Smart Cities: opportunity … and danger if security isn’t a priority

Smart cities are one of the Internet of Things’ most promising areas — as well as one of the most potentially dangerous.

As this list of smart city initiatives shows, The IoT can reduce energy consumption, cut operating costs, and improve the quality of life. However, if hacked, it could also potentially paralyze an entire city and plunge it into darkness and/or create traffic gridlock.

As in so many other IoT areas, which scenario wins out will rest increasingly on making security and privacy in smart cities an absolute priority from Day 1, not an afterthought.

A recent New York Times article brings the issue to the foreground again, through the work of Cesar Cerrudo, an Argentine security researcher and chief technology officer at IOActive Labs, who showed what happens when idiots (so sue me…) decide not to make security a priority:

” (he) demonstrated how 200,000 traffic control sensors installed in major hubs like Washington; New York; New Jersey; San Francisco; Seattle; Lyon, France; and Melbourne, Australia, were vulnerable to attack. Mr. Cerrudo showed how information coming from these sensors could be intercepted from 1,500 feet away — or even by drone — because one company had failed to encrypt its traffic.

“Just last Saturday, Mr. Cerrudo tested the same traffic sensors in San Francisco and found that, one year later, they were still not encrypted.”

Even worse, Cerrudo found the same failure to bake in obvious security measures such as encryption in a wide range of other smart city devices and software.

The article goes on to cite a variety of very real cybersecurity threats to cities and critical infrastructure (don’t forget that about 85% of the nation’s critical infrastructure is in private ownership) including a break-in at a utility’s control network by a “sophisticated threat actor” that just guessed a password.

Among the measures Cerrudo suggests that cities take to reduce their vulnerability:

  • think of cities “as vast attack surfaces that require security protection just as a corporate network might.”
  • encrypt data, use strong passwords, and patch security holes
  • create computer emergency response teams (CERTs), for rapid response
  • restrict data access and monitor who does have it.
  • “Finally, he suggests that cities prepare for the worst, as they would for a natural disaster.”

He concluded:

“When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated — that the systems can be easily hacked and there are security problems everywhere — that is when smart cities become dumb cities.” (my emphasis)

Let me be blunt about it: whether in smart cities or any other aspect of the Internet of Things, if your attitude is “we’ll get around to security” after concentrating on product development, you’re irresponsible and deserve to fail — before your irresponsibility harms others.


BTW, here’s a great way for you to have a role in shaping tomorrow’s smart cities. IBM (who would have thunk it?  I suspect this is reflects Ginni Rometty’s change in direction and attitude at the top) has created People for Smarter Cities, a new site to crowdsource ideas for how to make cities smarter. It’s a great example of democratizing innovation, one of my IoT Essential Truths. I plan to contribute and hope you will as well!

comments: Comments Off on Smart Cities: opportunity … and danger if security isn’t a priority tags: , , , , ,

Apple & IBM partnership in Japan to serve seniors a major step toward “Smart Aging”

As Bob Seger and I prepare to turn 70 (alas, no typo) on Wednesday (as long as he’s still singing “Against the Wind” I know I’m still rockin’) my thoughts turn to my “Smart Aging” paradigm, which combines Quantified Self devices that can change our relationships with doctors into a partnership and give us encouragement to do more fitness activities and smart home devices that make it easier for seniors to run their homes and avoid institutionalization.

That’s why I was delighted to read this week about Apple (obligatory disclaimer: I work part-time at The Apple Store, especially with “those of a certain age,” but am not privy to any of their strategy, and my opinions are solely my own) and IBM teaming with Japan Post (hmm: that’s one postal service that seems to think creatively. Suspect that if one B. Franklin still ran ours, as he did in colonial days, we’d be more creative as well…) to provide iPads to Japan’s seniors as part of Japan Post’s “integrated lifestyle support group” (the agency will actually go public later this year, and the health services will be a key part of its services).

Apple and IBM announced, as part of their “enterprise mobility” partnership that will also increase iPads’ adoption by businesses, that they will provide 5 million iPads with senior-friendly apps to Japanese seniors by 2020.  IBM’s role will be to develop app analytics and cloud services and “apps that IBM built specifically for elderly people .. for medication adherence … exercise and diet, and … that provide users with access to community activities and supporting services, including grocery shopping and job matching.”

The overall goal is to use the iPads and apps to connect seniors with healthcare services and their families.  I can imagine that FaceTime and the iPads’ accessibility options will play a critical role, and that current apps such as Lumosity that help us geezers stay mentally sharp will also be a model.

According to Mobile Health News, the partnership will offer some pretty robust services from the get-go:

“If seniors or their caregivers choose, they can take advantage of one of Japan Post Groups’ post office services, called Watch Over where, for a fee, the mail carriers will check in on elderly customers and then provide the elderly person’s family with an update. 

“In the second half of this year, customers can upgrade the service to include iPad monitoring as well.After Japan Post Group pilots the iPads and software with 1,000 seniors for six months, the company will expand the service in stages.”

