5G Raises the Stakes for IoT Security

Last week’s international political news was a dramatic reminder of how inextricably linked technology progress (in this case, 5G infrastructure) and high-stakes global intrigue and even warfare have become.

The speed-up in deployment of 5G networks in the US and worldwide can both dramatically increase the IoT’s benefits (with reduced latency we’ll get a significant increase in the volume of rich, near-real-time data, allowing autonomous vehicles and other hard-to-imagine advances) but also the dangers (the possibility of China, Russia or someone else launching a cyber attack through a “back door” that could cripple our critical infrastructure). That puts the IoT right in the middle of a very tense global diplomatic and technical battle, with the outcome potentially having a big impact on the IoT’s near-term growth.

The US government’s indictment of Huawei (coming on the heels of an as-yet un-corroborated Bloomberg story that Huawei had planted chips in Apple and Amazon devices that would allow “back-door” attacks not just on the devices but on overall networks) plus a little-noticed story about yet another Chinese manufacturer of cheap IoT devices that could let a bad actor install malware in its firmware are just the latest reminders that IoT privacy and security must be designed in from the beginning, using what the EU calls “privacy by design.”

Don’t forget that we’ve already had a very real preview of exactly how dangerous this can be:  the 2016 DDoS attack on Internet infrastructure company Dyn that used IoS devices with inadequate protections as its the Trojan horses to launch the attack. Much of the Internet was crippled for several hours.

It also means, as I wrote in The Future Is Smart and elsewhere that it’s not enough to design in privacy protections into your own products and services: if the public and companies lose confidence in the IoT because of an attack aimed at anyone, even the irresponsible companies that don’t worry about security, I learned during my years doing corporate crisis management that there’s an irrational but nonetheless compelling guilt-by-association phenomenon that can destroy confidence in all IoT. Is that fair? No, but that doesn’t mean it’s any less of a reality. That’s why it’s critical that you take an active role in both supporting enlightened federal policy on both 5G infrastructure and IoT regulation, especially privacy and security regulations that are performance-based, rather than descriptive (which might restrict innovation), as well as joining industry organizations working on the privacy and security issues, such as the IMC, Internet of Things Association, and IMC.

In The Future Is Smart I wrote that, counterintuitively, privacy and security can’t be bolted on after you’ve done the sexy part of designing cool new features for your IoT device or service. This news makes that even more the case. What’s required is a mind-set in which you think of privacy and security from the very beginning and then visualize the process after its initial sale as cyclical and never-ending: you must constantly monitor emerging threats and then upgrade firmware and software protections.

 

 

 

Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels

Right after I submitted my final manuscript for The Future is Smart I had a chance to spend an hour with old friend Jason Daniels (we collaborated on a series of “21st Century Homeland Security Tips You Won’t Hear From Officials” videos back when I was a homeland security theorist) on his “Studio @ 50 Oliver” podcast.

We covered just about every topic I hit in the book, with a heavy emphasis on the attitude shifts (“IoT Essential Truths” needed to really capitalize on the IoT and the bleeding-edge concept I introduce at the end of the book, the “Circular Corporation,” with departments and individuals (even including your supply chain, distribution network and customers, if you choose) in a continuous, circular management style revolving around a shared real-time IoT hub.  Hope you’ll enjoy it!

comments: Comments Off on Great Podcast Discussion of #IoT Strategy With Old Friend Jason Daniels tags: , , , , , ,

IoT Design Manifesto 1.0: great starting point for your IoT strategy & products!

Late in the process of writing my forthcoming IoT strategy book, The Future Is Smart, I happened on the “IoT Design Manifesto 1.0” site. I wish I’d found it earlier so I could have featured it more prominently in the book.

The reason is that the manifesto is the product (bear in mind that the original team of participants designed it to be dynamic and iterative, so it will doubtlessly change over time) of a collaborative process involving both product designers and IoT thought leaders such as the great Rob van Kranenburg. As I’ve written ad nauseam, I think of the IoT as inherently collaborative, since sharing data rather than hoarding it can lead to synergistic benefits, and collaborative approaches such as smart cities get their strength from an evolving mishmash of individual actions that gets progressively more valuable.

From the names, I suspect most of the Manifesto’s authors are European. That’s important, since Europeans seem to be more concerned, on the whole, about IoT privacy and security than their American counterparts, witness the EU-driven “privacy by design” concept, which makes privacy a priority from the beginning of the design process.

At any rate, I was impressed that the manifesto combines both philosophical and economic priorities, and does so in a way that should maximize the benefits and minimize the problems.

I’m going to take the liberty of including the entire manifesto, with my side comments:

  1. WE DON’T BELIEVE THE HYPE. We pledge to be skeptical of the cult of the new — just slapping the Internet onto a product isn’t the answer, Monetizing only through connectivity rarely guarantees sustainable commercial success.
    (Comment: this is like my “just because you can do it doesn’t mean you should” warning: if making a product “smart” doesn’t add real value, why do it?)*
  2. WE DESIGN USEFUL THINGS. Value comes from products that are purposeful. Our commitment is to design products that have a meaningful impact on people’s lives; IoT technologies are merely tools to enable that.
    (Comment: see number 1!)
  3. “WE AIM FOR THE WIN-WIN-WIN. A complex web of stakeholders is forming around IoT products: from users, to businesses, and everyone in between. We design so that there is a win for everybody in this elaborate exchange.
    (Comment:This is a big one in my mind, and relates to my IoT Essential Truth #2 — share data, don’t hoard it — when you share IoT data, even with competitors in some cases [think of IFTTT “recipes”] — you can create services that benefit customers, companies, and even the greater good, such as reducing global warming).
  4. WE KEEP EVERYONE AND EVERYTHING SECURE. With connectivity comes the potential for external security threats executed through the product itself, which comes with serious consequences. We are committed to protecting our users from these dangers, whatever they may be.
    (Comment: Amen! as I’ve written ad nauseum, protecting privacy and security must be THE highest IoT priority — see next post below!).
  5. WE BUILD AND PROMOTE A CULTURE OF PRIVACY. Equally severe threats can also come from within. Trust is violated when personal  information gathered by the product is handled carelessly. We build and promote a culture of integrity where the norm is to handle data with care.
    (Comment:See 4!).
  6. WE ARE DELIBERATE ABOUT WHAT DATA WE COLLECT. This is not the business of hoarding data; we only collect data that serves the utility of the product and service. Therefore, identifying what those data points are must be conscientious and deliberate.
    (Comment: this is a delicate issue, because you may find data that wasn’t originally valuable becomes so as new correlations and links are established. However, just collecting data willy-nilly and depositing it in an unstructured “data lake” for possible use later is asking for trouble if your security is breeched.).
  7. WE MAKE THE PARTIES ASSOCIATED WITH AN IOT PRODUCT EXPLICIT. IoT products are uniquely connected, making the flow of information among stakeholders open and fluid. This results in a complex, ambiguous, and invisible network. Our responsibility is to make the dynamics among those parties more visible and understandable to everyone.
    (Comment: see what I wrote in the last post, where I recommended companies spell out their privacy and usage policies in plain language and completely).
  8. WE EMPOWER USERS TO BE THE MASTERS OF THEIR OWN DOMAIN. Users often do not have control over their role within the network of stakeholders surrounding an IoT product. We believe that users should be empowered to set the boundaries of how their data is accessed and how they are engaged with via the product.
    (Comment: consistent with prior points, make sure that any permissions are explicit and  opt-in rather than opt-out to protect users — and yourself (rather avoid lawsuits? Thought so…)
  9. WE DESIGN THINGS FOR THEIR LIFETIME. Currently physical products and digital services tend to be built to have different lifespans. In an IoT product features are codependent, so lifespans need to be aligned. We design products and their services to be bound as a single, durable entity.
    (Comment: consistent with the emerging circular economy concept, this can be a win-win-win for you, your customer and the environment. Products that don’t become obsolete quickly but can be upgraded either by hardware or software will delight customers and build their loyalty [remember that if you continue to meet their needs and desires, there’s less incentive for customers to check out competitors and possibly be wooed away!). Products that you enhance over time and particularly those you market as services instead of sell will also stay out of landfills and reduce your pduction costs.
  10. IN THE END, WE ARE HUMAN BEINGS. Design is an impactful act. With our work, we have the power to affect relationships between people and technology, as well as among people.  We don’t use this influence to only make profits or create robot overlords; instead, it is our responsibility to use design to help people, communities, and societies  thrive.
    Comment: yea designers!!)

