Sensors remain critical to spread of Internet of Things

Posted on 22nd May 2015 in automotive, energy, health, Internet of Things, M2M, maintenance, management, manufacturing, retail, security, sensors, transportation, wearables

What happens with sensor design, cost, and security remains front-and-center with the Internet of Things, no matter how much we focus on advanced analytical tools and the growing power of mobile devices.

That’s because, on one hand, truly realizing the IoT’s full potential will require that at least some sensors get to the low-power, tiny size and cheap costs needed to realize Kris Pister’s dream of “smart dust” sensors that can be strewn widely.

On the other hand, there’s the chance that low-end sensors that don’t include adequate security firmware can’t keep up with the changing nature of security risks and may give hackers access to the entire network, with potentially disastrous effects.

That’s why several reports on sensors caught my eye.

PWC released a report, Sensing the Future of the Internet of Things, zeroing in on sensor sales as a proxy for increased corporate investment in the IoT, and concluding that by that measure, “the IoT movement is underway.” Based on its 2014 survey of 1,500 business and technology leaders worldwide, there was one eye-popping finding: the US lags behind the entire rest of the world in planned spending on sensors this year: 26% of Asian and almost as many from South America (percentage not given)  followed closely by Africa, with 18%.  The surprising laggards? Europe with 8% and North America, dead last at only 7%.  Hello?????

Equally interesting was the company’s listing of the industry segments leading the deployment of sensors and examples of the sensors they’re using:

  • Energy & Mining: 33%. “Sensors continuously monitor and detect dangerous carbon monoxide levels in mines to improve workplace safety.”
  • Power and Utilities: 32%.  Instead of the old one-way metering, “Internet-connected smart meters measure power usage every 15 minutes and provide feedback to the power consumer, sometimes automatically adjusting the system’s parameters.”
  • Automotive: 31%.  “Sensors and beacons embedded in the road working together with car-based sensors are used for hands-free driving, traffic pattern optimization and accident avoidance.”
  • Industrial: 25%. “A manufacturing plant distributes plant monitoring and optimization tasks across several remote, interconnected control points. Specialists once needed to maintain, service and optimize distributed plant operations are no longer required to be physically present at the plant location, providing economies of scale.”
  • Hospitality: 22%. “Electronic doorbells silently scan hotel rooms with infrared sensors to detect body heat, so the staff can clean when guests have left the room.”
  • Health Care: 20%. “EKG sensors work together with patients’ smartphones to monitor and transmit patient physical environment and vital signs to a central cloud-based system.”
  • Retail: 20%. “Product and shelf sensors collect data throughout the entire supply chain—from dock to shelf. Predictive analytics applications process this data and optimize the supply chain.”
  • Entertainment: 18%. “In the gaming world, companies use tracking sensors to transfer the movements of users onto the screen and into the action.”
  • Technology: 17%. “Hardware manufacturers continue to innovate by embedding sensors to measure performance and predict maintenance needs before they happen.”
  • Financial Services: 13%. “Telematics allows devices installed in the car to transmit data to drivers and insurers. Applications like stolen vehicle recovery, automatic crash notification, and vehicle data recording can minimize both direct and indirect costs while providing effective risk management.”

The surprises there were that health care penetration was so low, especially because m-health can be so helpful in diagnosis and treatment, while the examples of telematics seemed off the mark in the financial services category. Why not examples such as ApplePay?

More compelling were the relatively high rates of sensor deployment in high-stakes fields such as energy, utilities, and automotive: those are such huge industries, and the benefits of real-time data are so compelling that they show the IoT is really maturing.

Finally, the percentage of companies investing in sensors grew slightly, from 17% to 20%, with 25%of what PWC labels “Top Performers” are investing in them compared to 18% the previous year. Surprisingly, most companies don’t get it about sensors’ importance: only “14% of respondents said sensors would be of the highest strategic importance to their organizations in the next 3–5 years, as compared to other emerging technologies.”

Most important, 54% of those “Top Performers” said they’d invest in sensors this year.

 

Sensors’ promise as the size decreases — radically — and functionality increases was highlighted by The Guardian.  It focused on PragmaticIC Printing, a British firm that prints tiny, hairlike sensors on plastics. CEO Scott White’s hope is that:

” the ultra-thin microcircuits will soon feature on wine bottles to tell when a Chablis is at the perfect temperature and on medication blister packs to alert a doctor if an elderly patient has not taken their pills.