Lest we forget, Japan is THE harbinger of what lies ahead for all nations as their populations age. 20% of the population was already over 65 in 2006,  38% will be in 2055.  As I’ve said before in speeches, the current status quo in aging is simply unsustainable: we must find ways for seniors to remain healthy and cut the governmental costs of caring for them as they grow as a percentage of the population.  As Japan Post CEO Taizo Nishimuro (who looks as if he’s a candidate for the new services — y0u go, guy!) said, the issue is “most acute in Japan — we need real solutions.”

IBM CEO Ginni Rometty said her company will take on a 3-part mission:

“First, they’ll be working on ‘quality of life apps,’ both by building some themselves and by integrating others, all of which will be aimed at accessibility first. The key target will be iOS, since it’s a mobile-first strategy in keeping with our changed computing habits. Second, they’re working on developing additional accessibility features not yet available, and third they’re helping Japan Post with the service layer required to deliver this to the elderly.”

Sweet! — and it reminds me of the other recently announced IBM/Apple announcement, in that case with J & J, to build a robust support structure for Apple’s new open-source ResearchKit and HealthKit platform to democratize medical research.  The IoT ain’t nothin’ without collaboration, after all.

Cook, according to TechCrunch, put the initiative in a global context (not unlike his environmental initiatives, where, IMHO, he’s become THE leading corporate change agent regarding global warming):

“Tim Cook called the initiative ‘groundbreaking,’ saying that it is ‘not only important for Japan, but [also] has global implications. Together, the three of us and all the teams that work so diligently behind us will dramatically improve the lives of millions of people.’

“…. The Apple CEO talked about how the company aims to ‘help people that are marginalized in some way, and empower them to do the things everyone else can do.” He cited a UC Irvine study which details how remote monitoring and connection with loved ones via iPad help instill a sense of confidence and independence in seniors. He added that he believes what the companies are doing in Japan is also scalable around the world.”

It will be interesting to see exactly how the partnership addresses the challenge of creating those senior-friendly “quality of life” apps: as someone who’s on the front-lines of explaining even Apple’s intuitive devices to older customers, I can tell you that many seniors begin are really frightened by these technologies, and it will take a combination of great apps and calm, patient hand-holding to put them at ease.

As I enter my 7th decade, I’m pumped!

comments: Comments Off on Apple & IBM partnership in Japan to serve seniors a major step toward “Smart Aging” tags: , , , , , , , , , ,

GE & IBM make it official: IoT is here & now & you ignore it at your own risk!

Pardon my absence while doing the annual IRS dance.

While I was preoccupied, GE and IBM put the last nail in the coffin of those who are waiting to launch IoT initiatives and revise their strategy until the Internet of Things is more ….. (supply your favorite dismissive wishy-washy adjective here).

It’s official: the IoT is here, substantive, and profitable.

Deal with it.

To wit:

The two blue-chips’ moves were decisive and unambiguous. If you aren’t following suit, you’re in trouble.

The companies accompanied these bold strategic moves with targeted ones that illustrate how they plan to transform their companies and services based on the IoT and related technologies such as 3-D printing and Big Data:

  • GE, which has become a leader in 3-D printing, announced its first FAA-approved 3-D jet engine part, housing a jet’s compressor inlet temperature sensor. Sensors and 3-D printing: a killer combination.
  • IBM, commercializing its gee-whiz Watson big data processing system, launched Watson Health in conjunction with Apple and Johnson & Johnson, calling it “our moonshot” in health care, hoping to transform the industry.  Chair Ginny Rometty said that:

“The Watson Health Cloud platform will ‘enable secure access to individualized insights and a more complete picture of the many factors that can affect people’s health,’ IBM says each person generates one million gigabytes of health-related data across his or her lifetime, the equivalent of more than 300 million books.”

There can no longer be any doubt that the Internet of Things is a here-and-now reality. What is your company doing to catch up to the leaders and share in the benefits?

 

comments: Comments Off on GE & IBM make it official: IoT is here & now & you ignore it at your own risk! tags: , , , , , , , , ,

FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

comments: Comments Off on FTC report provides good checklist to design in IoT security and privacy tags: , , , ,

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

My take on the IoT at CES

Here I am languishing in bitterly-cold Massachusetts, while all the cool kids are playing with toys at CES!  I’ll try to get over it and give you my impressions of the Internet of Things new product introductions, as filtered through the lens of my IoT Essential Truths:

  • Perhaps the most important development is Samsung’s whole-hearted embrace of the IoT, building on its acquisition of SmartThings.  In his keynote, Samsung CEO BK Yoon struck exactly the right notes, emphasizing the need for open standards and collaboration.Within 5 years, all new Samsung products will be IoT enabled.Don’t forget that Samsung doesn’t just make consumer products, but also critical IoT tools such as sensors and chips.  Its 3-D range sensors that can detect tiny movements may be a critical IoT components.SmartThings CEO Alex Hawkinson was part of the presentation, and stressed:

    “For the Internet of Things to be a success, it has to be open, Any device, from any platform, must be able to connect and communicate with one another. We’ve worked hard to accomplish this, and are committed to putting users first, giving them the most choice and freedom possible.”