I’ve personally signed onto the Manifesto, and do hope to contribute in the future (would like something explicit about the environment in it, but who knows) and urge you to do the same. More important, why start from scratch to come up with your own product design guidelines, when you can capitalize on the hard work that’s gone into the Manifesto as a starting point and modify it for your own unique needs?


*BTW: I was contemptuous of the first IoT electric toothbrush I wrote about, but since talked to a leader in the field who convinced me that it could actually revolutionize the practice of dentistry for the better by providing objective proof that  patient had brushed frequently and correctly. My bad!

comments: Comments Off on IoT Design Manifesto 1.0: great starting point for your IoT strategy & products! tags: , , , , ,

Liveblogging from Internet of Things Global Summit

Critical Infrastructure and IoT

Robert Metzger, Shareholder, Rogers Joseph O’Donnell 

  • a variety of constraints to direct government involvement in IoT
  • regulators: doesn’t trust private sector to do enough, but regulation tends to be prescriptive.
  • NIST can play critical role: standards and best practices, esp. on privacy and security.
  • Comparatively, any company knows more about potential and liabilities of IoT than any government body. Can lead to bewildering array of IoT regulations that can hamper the problem.
  • Business model problem: security expensive, may require more power, add less functionality, all of which run against incentive to get the service out at lowest price. Need selective regulation and minimum standards. Government should require minimum standards as part of its procurement. Government rarely willing to pay for this.
  • Pending US regulation shows constant tension between regulation and innovation.

             2017 IoT Summit

Gary Butler, CEO, Camgian 

  • Utah cities network embedding sensors.
  • Scalability and flexibility needed. Must be able to interface with constantly improving sensors.
  • Expensive to retrofit sensors on infrastructure.
  • From physical security perspective: cameras, etc. to provide real-time situational awareness. Beyond human surveillance. Add AI to augment human surveillance.
  • “Dealing with ‘data deluge.'”  Example of proliferation of drones. NIST might help with developing standards for this.
  • Battery systems: reducing power consumption & creating energy-dense batteries. Government could help. Government could also be a leader in adoption.

 

Cyber-Criminality, Security and Risk in an IoT World

John Carlin, Chair, Cybersecurity & Technology Program, Aspen Institute

  • Social media involved in most cyberwar attacks & most perps under 21.  They become linked solely by social media.
  • offensive threats far outstrip defenses when it comes to data
  • now we’re connecting billions of things, very vulnerable. Add in driverless cars & threat even greater. Examples: non-encrypted data from pacemakers, and the WIRED Jeep demo.

Belisario Contreras, Cyber Security Program Manager, Organization of American States

  • must think globally.
  • criminals have all the time to prepare, we must respond within minutes.
  • comprehensive approach: broad policy framework in 6 Latin American countries.

Samia Melhem, Global Lead, Digital Development, World Bank

  • projects: she works on telecommunications and transportation investing in government infrastructure in these areas. Most of these governments have been handicapped by lack of funding. Need expert data integrators. Integrating cybersecurity.

Stephen Pattison, VP Public Affairs, ARM

  • (yikes, never thought about this!) cyberterrorist hacks self-driving car & drives it into a crowds.
  • many cyber-engineers who might go to dark side — why hasn’t this been studied?
  • could we get to point where IoT-devices are certified secure (but threats continually evolve. Upgradeability is critical.
  • do we need a whistleblower protection?
  • “big data starts with little data”

Session 4: Key Policy Considerations for Building the Cars of Tomorrow – What do Industry Stakeholders Want from Policymakers?

Ken DiPrima, AVP New Product Development, IoT Solutions, AT&T

  • 4-level security approach: emphasis on end-point, locked-down connectivity through SIM, application level …
  • deep in 5-G: how do you leverage it, esp. for cars?
  • connecting 25+ of auto OEMs. Lot of trials.

Rob Yates, Co-President, Lemay Yates Associates

  • massive increase in connectivity. What do you do with all the data? Will require massive infrastructure increase.

Michelle Avary, Executive Board, FASTR, VP Automotive, Aeris

  • about 1 Gig of data per car with present cars. Up to 30 with a lot of streaming.
  • don’t need connectivity for self-driving car: but why not have connectivity? Also important f0r the vehicle to know and communicate its physical state. Machine learning needs data to progress.
  • people won’t buy vehicles when they are really autonomous — economics won’t support it, will move to mobility as a service.

Paul Scullion, Senior Manager, Vehicle Safety and Connected Automation, Global Automakers

  • emphasis on connected cars, how it might affect ownership patterns.
  • regulatory process slow, but a lot of action on state level. “fear and uncertainty” on state level. Balance of safety and innovation.

Steven Bayless, Regulatory Affairs & Public Policy, Intelligent Transportation Society of America

  • issues: for example, can you get traffic signals to change based on data from cars?
  • car industry doesn’t have lot of experience with collaborative issues.

How Are Smart Cities Being Developed and Leveraged for the Citizen?

Sokwoo Rhee, Associate Director of Cyber-Physical Systems Program, National Institute of Standards and Technology (NIST)

  • NIST GCTC Approach: Smart and Secure Cities. Partnered with Homeland Security to bring in cybersecurity & privacy at the basis of smart city efforts “Smart and Secure Cities and Communities Challenge”

Bob Bennett, Chief Innovation Officer, City of Kansas, MO

  • fusing “silos of awesomeness.”
  • 85% of data you need for smart cities already available.
  • “don’t blow up silos, just put windows on them.”
  • downtown is 53 smartest blocks in US
  • can now do predictive maintenance on roads
  • Prospect Ave.: neighborhood with worst problems. Major priority.
  • great program involving multiple data sources, to predict and take care of potholes — not only predictive maintenance but also use a new pothole mix that can last 12 years 
  • 122 common factors all cities doing smart cities look at!
  • cities have money for all sorts of previously allocated issues — need to get the city manager, not mayor, to deal with it
  • privacy and security: their private-sector partner has great resoures, complemented by the city’s own staff.

Mike Zeto, AVP General Manager, IoT Solutions, AT&T

  • THE AT&T Smart Cities guy. 
  • creating services to facilitate smart cities.
  • energy and utilities are major focus in scaling smart cities, including capital funding. AT&T Digital Infrastructure (done with GE) “iPhone for cities.”
  • work in Miami-Dade that improved public safety, especially in public housing. Similar project in Atlanta.
  • privacy and security: their resources in both have been one of their strengths from the beginning.