“With something which is slimmer than a human hair and very flexible, you can embed that in objects in a way that is not apparent to the user until it is called upon to do something. But also the cost is dramatically lower than with conventional silicon so it allows it to be put in products and packaging that would never justify the cost of a piece of normal electronics,” said White.

 

These uses certainly meet my test of real innovation: what can you do that you couldn’t do before. Or, as White puts it, “It is the combination of those factors [price and size] which allows us to start thinking about doing things with this which wouldn’t even be conceivable with conventional silicon based electronics.”

Another article that really caught my eye regarded a new category of “hearable” — and perhaps even, more radically, “disappearables” –sensors which the headline boldly predicted “As Sensors Shrink, Wearables Will Dis-appear.” But they were barely here in the first place, LOL!  The article mentioned significant breakthroughs in reducing sensors’ size and energy requirements, as well as harvesting ambient energy produced by sources such as bodily movement:

“Andrew Sheehy of Generator Research calculates that, for example, the heat in a human eyeball could power a 5 milliwatt transmitter – more than enough, he says, to power a connection from a smart contact lens to a smartphone or other controlling device.”

 The same article mentioned some cutting-edge research such as a Google/Novartis collaboration to measure glucose levels in tears via a contact lense, and an edible embedded microchip — the size of a grain of sand — and powered by stomach juices, which would transmit data by Bluetooth.
Elsewhere, a sampling of sensor design breakthroughs in recent months show the potential for radical reductions in costs and energy needs as well as increased sensitivity and data yield:

HOWEVER, as I said above, here’s what worries me. Are developers paying enough attention to security and privacy? That could be a real downfall for the IoT, since many sensors tend to be in place for years, and the nature of security challenges can change dramatically during that time.  Reducing price can’t be at the expense of security.

Let me know what steps you’re taking to boost sensor security, and I’ll mention them in a future post!

comments: Comments Off on Sensors remain critical to spread of Internet of Things tags: , , , ,

Smart Cities: opportunity … and danger if security isn’t a priority

Posted on 14th May 2015 in cities, government, Homeland Security, Internet of Things, mobile, privacy, security, US government

Smart cities are one of the Internet of Things’ most promising areas — as well as one of the most potentially dangerous.

As this list of smart city initiatives shows, The IoT can reduce energy consumption, cut operating costs, and improve the quality of life. However, if hacked, it could also potentially paralyze an entire city and plunge it into darkness and/or create traffic gridlock.

As in so many other IoT areas, which scenario wins out will rest increasingly on making security and privacy in smart cities an absolute priority from Day 1, not an afterthought.

A recent New York Times article brings the issue to the foreground again, through the work of Cesar Cerrudo, an Argentine security researcher and chief technology officer at IOActive Labs, who showed what happens when idiots (so sue me…) decide not to make security a priority:

” (he) demonstrated how 200,000 traffic control sensors installed in major hubs like Washington; New York; New Jersey; San Francisco; Seattle; Lyon, France; and Melbourne, Australia, were vulnerable to attack. Mr. Cerrudo showed how information coming from these sensors could be intercepted from 1,500 feet away — or even by drone — because one company had failed to encrypt its traffic.

“Just last Saturday, Mr. Cerrudo tested the same traffic sensors in San Francisco and found that, one year later, they were still not encrypted.”

Even worse, Cerrudo found the same failure to bake in obvious security measures such as encryption in a wide range of other smart city devices and software.

The article goes on to cite a variety of very real cybersecurity threats to cities and critical infrastructure (don’t forget that about 85% of the nation’s critical infrastructure is in private ownership) including a break-in at a utility’s control network by a “sophisticated threat actor” that just guessed a password.

Among the measures Cerrudo suggests that cities take to reduce their vulnerability:

  • think of cities “as vast attack surfaces that require security protection just as a corporate network might.”
  • encrypt data, use strong passwords, and patch security holes
  • create computer emergency response teams (CERTs), for rapid response
  • restrict data access and monitor who does have it.
  • “Finally, he suggests that cities prepare for the worst, as they would for a natural disaster.”

He concluded:

“When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated — that the systems can be easily hacked and there are security problems everywhere — that is when smart cities become dumb cities.” (my emphasis)

Let me be blunt about it: whether in smart cities or any other aspect of the Internet of Things, if your attitude is “we’ll get around to security” after concentrating on product development, you’re irresponsible and deserve to fail — before your irresponsibility harms others.