  • If was accurate, the GoBe calorie counter could be a great Quantified Self device. I still find it waaay to time-consuming and laboriously to look up specific foods’ caloric content and enter them into an app. However, The Verge says not so fast…..  What might be feasible is the InBody Bend, to measure the result of those calories — your body fat — and your heart rate. It’s also a pedometer and measures your calories burned. Oh, yeah, the Bend also tells time. Best of all, it will go 7-8 days between charges.
  • The HereO children’s watches seem like a great product for worried parents, allowing them to locate the wee ones via GPS.
  • While I think the key to realizing my “Smart Aging” paradigm shift will primarily be tweaking mainstream IoT Quantified Self and smart home devices for seniors’ special needs, there are some issues, such as hearing loss, that particularly affect seniors. In that category, Siemens’ Smart Hearing Aid looks promising, and an interesting example of enhancing a not-so-great existing product using IoT capabilities. A key is the unobtrusive clip-on easyTek  which complements the in-ear device, and can connect (via Bluetooth) to smartphones, computers or TVs, so that the hearing aides also function as earphones for those devices. As The Verge reports, even those with good hearing might end up using it.
  • However, my two favorite CES intros both enhance a decidedly 19th-century product, the bike.They illustrate the Essential TruthWhat Can You Do Now That You Couldn’t Do Before?
    Smart Pedal

    Smart Pedal

    One is a nifty substitute for a plain-vanilla pedal, from Connected Cycle. On a day-in-day-out basis, the pedal is a Quantified Self device, recording your speed, route, incline, and calories burned.

    However, when some miscreant steals your ride, it’s the two-wheel equivalent of Find My iPhone, telling you and the cops exactly where the bike’s located.

    Ok, that’s nice, but the other bike device introduced at CES can save your life!

    Smart Bike Helmet

    In the spirit of IoT collaboration, Volvo, Ericsson & sporting goods manufacturer POC have worked together on a smart helmet.

    The bike’s and the car’s locations are both uploaded to the cloud.

    If the  helmet is connected to a bike app such as Strava, built-in warning lights warn it there’s a car nearby, while a heads-up display on the dash warns the driver at the same time.

    I can’t see Volvo gaining any competitive advantage from this, and, of course, the technology will really only be effective if every hemet and every car are equipped with it, so I hope the partners will release it for universal adoption. Who would have ever thought that the IoT could peacefully bring bicyclists and motorists together. Just shows you that with the IoT, we’ll have to re-examine a lot of long-held beliefs!

 

comments: Comments Off on My take on the IoT at CES tags: , , ,

Disney MagicBands: as important symbolically for IoT as substantively!

(I’ve been meaning to write about this particular IoT device for a long time — my apologies for the delay)

I have no objective evidence for this, but I suspect that many C-level executives first learned about e-commerce when they placed personal orders during the Christmas season of 1995. Thus, Amazon deserves a disproportionate share of credit for launching the e-commerce era.

Magic Bands play a number of roles at Disney parks

Similarly, I suspect that many C-level executives’ first direct experience with the Internet of Things has come, or may come this holiday season, with their family’s first visit to Disneyworld since Disney began the beta testing of its MagicBands, which are arguably the most high-profile public IoT devices so far.

IMHO, Disney deserves a lot of credit for such a public IoT project, especially many of the initial reviews were decidedly mixed due to technical and management glitches — risking irritating customers. 

The project reportedly cost north of $1 billion.

The major lesson to decision makers in other industries to be gained from the MagicBand is my favorite IoT “Essential Truth“: who else can use this data?

Disney uses the band data, either by itself, or aggregated with other visitors, to improve almost every aspect of park operations, marketing, and the customer experience — illustrating the versatility of IoT devices:

  • control logistics, speeding entry to the park and individual rides
  • coordinate outside transportation
  • balance demand for various rides
  • add new functionality to existing technology such as the Disney app
  • control mechanical systems, such as hotel door locks
  • add a social component (and avoid the stresses of families getting
  • handle and speed in-park financial transactions
  • personalize the park experience and improve customer satisfaction
  • harvest and analyze big data on customer preferences.

The bands, which work because they have RFID chips inside, are worn on your wrist throughout your stay at the parks. When you book the trip, Disney lets you choose your favorite color, and the band comes in a presentation box with your name on it.

Before leaving, you can program it in conjunction with the My Disney Experience app and web page, entering key choices such as hotels, your favorite rides (FastPass+), dinner reservations, etc., and your credit card info so that they can be used to pay for meals and merchandise.

Disney warns visitors not to pack the bracelets in their luggage, because they are even used to board the transportation from the Orlando airport.