Greg Toth, Founder, Internet of Things DC

  • security issues as big as ever
  • smart city collaboration booming
  • smart home stagnating because early adopter boom over, value not sure
  • Quantified-Self devices not really taking hold (yours truly was one of very few attendees who said they were still using their devices — you’d have to tear my Apple Watch off).
  • community involvement greater than ever
  • looming problem of maintaining network of sensors as they age
  • privacy & security: privacy and security aren’t top priorities for most startups.

DAY TWO:

IoT TECH TALKS

  • Dominik Schiener, Co-Founder , IOTA speaking on blockchain
    • working with IoT version of blockchain for IoT — big feature is it is scaleable
    • why do we need it?  Data sets shared among all parties. Each can verify the datasets of other participants. Datasets that have been tampered are excluded.
    • Creates immutable single source of truth.
    • It also facilitates payments, esp. micropayments (even machine to machine)
    • Allows smart contracts. Fully transparent. Smart and trustless escrow.
    • Facilitates “machine economy”
    • Toward “smart decentralization”
    • Use cases:
      • secure car data — VW. Can’t be faked.
      • Pan-European charging stations for EVs. “Give machines wallets”
      • Supply chain tracking — probably 1st area to really adopt blockchain
      • Data marketplace — buy and sell data securely (consumers can become pro-sumers, selling their personal data).
      • audit trail. https://audit-trail.tangle.works
  • DJ Saul, CMO & Managing Director, iStrategyLabs IoT, AI and Augmented Reality
    • focusing on marketing uses.

Raising the bar for federal IoT Security – ‘The Internet of Things Cybersecurity Improvement Act’

  • Jim Langevin, Congressman, US House of Representatives
    • very real threat with IoT
    • technology outpacing the law
    • far too many manufacturers don’t make security a priority. Are customers aware?
    • consumers have right to know about protections (or lack thereof)
    • “failure is not an option”
    • need rigorous testing
  • Beau Woods, Deputy Director, Cyber Statecraft Initiative, Atlantic Council
    • intersection of cybersecurity & human condition
    • dependence on connected devices growing faster than our ability to regulate it
    • UL developing certification for medical devices
    • traceability for car parts
  • John Marinho, Vice President Cybersecurity and Technology, CTIA
    • industry constantly evolving global standards — US can’t be isolated.
    • cybersecurity with IoT must be 24/7. CTIA created an IoT working group, meets every two weeks online.
    • believe in public/private partnerships, rather than just regulatory.

Session 9: Meeting the Short and Long-Term Connectivity Requirements of IoT – Approaches and Technologies

  •  Andreas Geiss, Head of Unit ‘Spectrum Policy’, DG CONNECT, European Commission
    • freeing up a lot of spectrum, service neutral
    • unlicensed spectrum, esp. for short-range devices. New frequency bands. New medical device bands. 
    • trying to work with regulators globally to allow for globally-usable devices.
  • Geoff Mulligan, Chairman, LoRa Alliance; Former Presidential Innovation Fellow, The White House
    • wireless tradeoffs: choose two — low power/long distance/high speed.
    • not licensed vs. unlicensed spectrum. Mix of many options, based on open standards, all based on TCP/IP
    • LPWANs:
      • low power wide area networks
      • battery operated
      • long range
      • low cost
      • couple well with satellite networks
    • LoRaWAN
      • LPWAN based on LoRa Radio
      • unlicensed band
      • open standards base
      • openly available
      • open business model
      • low capex and opex could covered entire country for $120M in South Korea
      • IoT is evolutionary, not revolutionary — don’t want to separate it from other aspects of Internet
  • Jeffrey Yan, Director, Technology Policy, Microsoft
    • at Microsoft they see it as critical for a wide range of global issues, including agriculture.
  • Charity Weeden, Senior Director of Policy, Satellite Industry Association
    • IoT critical during disasters
    • total architecture needs to be seamless, everywhere.
  • Andrew Hudson, Head of Technology Policy, GSMA
    • must have secure, scalable networks

Session 10: IoT Data-Ownership and Licencing – Who Owns the Data?

  • Stacey Gray, Policy Lead IoT, Future Privacy Forum 
    • consumer privacy right place to begin.
    • need “rights based” approach to IoT data
    • at this point, have to show y0u have been actually harmed by release of data before you can sue.
  • Patrick Parodi, Founder, The Wireless Registry
    • focus on identity
    • who owns SSID identities? How do you create an identity for things?
  • Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Federal Trade Commission 
    • cases involving lead generators for payday loan. Reselling personal financial info.
  • Susan Allen, Attorney-Advisor, Office of Policy and International Affairs, United States Patent & Trademark Office 
    • focusing on copyright.
    • stakeholders have different rights based on roles
  • Vince Jesaitis, Director, US Public Affairs, ARM
    • who owns data depends on what it is. Health data very tough standards. Financial data much more loose.
    • data shouldn’t be treated differently if it comes from a phone or a browser.
    • industrial side: autonomous vehicle data pretty well regulated.  Pending legislation dealing with smart cities emphasis open data.
comments: Comments Off on Liveblogging from Internet of Things Global Summit tags: , , , ,

A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging”

I’ve been giving a lot of thought recently about how my vision of I0T-based “SmartAging” through a combination of:

  • Quantified Self health apps and devices to improve seniors’ health and turn their health care into more of a partnership with their doctors
  • and smart home devices that would make it easier to manage their homes and “age in place” rather than being institutionalized

could meld with the exciting developments in smart city devices and strategy.  I believe the results could make seniors happier and healthier, reduce the burdens on city budgets of growing aging populations, and spur unprecedented creativity and innovation on these issues. Here’s my vision of how the two might come together. I’d welcome your thoughts on the concept!

 

A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging”

It’s clear business as usual in dealing with aging in America won’t work anymore.  10,000 baby boomers a day retire and draw Social Security. Between now and 2050, seniors will be the fastest growing segment of the population.  How can we stretch government programs and private resources so seniors won’t be sickly and live in abject poverty, yet millennials won’t be bankrupted either?

As someone in that category, this is of more than passing interest to me! 

I propose a new approach to aging in cities, marrying advanced but affordable personal technology, new ways of thinking about aging, and hybrid formal and ad hoc public-private partnerships, which can deal with at least part of the aging issue. Carving out some seniors from needing services through self-reliance and enhancing their well-being would allow focusing scarce resources on the most vulnerable remaining seniors. 

The approach is made possible not only by the plummeting cost and increasing power of personal technology but also the exciting new forms of collaboration it has made possible.

The proposal’s basis is the Internet of Things (IoT).  There is already a growing range of IoT wearable devices to track health indicators such as heart rates and promoting fitness activities, and IoT “smart home” devices controlling lighting, heat, and other systems. The framework visualized here would easily integrate these devices, but they can be expensive, so it is designed so seniors could benefit from the project without having to buy the dedicated devices.

This proposal does not attempt to be an all-encompassing solution to every issue of aging, but instead will create a robust, open platform that government agencies, companies, civic groups, and individuals can build upon to reduce burdens on individual seniors, improve their health and quality of life, and cut the cost of and need for some government services. Even better, the same platform and technologies can be used to enhance the lives of others throughout the life spectrum as well, increasing its value and versatility.

The proposal is for two complementary projects to create a basis for later, more ambitious one.