BTW, here’s a great way for you to have a role in shaping tomorrow’s smart cities. IBM (who would have thunk it?  I suspect this is reflects Ginni Rometty’s change in direction and attitude at the top) has created People for Smarter Cities, a new site to crowdsource ideas for how to make cities smarter. It’s a great example of democratizing innovation, one of my IoT Essential Truths. I plan to contribute and hope you will as well!

comments: Comments Off on Smart Cities: opportunity … and danger if security isn’t a priority tags: , , , , ,

Virtual Sensor Networks: a key #IoT tool?

Posted on 7th May 2015 in collaboration, data, Essential Truths, Internet of Things, M2M, management, privacy, security, smart cities

I was once again honored to be a guest on Coffee Break With Game Changers Radio today with David Jonker and Ira Berk of SAP — it’s always a delight to have a dialogue on the Internet of Things with these two brainy guys (and hats off as well to moderator/host Bonnie Graham!).

Toward the end of the show, Ira brought up a concept that was new to me: virtual sensor networks.

I’ve got sensors on the brain right now, because I’m frankly worried that sensors that don’t have adequate baked-in security and privacy protections and which can’t be ungraded as new opportunities and threats present themselves may be a threat to the IoT because they typically remain in use for so many years. Ah, but that’s a topic for another post.

According to Wikipedia, Virtual sensor networks are an:

“… emerging form of collaborative wireless sensor networks. In contrast to early wireless sensor networks that were dedicated to a specific application (e.g., target tracking), VSNs enable multi-purpose, collaborative, and resource efficient WSNs. The key idea difference of VSNs is the collaboration and resource sharing….
“… A VSN can be formed by providing logical connectivity among collaborative sensors. Nodes can be grouped into different VSNs based on the phenomenon they track (e.g., rock slides vs. animal crossing) or the task they perform. VSNs are expected to provide the protocol support for formation, usage, adaptation, and maintenance of subset of sensors collaborating on a specific task(s). Even the nodes that do not sense the particular event/phenomenon could be part of a VSN as far as they are willing to allow sensing nodes to communicate through them. Thus, VSNs make use of intermediate nodes, networks, or other VSNs to efficiently deliver messages across members of a VSN.”

Makes sense to me: collaboration is a critical basic component of the human aspect of the IoT (one of my IoT “Essential Truths), so why shouldn’t that extend to the mechanics as well?). If you have a variety of sensors already deployed in a given area, why should you have to deploy a whole new set of single-purpose ones to monitor a different condition if data could be synthesized from the existing sensors to effectively yield the same needed information?

2008 article on the concept said the virtual sensor networks are particularly relevant to three categories where data is* needed:

“Firstly, VSNs are useful in geographically overlapped applications, e.g., monitoring rockslides and animal crossing within a mountainous terrain. Different types of devices that detect these phenomena can relay each other for data transfer without having to deploy separate networks (Fig. 1). Secondly, VSNs are useful in logically separating multipurpose sensor networks, e.g., smart neighborhood systems with multifunctional sensor nodes. Thirdly, VSNs can be used to enhance efficiency of systems that track dynamic phenomena such as subsurface chemical plumes that migrate, split, or merge. Such networks may involve dynamically varying subsets of sensors.”

That article went on to propose a flexible, self-organizing “cluster-tree” approach to create the VSN, using tracking of a pollution plume as an example:

“…  a subset of nodes organizes themselves to form a VSN to track a specific plume. Whenever a node detects a relevant event for the first time it sends a message towards the root of the cluster tree indicating that it is aware of the phenomenon and wants to collaborate with similar nodes. The node may join an existing VSN or makes it possible for other nodes that wish to form a VSN, to find it. Use of a cluster tree or a similar structure guarantees that two or more nodes observing the same phenomenon will discover each other. Simulation based results show that our approach is more efficient and reliable than Rumor Routing and is able to combine all the nodes that collaborate on a specific task into a VSN.”

I suspect the virtual sensor network concept will become particularly widespread as part of “smart city” deployments: cash-strapped municipalities will want to get as much bang for the buck possible from already-deployed sensors, without having to install new ones. Bet my friends in Spain at Libellium will be in the forefront of this movement!

Thanks, Ira!