Putting aside the programming involved, this had to be a tremendous logistical challenge, changing the hotel locks, installing readers at each ride, putting readers in the restaurants and shops, which probably accounts for many of the glitches that customers reported during the pilot phase.

My future son-in-law, Greg Jueneman, who knows EVERYTHING about Disneyland, weighs in from a customer standpoint:

“I think they take the spontaneity out of a Disney World vacation. Everything has to be planned in advance and a schedule has to be followed. As a technology they are cool, I’m sure Disney had lots of plans for them but so far the only real thing that they do is open your hotel room without a “key” and allow you to pay for things without your cards (I’m sure Disney loves that! – some blogs Ifollow have said that spending with Magic Bands is up 40%, that’s impressive!).”

As you can imagine, there are also important data privacy and security issues: on one hand, it would probably be very cool to have Mickey come up to you and say “happy 5th birthday, Jeremy,” but that could also creep parents out, and you’d be worried about someone running up a tab on your credit card if you mislaid the band.

From my reading of the most recent media coverage, it appears that most of the beta test problems have been worked out, and that Disney is fully-committed to universal use of the bands in the future.

If you’re visiting Disney this holiday season, think about possible IoT strategy lessons for your company from the MagicBand:

  • marketing: how it can personalize the customer experience and increase sales?
  • transactions: how can it streamline transactions (have to think that Apple looked carefully at this in designing Apple Pay)?
  • operations: how can real-time data from many users help streamline operations and reduce congestion?

Maybe you can write off the family vacation as research! Have fun.

 

comments: Comments Off on Disney MagicBands: as important symbolically for IoT as substantively! tags: , , , , , ,

Live Blogging from IoT Global Summit

I’ll be live-blogging for the next two days from the 2nd Internet of Things Global Summit.

  • Edith Ramirez, FTC chair:
    • potential for astounding benefits to society, transforming every activity
    • risks: very technology that allows this can also gather info for companies and your next employer
    • possible consumer loss of confidence in connected devices if they don’t think privacy w
    • 3 challenges:
      • adverse uses
      • security of the data
      • collection of the data
    • key steps companies should take:
      • security front and center
      • deidentify data
      • transparent policies
    • data will provide “startlingly complete pictures of us” — sensors can already identify our moods, even progression of neurological diseases
    • how will the data be used? will TV habits be shared with potential employers? Will it paint picture of you that others will see, but you won’t
    • will it exacerbate current socio-economic disparities?
    • potential for data breaches such as Target grows as more data is collected
    • FTC found some companies don’t take even most basic protections. Small size and cheap cost of some sensors may inhibit data protections
    • steps:
      • build security in from beginning
      • security risk assessment
      • test security measures before launch
      • implement defense and depth approach
      • encryption, especially for health data.
    • FTC action against TrendNet
    • follow principle of “data minimization,” only what’s needed, and dispose of it afterwards.
  • she’s skeptical of belief that there should be no limits on collection of data (because of possible benefits)
    • de-identified data: need dual approach — commit to not re-identify data
    • clear and simple notice to consumers about possible use of data.
    • Apple touting that it doesn’t sell data from Health App — critical to building consumer trust
    • transparency: major FTC priority. FTC review of mobile apps showed broad and vague standards on data collection & use.
  • Ilkka Lakaniemi, chair, FIWARE Future Internet PPP, EU perspective on IoT:
    • lot easier to start IoT businesses in Silicon Valley because of redundant regulations in EU
    • Open Standard Platform + Sustainable Innovation Ecosystem. “Synergy Platform”
  • Mark Bartolomeo,   vp of integrated solutions, Verizon:
    • Bakken Shale area visit: “landscape of IoT” solutions — pipeline monitoring, water monitoring, etc.
    • concerned about rapid urbanization: 30% of city congestion caused by drivers looking for parking. $120B wasted in time and fuel yearly.
    • cars: “seamless nodes” of system.
    • market drivers & barriers:
      • increased operational efficiency, new revenue streams, better service, comply with regulators, build competitive edge
      • fragmented ecosystem, complex development, significant back end obstacles
    • they want integrated systems.
    • need to remove barriers: aging infrastructure, congestion, public safety, economics
    • remove complexity
    • economies of scale: common services
    • trend to car sharing, smart grid
    • yea: highlighting intellistreets — one of my 1st fav IoT devices!!
    • Verizon working primarily on parking & traffic congestion on the East Coast, and water management in CA.