Each would be valuable in its own right and perhaps reach differing portions of the senior population. Combined, they would provide seniors and their families with a wealth of real-time information to improve health, mobility, and quality of life, while cutting their living costs and reducing social isolation.  The result would be a mutually-beneficial public-private partnerships and, one hopes, improve not only seniors’ lives, but also their feeling of connectedness to the broader community. Rather than treat seniors as passive recipients of services, it would empower them to be as self-reliant as possible given their varying circumstances. They would both be based on the Lifeline program in Massachusetts (and similar ones elsewhere) that give low-income residents basic Internet service at low cost.

Locally, Boston already has a record of achievement in internet-based services to connect seniors with others, starting with the simple and tremendously effective SnowCrew program that Joe Porcelli launched in the Jamaica Plain neighborhood. This later expanded nationwide into the NextDoor site and app, which could easily be used by participants in the program.

The first project would capitalize on the widespread popularity of the new digital “home assistants,” such as the Amazon Echo and Google Home.  One version of the Echo can be bought for as little as $49, with bulk buying also possible.  A critical advantage of these devices, rather than home monitoring devices specifically for seniors, is that they are mainstream, benefit from the “network effects” phenomenon that means each becomes more valuable as more are in use, and don’t stigmatize the users or shout I’M ELDERLY. A person who is in their 50s could buy one now, use it for routine household needs, and then add additional age-related functions (see below) as they age, amortizing the cost.

The most important thing to remember about these devices regarding aging is the fact that they are voice-activated, so they would be especially attractive to seniors who are tech-averse or simply unable to navigate complex devices. The user simply speaks a command to activate the device.

The Echo (one presumes a variation on the same theme will soon be the case with the “Home,” Apple’s forthcoming “Home Pod” and other devices that might enter the space in the future) gets its power from “skills,” or apps, that are developed by third-party developers. They give it the power, via voice, to deliver a wide range of content on every topic under the sun.  Several already released “skills” give an idea of how this might work:

  • Ask My Buddy helps users in an emergency. In an emergency, it can send phone calls or text messages to up to five contacts. A user would say, “Alexa, ask my buddy Bob to send help” and Bob would get an alert to check in on his friend.
  • Linked thermostats can raise or lower the temperature a precise amount, and lights can also be turned on or off or adjusted for specific needs.
  • Marvee can keep seniors in touch w/ their families and lessen social isolation.
  • The Fitbit skill allows the user who also has a Fitbit to trace their physical activity, encouraging fitness.

Again looking to Boston for precedent, related apps include the Children’s Hospital and Kids’ MD ones from Children’s Hospital. Imagine how helpful it could be if the gerontology departments of hospitals provided similar “skills” for seniors!

Most important to making this service work would be to capitalize on the growing number of city-based open-data programs that release a variety of important real-time data bases which independent developers mash up to create “skills”  such as real-time transit apps.  The author was a consultant to the District of Columbia in 2008 when it began this data-based “smart city” approach with the Apps for Democracy contest, which has spawned similar projects worldwide since then.  When real-time city data is released, the result is almost magic: individuals and groups see different value in the same data, and develop new services that use it in a variety of ways at no expense to taxpayers.

The key to this half of the pilot programs would be creating a working relationship with local Meetups such as those already created in various cities for Alexa programmers, which would facilitate the relationship) to stage one or more high-visibility hackathons. Programmers from major public and social service institutions serving seniors, colleges and universities, and others with an interest in the subject could come together to create “skills” based on the local public data feeds, to serve seniors’ needs, such as:

  • health
  • nutrition
  • mobility
  • city services
  • overcoming social isolation (one might ask how a technological program could help with this need. The City of Barcelona, generally acknowledged as the world’s “smartest” city, is circulating an RFP right now with that goal and already has a “smart” program for seniors who need immediate help to call for it) .

“Skills” are proliferating at a dizzying rate, and ones developed for one city can be easily adapted for localized use elsewhere.

Such a project would have no direct costs, but the city and/or a non-profit might negotiate lower bulk-buying rates for the devices, especially the l0wer price ($59 list) Amazon Dot, similar to the contract between the Japan Post Group, IBM, and Apple to buy 5 million iPads and equip them with senior-friendly apps from IBM which the Post Group would then furnish to Japanese seniors. Conceivably, the Dots bought this way might come preloaded with the localized and senior-friendly “skills.” 

The second component of a prototype SmartAging city program would make the wide range of local real-time location-based data available by various cities usable by cities joininh the 100+ cities worldwide who have joined the “Things Network” that create free citywide data networks specifically for Internet of Things use.

The concept uses technology called LoRaWAN: low-cost (the 10 units used in Amsterdam, each with a signal range of about 6 miles, only cost $12,000 total — much cheaper ones will be released soon), and were deployed and operative in less than a month!  The cost and difficulty of linking an entire city has plummeted as more cities join, and the global project is inherently collaborative.

With Things Network, entire cities would be converted into Internet of Things laboratories, empowering anyone (city agencies, companies, educational institutions, non-profits, individuals) to experiment with offering new services that would use the no-cost data sharing network.  In cities that already host Things Networks,  availability of the networks has spawned a wide range of novel local services.  For example, in Dunblane, Scotland, the team is developing a ThingsNetwork- based alarming system for people with dementia.  Even better, as the rapid spread of citywide open data programs and resulting open source apps to capitalize on them has illustrated, a neat app or service created in one city could easily be copied and enhanced elsewhere — virtuous imitation!

The critical component of the prototype programs would be to hold one or more hackathons once the network was in place.  The same range of participants would be invited, and since the Things Network could also serve a wide range of other public/private uses for all age groups and demographics, more developers and subject matter experts might participate in the hackathon, increasing the chances of more robust and multi-purpose applications resulting.

These citywide networks could eventually become the heart of ambitious two-way services for seniors based on real-time data, similar to those in Bolsano, Italy

The Internet of Things and smart cities will become widespread soon simply because of lowering costs and greater versatility, whether this prototype project for seniors happens or not. The suggestions above would make sure that the IoT serves the public interest by harnessing IoT data to improve seniors’ health, reduce their social isolation, and make them more self-sufficient. It will reduce the burden on traditional government services to seniors while unlocking creative new services we can’t even visualize today to enhance the aging process.

comments: Comments Off on A Vision for Dynamic and Lower-Cost Aging in Cities Through “SmartAging” tags: , , , , , , ,

#IoT Sensor Breakthroughs When Lives Are On the Line!

One of my unchanging principles is always to look to situations where there’s a lot at stake — especially human lives — for breakthroughs in difficult issues.

Exhibit A of this principle for the IoT is sensor design, where needing to frequently service or recharge critical sensors that detect battlefield conditions can put soldiers’ lives at stake (yes, as long-time readers know, this is particularly of interest to me because my Army officer son was wounded in Iraq).

FedTech reports encouraging research at DARPA on how to create sensors that have ultra-low power requirements, can lie dormant for long periods of time and yet are exquisitely sensitive to critical changes in conditions (such as vehicle or troop movements) that might put soldiers at risk in battlefield conditions.

The  N-ZERO (Near Zero RF and Power Operations)  program is a three-year initiative to create new, low-energy battlefield sensors, particularly for use at forward operating bases where conditions can change quickly and soldiers are constantly at risk — especially if they have to service the sensors:

“State-of-the-art military sensors rely on “active electronics” to detect vibration, light, sound or other signals for situational awareness and to inform tactical planning and action. That means the sensors constantly consume power, with much of that power spent processing what often turns out to be irrelevant data. This power consumption limits sensors’ useful lifetimes to a few weeks or months with even the best batteries and has slowed the development of new sensor technologies and capabilities. The chronic need to service or redeploy power-depleted sensors is not only costly and time-consuming but also increases warfighter exposure to danger.”

