Blockchain might be answer to IoT security woes

Could blockchain be the answer to IoT security woes?

I hope so, because I’d like to get away from my recent fixation on IoT security breaches and their consequences,  especially the Mirai botnet attack that brought a large of the Internet to its knees this Fall and the even scarier (because it involved Philips, a company that takes security seriously) white-hat hackers attack on Hue bulbs.  As I’ve written, unless IoT security is improved, the public and corporations will lose faith in it and the IoT will never develop to its full potential.

Now, there’s growing discussion that blockchain (which makes bitcoin possible), might offer a good IoT security platform.

Ironically — for something dealing with security — blockchain’s value in IoT may be because the data is shared and no one person owns it or can alter it unilaterally (BTW, this is one more example of my IoT “Essential Truth” that with the IoT data should be shared, rather than hoarded as in the past.

If you’re not familiar with blockchain, here’s an IBM video, using an example from the highly security-conscious diamond industry, that gives a nice summary of how it works and why:

The key aspects of blockchain is that it:

  • is transparent
  • can trace all aspects of actions or transactions (critical for complex sequences of actions in an IoT process)
  • is distributed: there’s a shared form of record keeping, that everyone in the process can access.
  • requires permission — everyone has permission for every step
  • is secure: no one person — even a system administrator — can alter it without group approval.

Of these, perhaps the most important aspect for IoT security is that no one person can change the blockchain unilaterally, adding something (think malware) without the action being permanently recorded and without every participant’s permission.  To add a new transaction to the blockchain, all the members must validate it by applying an algorithm to confirm its validity.

The blockchain can also increase efficiency by reducing the need for intermediaries, and it’s a much better way to handle the massive flood of data that will be generated by the IoT.

The Chain of Things think tank and consortium is taking the lead on exploring blockchain’s application to the IoT. The group describes itself as “technologists at the nexus of IoT hardware manufacturing and alternative blockchain applications.” They’ve run several blockchain hackathons, and are working on open standards for IoT blockchains.

Contrast blockchain with the current prevailing IoT security paradigm.  As Datafloq points out, it’s based on the old client-server approach, which really doesn’t work with the IoT’s complexity and variety of connections: “Connection between devices will have to exclusively go through the internet, even if they happen to be a few feet apart.”  It doesn’t make sense to try to funnel the massive amounts of data that will result from widespread deployment of billions of IoT devices and sensor through a centralized model when a decentralized, peer-to-peer alternative would be more economical and efficient.

Datafloq concludes:

“Blockchain technology is the missing link to settle scalability, privacy, and reliability concerns in the Internet of Things. Blockchain technologies could perhaps be the silver bullet needed by the IoT industry. Blockchain technology can be used in tracking billions of connected devices, enable the processing of transactions and coordination between devices; allow for significant savings to IoT industry manufacturers. This decentralized approach would eliminate single points of failure, creating a more resilient ecosystem for devices to run on. The cryptographic algorithms used by blockchains, would make consumer data more private.”

I love it: paradoxically, sharing data makes it more secure!  Until something better comes along and/or the nature of IoT strategy challenges changes, it seems to me this should be the basis for secure IoT data transmission!

 

 

 

IBM picks for IoT trends to watch this year emphasize privacy & security

Last month Bill Chamberlin, the principal analyst for Emerging Tech Trends and Horizon Watch Community Leader for IBM Market Development (hmmm, must have an oversized biz card..) published a list of 20 IoT trends to watch this year that I think provide a pretty good checklist for evaluating what promises to be an important period in which the IoT becomes more mainstream.

It’s interesting to me, especially in light of my recent focus on the topics (and I’ll blog on the recent FTC report on the issue in several days), that he put privacy and security number one on the list, commenting that “Trust and authentication become critical across all elements of the IoT, including devices, the networks, the cloud and software apps.” Amen.

Most of the rest of the list was no surprise, with standards, hardware, software, and edge analytics rounding out the top five (even though it hasn’t gotten a lot of attention, I agree edge analytics are going to be crucial as the volume of sensor data increases dramatically: why pass along the vast majority of data, that is probably redundant, to the cloud, vs. just what’s a deviation from the norm and probably more important?).

Two dealing with sensors did strike my eye:

9.  Sensor fusion: Combining data from different sources can improve accuracy. Data from two sensors is better than data from one. Data from lots of sensors is even better.

10.  Sensor hubs: Developers will increasingly experiment with sensor hubs for IoT devices, which will be used to offload tasks from the application processor, cutting down on power consumption and improving battery life in the devices”

Both make a lot of sense.

One was particularly noteworthy in light of my last post, about the Gartner survey showing most companies were ill-prepared to plan and launch IoT strategies: “14.  Chief IoT Officer: Expect more senior level execs to be put in place to build the enterprise-wide IoT strategy.” Couldn’t agree more that this is vital!

Check out the whole list: I think you’ll find it helpful in tracking this year’s major IoT developments.

Coming Soon to a Language Near You: my IoT guide for C-level execs!

Posted on 31st October 2014 in Uncategorized

Neato! Just heard from SAP that reaction to “Managing the Internet of Things Revolution,” my e-guide to IoT strategy for C-level executives, has been so positive that they’re translating it into 4 languages. C’est magnifique!

comments: 0 »

et. al.: Dramatic Proof Non-Violence Trumps Armed Revolt!

Posted on 21st August 2014 in Uncategorized

If you came here today to learn about the latest IoT breakthrough, chill out: there are more important issues than technology, and this is certainly one of them!

In case you’ve had your head down all summer working on your new app or IoT device, the world is quickly going to hell in a hand basket, with violence from Ferguson, MO to The Ukraine.