Smart Cities:

  • Nigel Cameron: nation-state receding, cities and corporations on ascendency
  • Sokwoo Rhee, NIST: Cyber-Physical Systems — emphasis on systems dynamics, data fed back into system, makes it autonomous.  Did Smart America Challenge with White House. Fragmentation on device level. Demonstrate tangible effects through collaborations. Examples: health care systems, transactive energy management, smart emergency response, water distribution, air quality. 24 projects.  Round Two is application of the projects to actual cities. Now 26 teams.
  • Joseph Bradley, VP, IoT Practice, Cisco Consulting: value isn’t in the devices, but the connections. Intersection of people, data, process, and things. Increase City of Nice’s parking revenue 40-60% without raising taxes through smart parking. They project $19 trillion in value over 10 years from combo of public and private innovations. Smart street lighting: reduces crime, property values increase, free wi-fi from the connected street lights. Barcelona is Exhibit A for benefits. Need: comprehensive strategy (privacy is a contextual issue: depends on the benefits you receive), scalability, apps, data analytics, transparency, powerful network foundation, IoT catalyst for breaking down silos, IoT must address people and process.
  • Ron Sege, chair and ceo of Echelon Corp: got started with smart buildings, 25 yrs. old. Why now with IoT: ubiquitous communications, low cost, hyper-competition, cloud. They do outdoor & indoor lighting and building systems. Challenges: move to one infrastructure/multiple use cases, will IT learn about OT & visa-versa?, reliability: critical infrastructure can’t fail & must respond instantly.
  • Christopher Wolf, Future of Privacy Forum: flexible, use-based privacy standards. Industry-wide approach to privacy: auto industry last week told NISTA about uniform privacy standards for connected cars (neat: will have to blog that…).
  • Peter Marx, chief innovation officer, City of LA:  big program to reduce street lights with LEDs: changed whole look of city at night & saves lot of money. 6 rail lines being built there. Adding smart meters for water & power. EV chargers on street lights. Held hackathon for young people to come up with ideas to improve city. Procurement cycles are sooo arcane that he suggests entrepreneurs don’t do business with city — he just tries to enable them.

Outside the City:

  • Darrin Mylet, Adaptrum: Using “TV white space spectrum” in non-urban areas. Spectrum access critical:need mix of spectrum types. Where do we need spectrum? Most need in non-line-of-sight areas such as trees, etc. Examples: not only rural, but also some urban areas (San Jose); Singapore; Africa; redwood forests;
  • Arturo Kuigami, World Bank: examples in developing nations: (he’s from Peru); most of global migration is to smaller cities; look at cities as ecosystems; “maker movement” is important — different business models: they partnered with Intel and MIT on “FabLabs” in Barcelona this year. MoMo — water access point monitoring in Tanzania.  Miroculus: created by a global ad hoc team — cheap way to make cancer diagnosis: have identified 3-4 types of cancers it can diagnose. Spirometer to measure COPD, made by a 15-year old! “IoT can be a global level playing field.”
  • Chris Rezendes, INEX Advisors: Profitable sustainability: by instrumenting the physical world, we can create huge opportunities for a wide range of people outside our companies. Focusing on doing a better job of instrumenting and monitoring our groundwater supplies: very little being done in SW US right now (INEX investing in a startup that is starting this monitoring). If we have better data on groundwater, we can do a better job of managing it. “Embrace complexity upfront” to be successful.
  • Shudong Chen, Chinese Academy of Sciences: talking about the Chinese food security crisis because of milk production without a food production license.  Government launched “Wuxi Food Science & Technology Park.”

Smart Homes:

  • Tobin Richardson, Zigbee Alliance: critical role of open, global standards. Zigbee LCD lights now down to $15.
  • Cees Links, GreenPeak Technologies: Leader in Zigbee-based smart home devices. Smart home waay more complex than wi-fi.  1m chips a week, vs. 1 million for whole year of 2011. “Not scratching the surface.” Small data — many small packets.
  • Todd Green, CEO PubNub: data stream network.
  • no killer app for the smart home..  Controlling by your phone not really that great a method.
  • FTC agrees with me: a few adverse stories (TrendNet baby cam example) can be really bad for an industry in its infancy.
  • always hole in security. For example, you can tell if no one’s home because volume of wi-fi data drops.W
  • FTC: consumer ed critical part of their work. Working now on best practices for home data protection.
  • mitigation after a security breach? Always be open, communicate (but most hunker down!).

DAY TWO

Beyond Cost Savings: Forging a Path to Revenue Generation

  • Eric Openshaw: (had tech problems during his preso: very important one — check the Deloitte The Internet of Things white paper for details) cost savings through IoT not enough for sustainable advantage: need to produce new revenue to do that. Defined ecosystem shaping up, which creates clarity, breaks down silos.
    • areas: smart grid, health care, home automation, cars, industrial automation
    • study the GE jet model for health care: what if doctors were paid to keep us healthy.
    • need comprehensive understanding of the change issues
    • be very specific: singular asset class, etc. — so you get early victories
    • companies will have overarching, finite roadmap
    • security & privacy dichotomy: differentiate between personal health care data and data from your washing machine. Most of us will share all sorts of information if there’s something in return
    • get focused on customer and product life cycle — that’s where the money will be. Focus on operating metric level. This is most far-reaching tech change he’s seen.

