Smart homes. Smart cities. Smart factories. Intelligent cloud. Intelligent edge. While many still believe the Internet of Things has a way to go before we see widespread adoption, there is no questioning that it is here today. Some things are prototypes upon which larger deployments can be built, and some are already in wide use, depending upon the industry. But a world in which millions upon millions of devices can store, process and, when necessary, transmit data to back-end systems for analysis and action already is at hand.
“There are now more IoT devices on the planet than there are people,” said Ed Adams, president and CEO of Security Innovation, a technology training company. “We passed that tipping point in 2016.”
Omer Arad is in IBM Research, where his main focus is IoT infrastructure, and he believes businesses are only just beginning to understand the potential. “IoT will have a huge impact on our lives,” he said. “The future is that people won’t have to interact with devices. The integrations should all be seamless. Sensors can understand and analyze context to get a more meaningful output to extend the user experience.”
If only Marc Andreesen knew how prescient his comment was back in 2011, when he declared that “software is eating the world.” But if software can be compared to the intelligence and digestion of the human body, data is its life blood.
In an all-things-connected world, with all these streams of data, creating devices with the ability to make decisions as to what data to pluck from the stream, and to process it there without the latency of back-end query and response, is critical. “The question of how or when to store data, and when should we send it to the cloud, is both a technical and business decision,” Arad said.
With this rapid evolution, some may see the early adopters of IoT as living on the edge. But isn’t that the point?
Arad said IoT is already transforming the health industry, where personalized data on each patient wearing sensors can be gathered. “They can see what people ate before surgery, or monitor the hearts in patients, and you don’t have to send all that data to the cloud. You can collect it and analyze it on the edge, or sensor, and only transmit what’s important to the cloud.”
Indranil Chakraborty of Google’s IoT Core team said he too is seeing “a good amount of interest” in IoT solutions, in areas such as smart cities, oil and gas, manufacturing, as well as in areas you might not expect.
“We have a wide spectrum of users and customers,” he said. “We work with urban bike sharing, where there are devices in the bike — GPS, SIM card — and we use mobile geofencing to unlock” the bike when someone wants to ride.
Yet there are hurdles to more widespread adoption. The lack of a standard protocol for connectivity is one of things holding IoT back, Chakraborty said. “Different devices have different operating systems and different protocols,” he pointed out
And then there’s security. As more devices are put out into the world, each running smaller pieces of functionality, the more vectors are presented to malicious attackers. And this leaves people wondering: Is the communication secure? Is the data encrypted at rest? How do we know the device is acting in my best interest?
The answers to those questions are multi-faceted. Part of the reason is that companies creating IoT devices have solid backgrounds in hardware, but not so much in developing secure software. And, what Security Innovations’ Adams described as the sad state of software development today, “the vast majority of engineers still don’t know how to write secure code.
“The Bose and Sonys of the world, and the automotive engineers, they know how to make great hardware, but man, do they stink at making good software,” Adams said. “So, companies have to deal with new paradigms they never had to deal with before. Bose makes really great speakers, but now those speakers are connected via Wi-Fi and Bluetooth and mobile applications, all of which are collecting data and sending it back to Bose for data aggregation so they can market to you better. And if they’re not doing that with security in mind, and with privacy in mind, not only are you putting your customers at risk but your brand’s at risk, and your company is facing massive fines from the likes of GDPR.”
Adams said he sees the convergence of two massive problems: the amount of software that is “running the world,” and the number of developers who are either reusing open-source code and not checking it for security, or not being educated on how to write secure code in the first place. And those two, he said, “are a potential meteoric disaster waiting to happen.”
Adams tried to put the problem in perspective. “Look at the 787 Dreamliner, Boeing’s latest and greatest airplane. That’s about 6 ½ million lines of code, designed from the ground up. It’s a modern marvel. … But compare that to a 2017 S-Class Mercedes. That has 100 million lines of code. That’s insane. And it’s not just 100 million lines of code. It’s got five separate networks, and over 10 different operating systems, and the software-based costs of that car is now approaching 50 percent. When you’re driving down the street, you’re surrounded by a few computers, 100 million lines of software code, and four tires that’s moving you along.”
Now, consider that the average developer makes one error every thousand lines of code. “Do the math,” Adams said. “Think about how many software defects are rolling around with you in your Mercedes. It’s pretty daunting.”
So, it is the sheer number of IoT devices — with Adams’ claim that since 2016, there are more IoT devices on the planet than people — the fact that there are no good automated testing tools for IoT software, and the lack of security awareness of development teams creating these apps that leave IoT applications, data and devices vulnerable.
Finally, for the first time, IoT security transverses both cybersecurity and safety. That, Adams, said, is something we haven’t really seen before. “You’ve got medical devices, cars … cars are IoT devices. Now, you’re introducing a safety factor. It’s not just stealing credit cards or identities anymore. You’re literally talking about driving cars off the road, being able to deliver the wrong doses of medicines, being able to stop someone’s pacemaker. These are all legitimate attack vectors that have previously never even been imagined, and it’s all enabled through the magic of software and the beauty of IoT. So the importance of securing IoT software specifically, it’s just critically important. I can’t stress that enough.”
Despite these potential doomsday scenarios, Google IoT’s Chakraborty sees proof-of-concept prototypes rolling out in areas such as transportation and manufacturing, where the value proposition is clear.
In manufacturing, though, challenges include complexity and a lack of connectivity in aging factories — some simply don’t even have Wi-Fi on their factory floors. “There is a huge opportunity in predictive maintenance,” he said. “It’s the first step to automation. But owners now don’t have visibility into multiple factories. They need to connect to get a central view of all factories. Then they can build machine-learning models to predict when a machine might fail.”
That, is living on the edge.