed and remote environments—not kept in any controlled environment, but exposed in the field to perform their operations. An attacker may disrupt the services offered by IoT devices by gaining access and tampering with the physical layer. Such actions could prevent, for example, sensors from detecting risks like fire, flood, and unexpected motion. We should ensure that the hardware is safe from tampering, physical access, manipulation, and sabotage.

Uses and examples

• Access to low-cost, low-power sensor technology. Affordable and reliable sensors are making IoT technology possible for more manufacturers.
• Connectivity. A host of network protocols for the internet has made it easy to connect sensors to the cloud and to other “things” for efficient data transfer.
• Cloud computing platforms. The increase in the availability of cloud platforms enables both businesses and consumers to access the infrastructure they need to scale up without actually having to manage it all.
• Machine learning and analytics. With advances in machine learning and analytics, along with access to varied and vast amounts of data stored in the cloud, businesses can gather insights faster and more easily. The emergence of these allied technologies continues to push the boundaries of IoT and the data produced by IoT also feeds these technologies.
• Conversational artificial intelligence (AI). Advances in neural networks have brought natural-language processing (NLP) to IoT devices (such as digital personal assistants Alexa, Cortana, and Siri) and made them appealing, affordable, and viable for home use.

Industrial IoT?

Industrial IoT (IIoT) refers to the application of IoT technology in industrial settings, especially with respect to instrumentation and control of sensors and devices that engage cloud technologies. Refer to this Titan use case PDF for a good example of IIoT. Recently, industries have used machine-to-machine communication (M2M) to achieve wireless automation and control. But with the emergence of cloud and allied technologies (such as analytics and machine learning), industries can achieve a new automation layer and with it create new revenue and business models. IIoT is sometimes called the fourth wave of the industrial revolution, or Industry 4.0. The following are some common uses for IIoT:

• Smart manufacturing
• Connected assets and preventive and predictive maintenance
• Smart power grids
• Smart cities
• Connected logistics
• Smart digital supply chains