Managing Spectrum Needs

  • Julius Knapp, Chief, FCC Office of Engineering & Technology: new opportunity to combine licensed and unlicensed space. Described a number of FCC actions to reconsider role of various types of spectrum. “Hard to predict I0T’s long-term spectrum needs” because industry is new: they’ll watch developments in the field.
  • Prof. H. Nwana, exec. director of Dynamic Spectrum Alliance: most spectrum usually not used in most places at most time.  His group working to use changes to spectrum to end digital divide: (used incredible map showing how much of world, including US, China, India, W. Europe, could be fitted into Africa).
  • Carla Rath, VP for Wireless Policy, Verizon: “in my world, the network is assumed.”  Need for more spectrum — because of growth in mobile demand. Praises US govt. for trying to make more spectrum available. Don’t want to pigeonhole IoT in certain part of spectrum: allow flexibility.  Tension between flexibility and desire for global standards when it comes to IoT.
  • Philip Marnick, group director of spectrum policy, Ofcom UK:  no single solution.  Market determines best use. Some applications become critical (public safety, etc.) — must make sure people using those are aware of chance of interference.
  • Hazem Moakkit, vp of spectrum development for 03b (UK satellite provider for underserved areas of developing world): “digital divide widened by IoT if all are not on board.” Fair allocation of spectrum vital.
  • interesting question: referred to executive of a major farm equipment manufacturer whose products are now sensor-laden (must be John Deere…) and is frustrated because the equipment won’t work in countries such as Germany due to different bands.

Architecting the IoT: Sensing, Networking & Analytics: 

  • Tom Davenport: IoT highly unpredictable. “Great things about standards is there’s so many to choose from” — LOL.  Will IoT revolution be more top down or bottom up?
  • Gary Butler, CEO, Camgian: announcing an edge system for IoT. Driven by sensor info. Need new networking architecture to combine sensing and analytics to optimize business processes, manage risk. Systems now built from legacy equipment, not scalable. They’re announcing new platform: Egburt. Applicable to smart cities, retailing, ifrastructure (I’ll blog more about this soon!!). “Intelligence out of chaos.” Anomaly detection. Real-time analysis at the device level. Focus on edge computing. Must strengthen the ROI.
  • Xiaolin Lu, Texas Instruments fellow & director of IoT Lab: Working in wearables, smart manufacturing, smart cities, smart manufacturing, health care, automotive. TI claims it has all IoT building blocks: nodes, gateway/bridge or router/cloud.  Power needs are really critical, with real emphasis on energy harvesting from your body heat, vibration, etc. Challenges: sensing and data analytics, robust connectivity, power, security, complexity, consolidation of infrastructure and data. Big advocates for standards. They work on smart grid.
  • Steve Halliday, president, RAIN RFID: very involved in standards. 4 BILLION RFID tags shipped last year. Don’t always want IP devices. Power not an issue w/ RFID because they get their power from the reader. Think RFID will be underpinning of IoT for long time. Lot of confusion in many areas about IoT, especially in manufacturing.
  • Sky Mathews, IBM CTO: IBM was one of earliest in the field, with Smarter Planet. Lot of early ones were RFID. A variety of patterns emerging for where and how data is processed. What APIs do you want to expose to the world? “That’s where the real leaps of magnitude will occur” — so design that in from beginning.

‘People’ Side of the IoT: meeting consumer expectations:

  • Mark Eichorn, asst. director, Consumer Protection Bureau, FTC: companies that have made traditional appliances & now web-enable them aren’t always ready to deal with data theft. Security and privacy: a lot don’t have privacy policies at all. At their workshop, talk about people being able to hack your insulin readings.
  • Daniel Castro, sr. analyst, Center for Data Innovation: thinks that privacy issue has been misconstrued: what people really care about is keeping data from government intrusion. Can car be designed so a cop could pull it over automatically (wow: that’s a thought!). Chance for more liability with misuse of #IoT data.
  • Linda Sherry, director of national priorities, Consumer Action: “convenience, expectations and trust.” “What is the IoT doing beside working?” Connecting everything may disenfranchise those who aren’t connected. Need to register those who collect data – hmm. Hadn’t heard that one before. Even human rights risks, stalking, etc. — these issues must be thought about. Can algorithms really be trusted on issues such as insurance coverage? How do you define particularly sensitive personal data? “Hobbling the unconnected” when most are connected? “Saving consumers from themselves.” “Document the harms.” Make sure groups with less $ can really participate in multi-stakeholder negotiations.
  • Stephen Pattison, vp of public affairs, ARM Holdings: disagrees with Linda about slowing things down: we want to speed up IoT as instrument of transformation. We need business model for it. Talks about how smart phone didn’t explode until providers started subsidizing purchase. He suspects that one model might be that a company would provide you whole range of smart appliances in return for your data. “Getting data right matters.” “Freak events” drive concerns about data security & privacy: they generate concern and, sometimes, “heavy-handed” regulation.
    Industry must work together on framework for data that creates confidence by public. Concerns about data are holding back investment in the field. They’re working with AMD on a framework: consumers own their own data — must start with that (if they do, people will cooperate); not all data equally sensitive — need chain of custody to keep data anomyzed; security must be right at the edge; simplify terms and conditions.
    Sometimes thinks that, in talking about IoT, it’s like talking about cars in 1900, but we managed to create a set of standards that allowed it to grow: “rules of the road,” etc.
comments: 2 »

Live-blogging @ Wearables + Things

 

Just arrived @ Wearables + Things conference (I’ll speak on “Smart Aging” tomorrow). Hmm: there’s one noteworthy player absent from the conference: those guys from Cupertino. Wonder why they’re not there (perhaps in stealth mode??)