…. (the project has) the goal of developing the technological foundation for persistent, event-driven sensing capabilities in which the sensor can remain dormant, with near-zero power consumption, until awakened by an external trigger or stimulus. Examples of relevant stimuli are acoustic signatures of particular vehicle types or radio signatures of specific communications protocols. If successful, the program could extend the lifetime of remotely deployed communications and environmental sensors—also known as unattended ground sensors (UGS)—from weeks or months to years.”

A key goal is a 20-fold battery size reduction while still having the sensor last longer.

What cost-conscious pipeline operators, large ag business or “smart city” transportation director wouldn’t be interested in that kind of product as well?

According to Signal, the three-phase project is ahead of its targets. In the first part, which ended in December, the DARPA team created “zero-power receivers that can detect very weak signals — less than 70 decibel-milliwatt radio-frequency (RF) transmissions, a measure that is better than originally expected.” This is critical to the military (and would have huge benefits to business as well, since monitoring frequently must be 24/7 but reporting of background data  (vs. significant changes) would both deplete batteries while requiring processing of huge volumes of meaningless data). Accordingly, a key goal would be to create “… radio receivers that are continuously alert for friendly radio transmissions, but with near zero power consumption when transmissions are not present.” A target is  “exploitation of the energy in the signal signature itself to detect and discriminate the events of interest while rejecting noise and interference. This requires the development of passive or event-powered sensors and signal-processing circuitry. The successful development of these techniques and components could enable deployments of sensors that can remain “off” (that is, in a state that does not consume battery power), yet alert for detecting signatures of interest, resulting in greatly extended durations of operation.”

The “exploitation of .. energy in the signal signature itself sounds reminiscent of the University of Washington research I’ve reported in the past that would harness ambient back-scatter to allow battery-less wireless transmission, another key potential advance in IoT sensor networks.

The following phrases of N-ZERO will each take a year.

Let’s hope that the project is an overall success, and that the end products will also be commercialized. I’ve always felt sensor cost and power needs were potential IoT Achilles’ heels, so that would be a major boost!

comments: Comments Off on #IoT Sensor Breakthroughs When Lives Are On the Line! tags: , , , , ,

IoT: LiveBlogging PTC’s LiveWorx

Got here a little late for CEO Jim Heppelman’s keynote, so here goes!

  • Vuforia: digital twin gives you everything needed for merging digital “decorations” on the physical object
  • Unique perspective: AR takes digital back to the physical. Can understand & make better decisions.
  • Virtual reality would allow much of the same. Add in 3-D printing, etc.
  • “IoT is PLM.” Says PTC might be only company prepared to do both.
  • Says their logo captures the merger of digital and physical.
  • Case studies: they partnered with Bosch’s Rexroth division. Cytropac built-in IoT connectivity–  used Creo. Full life-cycle management. Can identify patterns of usage, etc. Using PTC’s analytics capacity, machine learning analysis. Want to improve cooling efficiency (it was high at first). Model-based digital twin to monitor product in field, then design an upgrade. How can they increase cooling efficiency 30%??  Came up with new design to optimize water channel that they will build in using 3-D printing. Cool (literally!). 43% increase in cooling efficiency. The design change results in new recommendation engine that helps in sales. Replaced operating manual with 3-D that anyone can understand. (BTW: very cool stagecraft: Heppelmann walks around stage interviewing the Rexroth design team at their workstations).
  • Ooh: getting citizen developers involved!!!  Speeds process, flexibility. App shows how products are actually operating in the field. Lets sales be much more proactive in field. Reinventing CRM.  May no longer need a physical showroom — just put on the AR headset.
  • Connectivity between all assets. The digital twin is identical, not fraternal. Brings AR into factory. They can merge new manufacturing equipment with legacy ones that didn’t have connectivity.  ABB has cloud-based retrofit sensors. Thingworx can connect almost anything, makes Industry 4.0 possible. Amazing demo of a simulated 3-D disassembly and replacement.
  • Hmmm — closing graphic of his preso is a constantly rotating circular one. Anticipating my “circular company” talk on Wednesday????

Closing the Loop With Enterprise Change Management. Lewis Lawrence of Weatherford, services to petroleum industry:

  • former engineer. In charge of Weatherford’s Windchill installation (they also use Creo).
  • hard hit by the drop in gas prices
  • constant state of flux
  • 15 years of constant evolution
  • their mantra: design anywhere, build anywhere.
  • enterprise change — not just engineering.
  • hmmm: according to his graphics, their whole change process is linear. IMHO, that’s obsolete in era of constant change: must evolve to cyclical. Ponderous process…
  • collect data: anything can be added, if it’s latest

The IoT Can Even Help You Breathe Better: GCE Group’s Zen-O portable oxygen concentrator for people with respiratory problems (not actually launched yet):

  • InVMA has built IoT application using ThingWorx to let patients, docs and service providers carefully monitor data
  • GCE made radical change from their traditional business in gas control devices. Zen-O is in the consumer markets. They were very interested in connected products — especially since their key competitor launched one!
  • Goals: predictive maintenance, improved patient care, asset management, development insight.
  • Design process very collaborative, with many partners.

The Digital Value Chain: GE’s Manufacturing Journey. Robert Ibe, global IT Engineering Leader at GE Industrial Solutions:

  • supports Brilliant Factory program.
  • they design and manufacture electrical distribution equipment, 30 factories worldwide.
  • “wing-to-wing” integrated process
  • had a highly complex, obsolete legacy
  • started in 2014: they were still running really old CAD technology. 14 CAD repositories that didn’t talk to each other. 15 year old PLM software. No confidence in any of data they had.
  • They began change with PLM — that’s where the digital thread begins.  PLM is foundation for their transformation.
  • PLM misunderstood: use it to map out cohesive, cross-functional, model-based strategy. Highlight relevance of “design anywhere — manufacture anywhere.” Make PLM master of your domain. Make it critical to commercial & manufacturing. Advertise benefits & value.
  • Whole strategy based on CAD. Windchill heart of the process.
  • Rate of implementation faster than business can keep up with!
  • Process: implementation approach:
    • design systems integration
    • model-based design
    • digital thread
    • manufacturing productivity.
  • common enterprise PLM framework
  • within Windchill, can see entire “digital bill of documents.”
  • focused on becoming critical for supply chain.
  • total shift from their paper-based legacy.
  • integrated regulatory compliance with every step of design.

It’s Not Your Grandmother’s IoT: Blockchain and IoT Morph Into An Emerging Technology Powerhouse:

  • Example of claims for fair-traded coffee that I’ve used in past

Finding Business Value in IoT panel:

  • Bayer — been in IoT (injection devices for medicine) for 7 years.  Reduced a lot of parts inventory.
  • Remote control of vending machines replaces paper & pencil
  • Your team needs to evangelize for biz benefits of IoT
  • New Opportunities:
    • vision and language
    • interacting with physical world
    • problem solving.
  • Didn’t know!  Skype can do real-time translation.
  • Google Deep Mind team worked internally, cut energy costs at its server farms. 15% energy reduction.
  • Digital progress makes economic pie bigger, BUT  most people aren’t benefitting economicallly. Some may be worse off. “Great decoupling” — mushrooming economic gap. One reason is that tech affects different groups differently.
  • “Entirely possible to create inclusive prosperity” through tech!