*BTW: if any members of the Grammar Police are lurking out there (I’m a retired lt. colonel of the Mass. State Grammar Police myself), you may take umbrage at “data is.”  Strictly speaking, the proper usage in the past has been “data are,” but the alternative is becoming so widespread that it’s becoming acceptable usage. So sue me…

 

comments: Comments Off on Virtual Sensor Networks: a key #IoT tool? tags: , , , ,

The Internet of Things’ Essential Truths

Posted on 17th March 2015 in collaboration, communication, data, Essential Truths, Internet of Things, M2M, management, manufacturing, marketing, open data, paradigm shift, privacy, security, strategy, supply chain

I’ve been writing about what I call the Internet of Things’ “Essential Truths” for three years now, and decided the time was long overview to codify them and present them in a single post to make them easy to refer to.

As I’ve said, the IoT really will bring about a total paradigm shift, because, for the the first time, it will be possible for everyone who needs it to share real-time information instantly. That really does change everything, obliterating the “Collective Blindness” that has hampered both daily operations and long-term strategy in the past. As a result, we must rethink a wide range of management shibboleths (OK, OK, that was gratuitous, but I’ve always wanted to use the word, and it seemed relevant here, LOL):

  1. First, we must share data. Tesla leads the way with its patent sharing. In the past, proprietary knowledge led to wealth: your win was my loss. Now, we must automatically ask “who else can use this information?” and, even in the case of competitors, “can we mutually profit from sharing this information?” Closed systems and proprietary standards are the biggest obstacle to the IoT.
  2. Second, we must use the Internet of Things to empower workers. With the IoT, it is technically possible for everyone who could do their job better because of access to real-time information to share it instantly, so management must begin with a new premise: information should be shared with the entire workforce. Limiting access must be justified.
  3. Third, we must close the loop. We must redesign our data management processes to capitalize on new information, creating continuous feedback loops.
  4. Fourth, we must rethink products’ roles. Rolls-Royce jet engines feed back a constant stream of real-time data on their operations. Real-time field data lets companies have a sustained dialogue with products and their customers, increasingly allowing them to market products as services, with benefits including new revenue streams.
  5. Fifth, we must develop new skills to listen to products and understand their signals. IBM scientists and medical experts jointly analyzed data from sick preemies’ bassinettes & realized they could diagnose infections a day before there was any visible sign. It’s not enough to have vast data streams: we need to understand them.
  6. Sixth, we must democratize innovation. The wildly-popular IFTTT web site allows anyone to create new “recipes” to exploit unforeseen aspects of IoT products – and doesn’t require any tech skills to use. By sharing IoT data, we empower everyone who has access to develop new ways to capitalize on that data, speading the IoT’s development.
  7. Seventh, and perhaps most important, we must take privacy and security seriously. What responsible parent would put an IoT baby monitor in their baby’s room after the highly-publicized incident when a hacker exploited the manufacturer’s disregard for privacy and spewed a string of obscenities at the baby? Unless everyone in the field takes privacy and security seriously, the public may lose faith in the IoT.

There you have ’em: my best analysis of how the Internet of Things will require a revolution not just in technology, but also management strategy and practices. What do you think?

comments: 3 » tags: , , , , , , ,

Apple ResearchKit will launch medical research paradigm shift to crowd-sourcing

Posted on 11th March 2015 in aging, collaboration, data, Essential Truths, health, Internet of Things, m-health, open data, paradigm shift, privacy, Quantified Self, security, seniors, SmartAging

Amidst the hoopla about the new MacBook and much-anticipated Apple Watch, Apple snuck something into Monday’s event that blew me away (obligatory disclaimer: I work part-time at The Apple Store, but the opinions expressed here are mine).

My Heart Counts app

Four years after I proselytized about the virtues of democratizing data in my Data Dynamite: how liberating data will transform our world book (BTW: pardon the hubris, but I still think it’s the best thing out there about the attitudinal shift needed to capitalize on sharing data), I was so excited to learn about the new ResearchKit.

Tag line? “Now everybody can do their part to advance medical research.”

The other new announcements might improve your quality of life. This one might save it!

As Senior VP of Operations Jeff Williams said in announcing the kit,  the process of medical research ” ..hasn’t changed in decades.” That’s not really true: as I wrote in my book, the Quantified Self movement has been sharing data for several years, as well as groups such as CureTogether and PatientsLikeMe. However, what is definitely true is that no one has harnessed the incredible power of the smartphone for this common goal until now, and that’s really incredible. It’s a great example of my IoT Essential Truth of asking “who else could use this data?

A range of factors cast a pall over traditional medical research.