Conference already underway, about to have 2 new product reveals!

  1. iStrategyLabs, “Dorothy,” connects your shoe to your phone. You’re stuck in a conversation, need way to leave. What if you could click your heels together three times (get it, Dorothy???) and you’d get a bail-out call (or you can trigger an IFTTT recipe or call for a pizza…). “Ruby” goes in shoe.  OK, this ain’t as significant as either the Lechal haptic shoe, but who knows how it might evolve…
  2. Atlas Wearables’ fitness product, Atlas. Their goals is seamless, frictionless experiences. “What if device could recognize specific motions you’re making?” This is really cool: it recognizes and records a wide range of fitness activities, such as push-ups.  I really don’t like fact that my Jawbone can’t do that, so this looks good!

Sony Mobile, Kristian Tarnhed. Challenges:

  1. g data overload. They have a “lifelog” app that tries to make sense of all the data.
  2. too many devices that want your attention. Make them complement smart phone as much as possible.
  3. is it really wearable, usable? 

Very funny: no one mentions Apple. 10-ton gorilla in the room????


Amazing preso by Jim McKeeth: “Is Thought the Future of Wearable Input?”  Guy wearing Google Glass is controlling a drone! Wouldn’t that be an incredible thing for “Smart Aging”  to allow a frail elder to control various household things just by thinking them?


 

Oren Michels, chief strategist, Intel (he was an API pioneer at Mashery):

  • APIs make connections. The Epocrates platform from Athena Health is an example: may save $3.5B.
  • Also working in travel. Example is Sabre, which has switched to an open API.
  • APIs create better customer experiences: Apple Pay! 30% of Starbucks revenue from its phone purchase app.

Quick time to market: Coke was able to restock vending machines instantly during 2012 Olympics through API.

  • Examples:
    • better healthcare monitoring: give small devices processing power through cloud
    • connected car ecosystem (BMW iConnected Services, MyCityWay, TomTom’s WebFleet)
    • Snapshot from Progressive
    • Inrix — “data for planning smart cities”

This, IMHO, is sooo important: open APIs are great example of my Essential Truth of “who else can use this data?” — you don’t have to develop every kewl use for your device yourself: open the API and others will help!


Peter Li, Atlas Wearables (the company that debuted their new device yesterday):

  • iPhone: remember, it was a 3-in-one solution.
  • sensors now commoditized: cheap & tiny
  • he was a biomedical engineer
  • synergistic benefits by combining data streams
  • era of augmentation: making you better without you having to think about it.
  • frictionless actions

“sensors root of the revolution”


Brad Wilkins, Nike science director:

  • he’s exercise physiologist
  • they have whole detailed process to understand physiological phenomena. Role of sensor is the describe the phenomena. Then apply that data to enhance athlete potential

Noble Ackerson, Lynxfit, “Hacking Your Way Through Rehab With Wearables”

  • they let content publishers (they work with Stanford Health, UnderArmour, etc.) in rehab area to push info to devices. Prescribe workouts.  Device agnostic.
  • They’ve imported 65 different activities into program.
  • Track: heart rate, pace, position, speed, endurance, breathing, sentiment.

Panel: Jim Kohlenberger, JK Strategies; Jose Garcia, Samsung; Mark Hanson, BeClose; Alison Remsen, Mobile Future:

  • BeClose is working with seniors!!
  • Samsung working with airports to make flying experience more enjoyable.
  • BeClose: take some of burden off health care system.
  • how government can help: faster networks. “First, do no harm.” — Digital Hypocratic Oath.

DHS (sorry, didn’t get his name):

  • In a crisis,  “data  must inform at the speed of thought” Brilliant
  • To be operational, data must be intuitive, instinctive, interoperable, and wearable.
  • Creating “Next Generation First Responder”
  • Creating fire jackets with sensors built in.