 

WEDNESDAY

Delivering Smart City Solutions and an Open Citywide Platform to Accelerate Economic Growth and Promote New Solution Innovation, Scott McCarley, PTC:

  • $40 trillion potential benefits from smart cities
  • 1st example & starting point for many cities, is smart lightpoles. Major savings plus value added. Real benefit is building on that, with systems of systems (water, traffic, energy, etc.) — the systems don’t operate in isolation.
  • Future buildings may have built-in batteries to add to power supply. Water reclamation, etc.
  • Cities are focused on KPIs across all target markets.
  • Cornerstone systems for a city: power & grid, water/wastewater, building management, city services & infrastructure.
  • Leveraging ThingWorx to address these needs:
    • deploy out-of-box IoT solutions from a ThingWorx Solution Provider: All examples, include Aquamatix, DEPsys (grid), Sensus, All Traffic, Smoove (bike sharing).
    • leverage ThingWorx to rapidly develop new IoT solutions.
      connect to any device, rapidly develop applications, visually model systems, quickly develop new apps. Augmented reality will play a role!
    • create role-based dashboards:
      one for your own operations, another for city.
    • bring the platform to create a citywide platform.
      Sum of connected physical assets, communication networks, and smart city solutions.

Digital Supply Networks: The Smart Factory. Steven Shepley, Deloitte:

  • 3 types of systems: 1) foundational visualization solutions:  KPIs, etc. 2) advanced analytical solutions 3) cyber-physical solutions.
  • Priority smart factory solutions:
    • advanced planning (risk-adjusted MRP), dynamic sequencing, cross network.
    • value chain integration: signal-based customer/supplies integration, dynamic distribution routing/tracking, digital twin.
    • asset efficiency: predictive maintenance, real-time asset tracking intelligence, energy management
    • labor productivity: robotic and cognitive automation, augmented reality-driven efficiency, real-time safety monitoring
    • exponential tech: 3-D printing, drones, flexible robots.
  • How to be successful: think big, start small, scale fast
  • Act differently: multi-disciplinary teams,
  • sensors getting simpler, easier to connect & retrofit. National Connectors particularly good.

Global Smart Home, Smart Enterprise, and Smart Cities IoT Use Cases. Ken Herron, Unified InBox, Pte.

  • new focus on customer
  • H2M: human to machine communication is THE key to IoT success. Respect their interests.
  • Austin TX: “robot whisperer” — industrial robot company. Their robots aging out, getting out of tune, etc. Predictive analytics anticipates problems.
  • Stuttgart: connected cow — if one cow is getting sick, may spread to entire herd. Intervene.
  • Kuala Lumpur: building bot — things such as paper towel dispensers communicating with management.
  • London: Concierge chatbot — shopper browsing can chat with assistant on combining outfits.
  • Dubai: smart camera. Help find your car in mega-shopping center: read license plates, message the camera, it gives you map to the car.
  • Singapore: Shout — for natural disasters. Walks the person making the alert through process, confirms choices.
  • Stuttgart: Feinstaubalarm — occasional very bad airborne dust at certain times. Tells people with lung problems options, such as taking mass transit.
  • Singapore: Smart appliances — I always thought smart fridge was stupid, but in-fridge camera that lets you shoot a “shelfie” does make sense
  • Fulda Germany: smart clothing for military & police: full record of personal health at the moment. Neat!
  • Noida India — smart sneakers can automatically post your run results (see connection to my SmartAging concept)

Business Impact of IoT, Eric Schaeffer, Accenture:

  • Michelin delivery trucks totally reinvented, major fuel savings, other benefits.
  • manufacturing being deconstructed
  • smart, connected products are causing it
  • industrial companies must begin transformation today

Thingworx: Platform for Management Revolution. W. David Stephenson, Stephenson Strategies:

Here are key points from my presentation about how the IoT can allow radical transformation from linear & hierarchical companies to IoT-centric “circular companies” (my entire presentation can be found here):

  • The IoT can be the platform for dramatic management change that was impossible in the past.
  • Making this change requires an extraordinary shift in management thinking: from hierarchy to collaboration.
  • The results will be worth the effort: not only more efficiency & precision, but also new creativity, revenue streams, & customer loyalty. 
  • In short, it will allow total transformation!

Kickstarting America’s Digital Transformation. Aneesh Chopra & Nicholas Thompson!

  • on day one, Our President (not the buffoon) told Chopra he wanted default to be switch from closed to open government & data.
  • National Wireless Initiative: became law 1 yr. after it was introduced.  Nationwide interoperable, secure wireless system.
  • Obama wanted to harness power of Internet to grow the economy. Talked to CIO of P & G, who was focused on opening up the company to get ideas from outside.
  • Thompson big on open data, but he thinks a lot more now is closed, we’re going wrong way.
  • Interesting example of getting down cost of solar to $1 per installed watt!!
  • Thompson: growing feeling that technology isn’t serving us economically. Chopra: need to democratize the benefits.
  • Chopra talking about opening up Labor Dept. data to lead to creative job opportunities for underserved.

 

 

 

 

comments: Comments Off on IoT: LiveBlogging PTC’s LiveWorx tags: , , , , , , , , , ,

Libelium: flexibility a key strategy for IoT startups

I’ve been fixated recently on venerable manufacturing firms such as 169-yr. old Siemens making the IoT switch.  Time to switch focus, and look at one of my fav pure-play IoT firms, Libelium.  I think Libelium proves that smart IoT firms must, above all, remain nimble and flexible,  by three interdependent strategies:

  • avoiding picking winners among communications protocols and other standards.
  • avoiding over-specialization.
  • partnering instead of going it alone.
Libelium CEO Alicia Asin

Libelium CEO Alicia Asin

If you aren’t familiar with Libelium, it’s a Spanish company that recently turned 10 (my, how time flies!) in a category littered with failures that had interesting concepts but didn’t survive. Bright, young, CEO Alicia Asin, one of my favorite IoT thought leaders (and do-ers!) was recently named best manager of the year in the Aragón region in Spain.  I sat down with her for a wide-ranging discussion when she recently visited the Hub of the Universe.

I’ve loved the company since its inception, particularly because it is active in so many sectors of the IoT, including logistics, industrial control, smart meters, home automation and a couple of my most favorite, agriculture (I have a weak spot for anything that combines “IoT” AND “precision”!) and smart cities.  I asked Asin why the company hadn’t picked one of those verticals as its sole focus: “it was too risky to choose one market. That’s still the same: the IoT is still so fragmented in various verticals.”

The best illustration of the company’s strategy in action is its Waspmote sensor platform, which it calls the “most complete Internet of Things platform in the market with worldwide certifications.” It can monitor up to 120 sensors to cover hundreds of IoT applications in the wide range of markets Libelium serves with this diversified strategy, ranging from the environment to “smart” parking.  The new versions of their sensors include actuators, to not simply report data, but also allow M2M control of devices such as irrigation valves, thermostats, illumination systems, motors and PLC’s. Equally important, because of the potentially high cost of having to replace the sensors, the new ones use extremely little power, so they can last        .

Equally important as the company’s refusal to limit itself to a single vertical market is its commitment to open systems and multiple communications protocols, including LoRaWAN, SIGFOX, ZigBee and 4G — a total of 16 radio technologies. It also provides both open source SDK and APIs.

Why?  As Asin told me:

 

“There is not going to be a standard. This (competiting standards and technology) is the new normal.