Researchers have had to cast a broad net even to get 50-100 volunteers for a clinical trial (and may have to pay them, to boot, placing the results validity when applied to the general population in doubt).  The data has often been subjective (in the example Williams mentioned, Parkinson’s patients are classified by a doctor simply on the basis of walking a few feet). Also, communication about the project has been almost exclusively one way, from the researcher to the patient, and limited, at best.

What if, instead, you just had to turn on your phone and open a simple app to participate? As the website says, “Each one [smartphone] is equipped with powerful processors and advanced sensors that can track movement, take measurements, and record information — functions that are perfect for medical studies.” Suddenly research can be worldwide, and involve millions of diverse participants, increasing the data’s amount and validity (There’s a crowdsourcing research precedent: lot of us have been participating in scientific crowdsourcing for almost 20 years, by installing the SETI@Home software that runs in the background on our computers, analyzing data from deep space to see if ET is trying to check in)!

Polymath/medical data guru John Halamka, MD wrote me that:

“Enabling patients to donate data for clinical research will accelerate the ‘learning healthcare system’ envisioned by the Institute of Medicine.   I look forward to testing out Research Kit myself!”

The new apps developed using ResearchKit harvest information from the Health app that Apple introduced as part of iOS8. According to Apple:

“When granted permission by the user, apps can access data from the Health app such as weight, blood pressure, glucose levels and asthma inhaler use, which are measured by third-party devices and apps…. ResearchKit can also request from a user, access to the accelerometer, microphone, gyroscope and GPS sensors in iPhone to gain insight into a patient’s gait, motor impairment, fitness, speech and memory.

Apple announced that it has already collaborated with some of the world’s most prestigious medical institutions, including Mass General, Dana-Farber, Stanford Medical, Cornell and many others, to develop apps using ResearchKit. The first five apps target asthma, breast cancer, cardiovascular disease, diabetes and Parkinson’s disease.  My favorite, because it affects the largest number of people, is the My Heart Counts one. It uses the iPhone’s built-in motion sensors to track participants’ activity, collecting data during a 6-minute walk test from those who are able to walk that long. If participants also have a wearable activity device connecting with the Health app (aside: still don’t know why my Jawbone UP data doesn’t flow to the Health app, even though I made the link) , they are encouraged to use that as well. Participants will also enter data about their heart disease risk factors and their lab tests readings to get feedback on their chances of developing heart disease and their “heart age.” Imagine the treasure trove of cardiac data it will yield!

 A critical aspect of why I think ResearchKit will be have a significant impact is that Apple decided t0 make it open source, so that anyone can tinker with the code and improve it (aside: has Apple EVER made ANYTHING open source? Doubt it! That alone is noteworthy).  Also, it’s important to note, in light of the extreme sensitivity of any personal health data, that Apple guarantees that it will not have access to any of the personal data.

Because of my preoccupation with “Smart Aging,” I’m really interested in whether any researchers will specifically target seniors with ResearchKit apps. I’ll be watching carefully when the Apple Watch comes out April 24th to see if seniors buy them (not terribly optimistic, I must admit, because of both the cost and the large number of seniors I help at The Apple Store who are befuddled by even Apple’s user-friendly technology) because the watch is a familiar form factor for them (I haven’t worn a watch since I got my first cell phone, and most young people I know have never had one) and might be willing to use them to participate in these projects.

N0w, if you’ll excuse me, I just downloaded the My Heart Counts app, and must find out my “heart age!”

 

Doh!  Just after I posted this, I saw a really important post on Ars Technica pointing out that this brave new world of medical research won’t go anywhere unless the FDA approves:

“As much as Silicon Valley likes to think of itself as a force for good, disrupting this and pivoting that, it sometimes forgets that there’s a wider world out there. And when it comes to using devices in the practice of medicine, that world contains three very important letters: FDA. That’s right, the US Food and Drug Administration, which Congress has empowered to regulate the marketing and research uses of medical devices.

“Oddly, not once in any of the announcement of ResearchKit did we see mention of premarket approval, 510k submission, or even investigational device exemptions. Which is odd, because several of the uses touted in the announcement aren’t going to be possible without getting the FDA to say yes.”

I remember reading that Apple had reached out to the FDA during development of the Apple Watch, so I’m sure none of this comes as a surprise to them, and any medical researcher worth his or her salt is also aware of that factor. However, the FDA is definitely going to have a role in this issue going forward, and that’s as it should be — as I’ve said before, with any aspect of the IoT, privacy and security is Job One.