Proximity-aware apps using iBeacon:

  • beacons are Bluetooth v4.0 Low Energy transmitters.
  • mobiles can identify and determine proximity to beacon: usual range is 25 to 40 m, but you can tune it to much shorter range.
  • beacons broadcast unique identifier for the place. Also provide Measured Power Value: what’s signal strength of beacon at specific distance.
  • the beacon only sends out a unique identifier, which triggers the app contains all the info that drives the experience.
  • app is notified whether you’re in immediate range, near, or far range (might even want to present content when person exits the area).
  • beacons protect privacy by being opt-in. They are transmit only: don’t receive or collect signals from mobile devices.
  • Apple requires that the app specifically ask user to allow proximity-aware mobile app to access their location.
  • non iBeacon versions: AltBeacon (Radius Network’s opsolves en source alternative), and other ones that specific companies will introduce, optimized for their products.
  • Radius multi-beacon: solves fragmentation problem or multiple, incompatible beacon ad types. Their RadBeacons handle both types.
  • RadBeacon: USB powered, coin-cell battery powered, AA battery powered.  Most beacons will only last about a month before battery change.
  • Future of beacons: will be split in market: corporate (one of their questions has rolled out more than 16,000 — they won’t powered or long-battery-life versions & remote monitoring) vs. consumers (cheap & disposable). Will be integrated into equipment (wifi access-point hotspots, POS terminals, fuel dispensers, self-service kiosks.

My presentation about “Smart Aging”


 

Privacy & Security Panel:

  • There is real risk of personal data being intercepted. “No perfect solutions.”
  • Data can be stored on smart phone OR uploaded to cloud. What control does user have? What if you have health wearable that sends info on blood pressure, etc., to cloud, where it gets shared with companies, and, for example, it can link data to your Facebook data, could be risk of disclosure.
  • HIPPA and variety of other regulations can come into play.
  • Things moving very quickly, data captured & used. Example of Jawbone data from people who were sleeping during California quake: users upset because the data was disclosed to news media — even though it was just aggregated, was creepy!
  • FTC went after the Android flashlight app that was aggregating data. A no-no.
  • have to make it simple to understand in statements about how your data will be collected & used.
  • Tiles: if the device is gone from home, will send alert to ALL Tile devices. You might be able to modify the software so you (bad guy) could retrieve it it while the owner would think it was still lost.  Stalker might even be able to use this data..

Scott Amyx, Amyx & McKinsey,  “The Internet of Things Will Disrupt Everything”:

  • Example of McLean, the developer of intermodal shipping container. Hmm: does Amyx know about how Freight Farms has created IoT-enhanced food growing in freight containers???
  • future of M2M will allow sensors with embedded processors — smarter than today’s computers.
  • memory: over time, memory will only grow.
  • wifi: most locked networks are idle most of day. Harness them.
  • lifi: 2-way network to turn any light as a network. Higher-speed than wifi.
  • mesh networks (long-time fascination of mine, especially in disasters): every node creates more powerful network. Can’t be controlled by a central gov.
  • Implications:
    • can disrupt telecom (mesh networks)
    • shifting consumer data from cloud to you
  • they’re testing a system that would tell what a person really feels while they’re in store, film companies can test from pilot whether people will really like it. Creepy??
  • working with Element to bring this to fashion show: would gauge reaction.
  • IoT won’t be great leap, but gradual trend (like my argument that companies should begin with IoT by using it to optimize current manufacturing).
  • incredible vision of how you’ll drive to a biz appt. in driverless car, you’ll get briefing on the meeting from your windshield.
  • opportunities at every stage of the IoT development shift.
comments: Comments Off on Live-blogging @ Wearables + Things tags: , ,

Why It’s So Hard to Predict Internet of Things’ Full Impact: “Collective Blindness”

I’ve been trying to come up with a layman’s analogy to use in explaining to skeptical executives about how dramatic the Internet of Things’ impact will be on every aspect of business and our lives, and why, if anything, it will be even more dramatic than experts’ predictions so far (see Postscapes‘ roundup of the projections).

See whether you thing “Collective Blindness” does justice to the potential for change?

 

What if there was a universal malady known as Collective Blindness, whose symptoms were that we humans simply could not see much of what was in the world?

Even worse, because everyone suffered from the condition, we wouldn’t even be aware of it as a problem, so no one would research how to end it. Instead, for millennia we’d just come up with coping mechanisms to work around the problem.

Collective Blindness would be a stupendous obstacle to full realization of a whole range of human activities (but, of course, we couldn’t quantify the problem’s impact because we weren’t even aware that it existed).

Collective Blindness has been a reality, because vast areas of our daily reality have been unknowable in the past, to the extent that we have just accepted it as a condition of reality.

Consider how Collective Blindness has limited our business horizons.

We couldn’t tell when a key piece of machinery was going to fail because of metal fatigue.

We couldn’t tell how efficiently an entire assembly line was operating, or how to fully optimize its performance.

We couldn’t tell whether a delivery truck would be stuck in traffic.

We couldn’t tell exactly when we’d need a parts shipment from a supplier, nor would the supplier know exactly when to do a new production run to be read.

We couldn’t tell how customers actually used our products.

That’s all changing now. Collective Blindness is ending, …. and will be eradified by the Internet of Things.

What do you think? Useful analogy?

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management