“I talk to some cities that want to become involved in smart cities, and they say we want to start working on this but we want to use the protocol that will be the winner.

“No one knows what will be the winner.

“We use things that are resilient. We install all the agents — if you aren’t happy with one, you just open the interface and change it. You don’t have to uninstall anything. What if one of these companies increases their prices to heaven, or you are not happy with the coverage, or the company disappears? We allow you to have all your options open.

“The problem is that this (not picking a standard) is a new message, and people don’t like to listen.  This is how we interpret the future.”

Libelium makes 110 different plug and play sensors (or as they call them, “Plug and Sense,” to detect a wide range of data from sources including gases, events, parking, energy use, agriculture, and water.  They claim the lowest power consumption in the industry, leading to longer life and lower maintenance and operating costs.

Finally, the company doesn’t try to do everything itself: Libelium has a large and growing partner network (or ecosystem, as it calls it — music to the ears of someone who believes in looking to nature for profitable business inspiration). Carrying the collaboration theme even farther, they’ve created an “IoT Marketplace,” where pre-assembled device combinations from Libelium and partners can be purchased to meet the specific needs of niches such as e-health,  vineyards, water quality, smart factories, and smart parking.  As the company says, “the lack of integrated solutions from hardware to application level is a barrier for fast adoption,” and the kits take away that barrier.

I can’t stress it enough: for IoT startups that aren’t totally focused on a single niche (a high-stakes strategy), Libelium offers a great model because of its flexibility, agnostic view of standards, diversification among a variety of niches, and eagerness to collaborate with other vendors.


BTW: Asin is particularly proud of the company’s newest offering, My Signals,which debuted in October and has already won several awards.  She told me that they hope the device will allow delivering Tier 1 medical care to billions of underserved people worldwide who live in rural areas with little access to hospitals.  It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, oxygen in

It combines 15 different sensors measuring the most important body parameters that would ordinarily be measured in a hospital, including ECG, glucose, airflow, pulse, blood oxygen, and blood pressure. The data is encrypted and sent to the Libelium Cloud in real-time to be visualized on the user’s private account.

It fits in a small suitcase and costs less than 1/100th the amount of a traditional Emergency Observation Unit.

The kit was created to make it possible for m-health developers to create prototypes cheaply and quickly.

comments: Comments Off on Libelium: flexibility a key strategy for IoT startups tags: , , , , , , ,

When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue

OK, what will it take to make security (and privacy) job #1 for the IoT industry?

The recent Mirai DDoS attack should have been enough to get IoT device companies to increase their security and privacy efforts.

Now we hear that the Hue bulbs from Philips, a global electronics and IoT leader that DOES emphasize security and doesn’t cut corners, have been the focus of a potentially devastating attack (um, just wonderin’: how does triggering mass epileptic seizures through your light bulbs grab you?).

Since it’s abundantly clear that the US president-elect would rather cut regulations than add needed ones (just announcing that, for every new regulation, two must be cut), the burden of improving IoT security will lie squarely on the shoulders of the industry itself. BTW:kudos in parting to outgoing FTC Chair Edith Ramirez, who has made intelligent, workable IoT regulations in collaboration with self-help efforts by the industry a priority. Will we be up to the security challenge, or, as I’ve warned before, will security and privacy lapses totally undermine the IoT in its adolescence by losing the public and corporate confidence and trust that is so crucial in this particular industry?

Count me among the dubious.

Here’s what happened in this truly scary episode, which, for the first time, presages making the focus of an IoT hack an entire city, by exploiting what might otherwise be a smart city/smart grid virtue: a large installed base of smart bulbs, all within communication distance of each other. The weapons? An off-the-shelf drone and an USB stick (the same team found that a car will also do nicely as an attack vector). Fortunately, the perpetrators in this case were a group of white-hat hackers from the Weizmann Institute of Science in Israel and Dalhousie University in Canada, who reported it to Philips so they could implement additional protections, which the company did.

Here’s what they wrote about their plan of attack:

“In this paper we describe a new type of threat in which adjacent IoT devices will infect each other with a worm that will spread explosively over large areas in a kind of nuclear chain reaction (my emphasis), provided that the density of compatible IoT devices exceeds a certain critical mass. In particular, we developed and verified such an infection using the popular Philips Hue smart lamps as a platform.

“The worm spreads by jumping directly from one lamp to its neighbors, using only their built-in ZigBee wireless connectivity and their physical proximity. The attack can start by plugging in a single infected bulb anywhere in the city, and then catastrophically spread everywhere within minutes, enabling the attacker to turn all the city lights on or off, permanently brick them, or exploit them in a massive DDOS attack (my emphasis). To demonstrate the risks involved, we use results from percolation theory to estimate the critical mass of installed devices for a typical city such as Paris whose area is about 105 square kilometers: The chain reaction will fizzle if there are fewer than about 15,000 randomly located smart lights in the whole city, but will spread everywhere when the number exceeds this critical mass (which had almost certainly been surpassed already (my emphasis).

“To make such an attack possible, we had to find a way to remotely yank already installed lamps from their current networks, and to perform over-the-air firmware updates. We overcame the first problem by discovering and exploiting a major bug in the implementation of the Touchlink part of the ZigBee Light Link protocol, which is supposed to stop such attempts with a proximity test. To solve the second problem, we developed a new version of a side channel attack to extract the global AES-CCM key that Philips uses to encrypt and authenticate new firmware. We used only readily available equipment costing a few hundred dollars, and managed to find this key without seeing any actual updates. This demonstrates once again how difficult it is to get security right even for a large company that uses standard cryptographic techniques to protect a major product.”

Again, this wasn’t one of those fly-by-night Chinese manufacturers of low-end IoT devices, but Philips, a major, respected, and vigilant corporation.

As for the possible results? It could:

  •  jam WiFi connections
  • disturb the electric grid
  • brick devices making entire critical systems inoperable
  • and, as I mentioned before, cause mass epileptic seizures.

As for the specifics, according to TechHive, the researchers installed Hue bulbs in several offices in an office building in the Israeli city of Beer Sheva. In a nice flair for the ironic, the building housed several computer security firms and the Israeli Computer Emergency Response Team.  They attached the attack kit on the USB stick to a drone, and flew it toward the building from 350 meters away. When they got to the building they took over the bulbs and made them flash the SOS signal in Morse Code.

The researchers”were able to bypass any prohibitions against remote access of the networked light bulbs, and then install malicious firmware. At that point the researchers were able to block further wireless updates, which apparently made the infection irreversible. ‘There is no other method of reprogramming these [infected] devices without full disassemble (which is not feasible). Any old stock would also need to be recalled, as any devices with vulnerable firmware can be infected as soon as power is applied.’”

Worst of all, the attack was against Zigbee, one of the most robust and widely-used IoT protocols, an IoT favorite because Zigbee networks tend to be cheaper and simpler than WiFi or BlueTooth.

The attack points up one of the critical ambiguities about the IoT. On one hand, the fact that it allows networking of devices leads to “network effects,” where each device becomes more valuable because of the synergies with other IoT devices. On the other hand, that same networking and use of open standards means that penetrating one device can mean ultimately penetrating millions and compounding the damage.


I’m hoping against hope that when Trump’s team tries to implement cyber-warfare protections they’ll extend the scope to include the IoT because of this specific threat. If they do, they’ll realize that you can’t just say yes cyber-security and no, regulations. In the messy world of actually governing, rather than issuing categorical dictums, you sometimes have to embrace the messy world of ambiguity.  