 

 

comments: 1 » tags: , , , , , , ,

FTC report provides good checklist to design in IoT security and privacy

Posted on 7th March 2015 in automotive, data, government, health, home automation, Internet of Things, m-health, M2M, marketing, mobile, open data, privacy, Quantified Self, real-time regulation, security, smart home, strategy, US government, wearables
FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

comments: Comments Off on FTC report provides good checklist to design in IoT security and privacy tags: , , , ,

IBM picks for IoT trends to watch this year emphasize privacy & security

Posted on 23rd February 2015 in collaboration, data, Internet of Things, M2M, management, privacy, security, strategy, Uncategorized

Last month Bill Chamberlin, the principal analyst for Emerging Tech Trends and Horizon Watch Community Leader for IBM Market Development (hmmm, must have an oversized biz card..) published a list of 20 IoT trends to watch this year that I think provide a pretty good checklist for evaluating what promises to be an important period in which the IoT becomes more mainstream.

It’s interesting to me, especially in light of my recent focus on the topics (and I’ll blog on the recent FTC report on the issue in several days), that he put privacy and security number one on the list, commenting that “Trust and authentication become critical across all elements of the IoT, including devices, the networks, the cloud and software apps.” Amen.

Most of the rest of the list was no surprise, with standards, hardware, software, and edge analytics rounding out the top five (even though it hasn’t gotten a lot of attention, I agree edge analytics are going to be crucial as the volume of sensor data increases dramatically: why pass along the vast majority of data, that is probably redundant, to the cloud, vs. just what’s a deviation from the norm and probably more important?).

Two dealing with sensors did strike my eye:

9.  Sensor fusion: Combining data from different sources can improve accuracy. Data from two sensors is better than data from one. Data from lots of sensors is even better.

10.  Sensor hubs: Developers will increasingly experiment with sensor hubs for IoT devices, which will be used to offload tasks from the application processor, cutting down on power consumption and improving battery life in the devices”

Both make a lot of sense.

One was particularly noteworthy in light of my last post, about the Gartner survey showing most companies were ill-prepared to plan and launch IoT strategies: “14.  Chief IoT Officer: Expect more senior level execs to be put in place to build the enterprise-wide IoT strategy.” Couldn’t agree more that this is vital!

Check out the whole list: I think you’ll find it helpful in tracking this year’s major IoT developments.

comments: Comments Off on IBM picks for IoT trends to watch this year emphasize privacy & security tags: , , , , , , , , ,

The #IoT Can Kill You! Got Your Attention? Car Security a Must

Posted on 11th February 2015 in automotive, data, government, Internet of Things, M2M, marketing, mobile, privacy, security, transportation, US government

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.

PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

comments: 8 » tags: , , , , , , ,

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

Posted on 11th January 2015 in government, health, home automation, Internet of Things, marketing, privacy, security, smart home, strategy, wearables

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter Hayley Tsukayama  concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!

Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!

comments: 2 » tags: , , , , ,

IoT Security After “The Interview”

Posted on 22nd December 2014 in defense, Internet of Things, M2M, management, privacy, security, US government

Call me an alarmist, but in the wake of the “Interview” catastrophe (that’s how I see it in terms of both the First Amendment AND asymmetrical cyberwarfare), I see this as a clarion call to the #IoT industry to redouble efforts to make both security AND privacy Job #1.

Here’s the deal: if we want to enhance more and more parts of governmental, commercial, and private lives by clever IoT devices and apps to control them, then there’s an undeniable quid pro quo: we MUST make these devices and apps as secure as possible.

I remember some bright young entrepreneurs speaking at a recent wearables conference, where they apologized for not having put attention on privacy and security yet, saying they’d get to it early next year.

Nope.

Unacceptable.

Security must be built in from the beginning, and constantly upgraded as new threats emerge.  I used to be a corporate crisis manager, and one of the things that was so hard to convince left-brained, extremely rational engineers about was that just because fears were irrational didn’t mean they weren’t real — even the perception of insecure IoT devices and apps has the potential to kill the whole industry, or, as Vanity Fair‘s apocalyptic “Look Out, He’s Got a Phone” article documented, it could literally kill us. As in deader than a doornail.

This incident should have convinced us all that there are some truly evil people out there fixated on bringing us to our collective knees, and they have the tech savvy to do it, using tools such as Shodan. ‘Nuff said?

PS: Here’s what Mr. Cybersecurity, Bruce Schneier, has to say on the subject. Read carefully.

comments: Comments Off on IoT Security After “The Interview” tags: , , , ,
« Previous Next »
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management