What do you think?

 

comments: Comments Off on When Philips’s Hue Bulbs Are Attacked, IoT Security Becomes Even Bigger Issue tags: , , , , , , , ,

Smart Disposables: Could This Be Birth of Internet of Everything?

Could EVERYTHING be “smart?” It may be happening sooner we thought, and with implications that are hard to fathom today.

That’s the potential with new technology pioneered by Shyam Gollakota, an assistant professor at the University of Washington.  For the first time, it would let battery- and cordless-less devices harvest signals from Wi-Fi, radio, or TV to communicate and power themselves.

Astounding!

For a long time, the most “out there” idea about IoT sensors has been Prof. Kris Pister’s “smart dust” concept, which aimed at a complete sensor/communication system in a package only one cubic millimeter in size. Pister argued that such devices would be so small and cheap that they could be installed — or perhaps even scattered — almost everywhere. The benefits could be varied and inconceivable in the past. According to Pister, possible applications could include:

  • “Defense-related sensor networks
    • battlefield surveillance, treaty monitoring, transportation monitoring, scud hunting, …
  • Virtual keyboard
    • Glue a dust mote on each of your fingernails.  Accelerometers will sense the orientation and motion of each of your fingertips, and talk to the computer in your watch.  QWERTY is the first step to proving the concept, but you can imagine much more useful and creative ways to interface to your computer if it knows where your fingers are: sculpt 3D shapes in virtual clay, play  the piano, gesture in sign language and have to computer translate, …
    • Combined with a MEMS augmented-reality heads-up display, your entire computer I/O would be invisible to the people around you.  Couple that with wireless access and you need never be bored in a meeting again!  Surf the web while the boss rambles on and on.
  • Inventory Control
    • The carton talks to the box, the box talks to the palette, the palette talks to the truck, and the truck talks to the warehouse, and the truck and the warehouse talk to the internet.  Know where your products are and what shape they’re in any time, anywhere.  Sort of like FedEx tracking on steroids for all products in your production stream from raw materials to delivered goods.
  • Product quality monitoring
    • temperature, humidity monitoring of meat, produce, dairy products
      • Mom, don’t buy those Frosted Sugar Bombs, they sat in 80% humidity for two days, they won’t be crunchy!
    • impact, vibration, temp monitoring of consumer electronics
      • failure analysis and diagnostic information, e.g. monitoring vibration of bearings for frequency signatures indicating imminent failure (back up that hard drive now!)
  • Smart office spaces
    • The Center for the Built Environment has fabulous plans for the office of the future in which environmental conditions are tailored to the desires of every individual.  Maybe soon we’ll all be wearing temperature, humidity, and environmental comfort sensors sewn into our clothes, continuously talking to our workspaces which will deliver conditions tailored to our needs.  No more fighting with your office mates over the thermostat.
  • Interfaces for the Disabled (courtesy of Bryndis Tobin)
    • Bryndis sent me email with the following idea: put motes “on a quadriplegic’s face, to monitor blinking & facial twitches – and send them as commands to a wheelchair/computer/other device.”  This could be generalized to a whole family of interfaces for the disabled.  Thanks Bryndis!”

Now imagine that a critical component of such a tiny, ubiquitous device was removed. Because it didn’t need a battery it could be even smaller and cheaper (because of cheaper and simpler radio hardware circuitry).

The goal is having billions of disposable devices start communicating,” Gollakota said (my emphasis).

You may remember that I’ve written before about my metaphor of a pre-IoT era of “Collective Blindness,” the universal inability to peer (literally or figuratively) inside things in the past, which forced us to create all sorts of work-arounds to cope with that lack of real-time data. Imagine how precise our knowledge about just about everything will be if Gollakota’s technology becomes commonplace.

.As Technology Review reported, the critical challenge is making it possible for a device lacking a traditional power source to communicate: “Transferring power wirelessly is not a new trick. But getting a device without a conventional power source to communicate is harder, because generating radio signals is very power-intensive and the airwaves harvested from radio, TV, and other telecommunication technologies hold little energy.”

The principle making the innovation possible is “backscattering,” reflecting waves, particles or signals back in the direction they came from, which creates a new signal.

The early results are encouraging. Gollakata has made a contact lens that can connect with a smartphone. Think I’ll pass on that one, but other devices he and his team have created include brain implants and “a flexible skin patch that can sense temperature and respiration, a design that could be used to monitor hospital patients.”  Marketers will love this one: a concert poster broadcasting a bit of the featured band’s music over FM radio!

Jeeva Wireless, Gollakata’s commercial spinoff, is using a variety of the technology, “passive Wi-Fi.” Devices using it can data up to 100 feet and connect through walls.

Tiny passive devices using backscatter could be manufactured for as little as a dollar. “In tomorrow’s smart home, security cameras, temperature sensors, and smoke alarms should never need to have their batteries changed.”

Gollakata sums up the potential impact: “We can get communication for free” (my emphasis).

That’s incredible, but in light of the continuing series of major DDoS attacks made possible by weak or non-existent IoT security measures, I must remind everyone that speed, power, and ubiquity aren’t everything: we also need IoT security, so I hope the low cost and ability to function without a dedicated energy source won’t obscure that need as well.


 

BTW: a MIT profile on Gollakata mentions one of his other, related, inventions, which I think would mesh beautifully with my SmartAging vision to help seniors age in place in better health.

It’s called  WiSee, which uses wireless signals such as Wi-Fi to “enable whole-home sensing and recognition of human gestures. Since wireless signals do not require line-of-sight and can traverse through walls, WiSee can enable whole-home gesture recognition using few wireless sources (e.g., a Wi-Fi router and a few mobile devices in the living room).”

I love the concept for seniors, because (like Echo, which I’m finally getting!!) it doesn’t require technical expertise, which many seniors lack and/or find intimidating, to launch and direct automated devices. In this case, the activation is through sensing and recognition of human gestures. According to Gollakata,“’Gestures enable a whole new set of interaction techniques for always-available computing embedded in the environment. As an example, he suggests that a hand swiping motion in the air could enable a user to control the radio volume while showering – or change the song playing on the stereo in the living room while you are cooking in the kitchen.”

He goes on to explain:

“…. that the approaches offered today to enable gesture recognition – by either installing cameras throughout a home/office or outfitting the human body with sensing devices – are in most cases either too expensive or unfeasible. So he and his group members are skirting these issues by taking advantage of the slight changes in ambient wireless signals that are created by motion. Since wireless signals do not require line-of-sight and can traverse through walls, he and his group have achieved the first gesture recognition system that works in those situations. ‘We showed that this approach can extract accurate information about a rich set of gestures from multiple concurrent users.”

Combine that with speaking to Alexa, and even the most frail seniors could probably control most of the functions in a smart home. Gollakota says that the approaches offered today to enable gesture recognition – by either installing cameras throughout a home/office or outfitting the human body with sensing devices – are in most cases either too expensive or unfeasible. So he and his group members are skirting these issues by taking advantage of the slight changes in ambient wireless signals that are created by motion. Since wireless signals do not require line-of-sight and can traverse through walls, he and his group have achieved the first gesture recognition system that works in those situations. “We showed that this approach can extract accurate information about a rich set of gestures from multiple concurrent users, “he says.

Incredible work, professor!

comments: Comments Off on Smart Disposables: Could This Be Birth of Internet of Everything? tags: , , , , , , , ,
http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management