Isn’t there a better way to handle our conflicts?

In fact, there is: non-violent protest, and, for those of you who share my passion for data, there are hard numbers to back up my contention!

NPR had a story this morning about a great new book from Columbia University Press, by Erica Chenoweth and Maria J. Stephan, Why Civil Resistance Works: the Strategic Logic of Nonviolent Conflict. It studied conflicts from more than 100 years and shows that non-violence is not only twice as effective as violent uprisings in achieving the protestors’ goals, but ushers in more stable peace afterwards. Here’s how the book blurb summarizes their findings:

For more than a century, from 1900 to 2006, campaigns of nonviolent resistance were more than twice as effective as their violent counterparts in achieving their stated goals. By attracting impressive support from citizens, whose activism takes the form of protests, boycotts, civil disobedience, and other forms of nonviolent noncooperation, these efforts help separate regimes from their main sources of power and produce remarkable results, even in Iran, Burma, the Philippines, and the Palestinian Territories.

“Combining statistical analysis with case studies of specific countries and territories, Erica Chenoweth and Maria J. Stephan detail the factors enabling such campaigns to succeed and, sometimes, causing them to fail. They find that nonviolent resistance presents fewer obstacles to moral and physical involvement and commitment, and that higher levels of participation contribute to enhanced resilience, greater opportunities for tactical innovation and civic disruption (and therefore less incentive for a regime to maintain its status quo), and shifts in loyalty among opponents’ erstwhile supporters, including members of the military establishment. 

“Chenoweth and Stephan conclude that successful nonviolent resistance ushers in more durable and internally peaceful democracies, which are less likely to regress into civil war. Presenting a rich, evidentiary argument, they originally and systematically compare violent and nonviolent outcomes in different historical periods and geographical contexts, debunking the myth that violence occurs because of structural and environmental factors and that it is necessary to achieve certain political goals. Instead, the authors discover, violent insurgency is rarely justifiable on strategic grounds.”

Chenoweth & Stephan compiled data from 323 campaigns from Gandhi’s campaign beginning in 1919 to the protests that ousted Thai PM Thanksin Shinawatra in 2006. “This global data set covers all known nonviolent and violent campaigns (each featuring at least 1,000 observed participants) for self-determination, the removal of an incumbent leader, or the expulsion of a foreign military occupation from 1900 to 2006. The data set was assembled using thousands of source materials on protest and civil disobedience, expert reports and surveys, and existing records on violent insurgencies.” 

I’ve got this stuff on the brain right now because I’m reviewing my oldest’s dissertation proposal, which deals with whether bottom-up, community-based counter-insurgency military strategies might not be better than top-down, central government-centered ones. It seems to me that these are variations on the same theme.

In a companion article in the current issue of Foreign Affairs, “Drop Your Weapons: when and why civil resistance works,” Chenoweth & Stephan wrote:

Contrary to conventional wisdom, no social, economic, or political structures have systematically prevented nonviolent campaigns from emerging or succeeding. From strikes and protests to sit-ins and boycotts, civil resistance remains the best strategy for social and political change in the face of oppression. Movements that opt for violence often unleash terrible destruction and bloodshed, in both the short and the long term, usually without realizing the goals they set out to achieve. Even though tumult and fear persist today from Cairo to Kiev, there are still many reasons to be cautiously optimistic about the promise of civil resistance in the years to come.” (my emphasis)

But what of outside players, especially the US? They suggest that, rather than a knee-jerk response of sending in our troops to support protestors, that there may be a more successful response: “a ‘responsibility to assist’ nonviolent activists and civic groups well before confrontations between civilians and authoritarian regimes devolve into violent conflicts.” Are you reading, Sec. Kerry & President Obama? Chenweth & Stephan suggest:

“Policymakers should prioritize a ‘responsibility to assist’ nonviolent activists and civic groups, rather than only seeking to protect civilians through military force, as in NATO’s Libya intervention. Of course, civil resistance campaigns are and must remain homegrown movements. But in recent years, the international community has done much to undermine civil resistance by quickly and enthusiastically supporting armed actors when they arrive on the scene. Syria’s tragedy is a case in point. Although regime repression, supported by Iran and Russia, undoubtedly helped turn a principally nonviolent uprising into a civil war, external actors could have done more to aid civil resistance and prolong the original nonviolent uprising. They could have helped encourage, coordinate, and exploit for political gain regime defections (including from key Alawite elites); demanded that Assad allow foreign journalists to remain in the country; accelerated direct financial support to grass-roots nonviolent networks and local councils; and provided more information to Syrian activists about what it takes to remain nonviolent under highly repressive conditions. Instead, the international community provided political recognition and sanctuary to armed actors, supplied both nonlethal and lethal aid to them, and helped militarize the conflict, undermining the momentum of the nonviolent movement. There was no silver bullet for effectively aiding the nonviolent Syrian opposition. But speed and coordination on the part of external actors, particularly early on in the revolution, were lacking.

Syria highlights the moral and strategic imperative of developing more flexible, nimble ways to support nonviolent resistance movements. The local champions of people power will continue to chart their own future. But outside actors have an important role to play in assuring that civil resistance has a fighting chance.”

Chenoweth & Stephan offer an explanation based on their studies, of the logic — which I find compelling — about why mass protests are more effective.

Unlike armed resistance, which scares the daylights out of a lot of rational people who might take part in peaceful protests (duh!), non-violence attracts “a larger and more diverse base of participants [in the NPR interview they specifically mentioned the large numbers of women who play a prominent role in protests. Shoot your mom? Not so fast..].” They find three common elements in effective campaigns: “… they enjoy mass participation, they produce regime defections, and they employ flexible tactics.”  The big campaigns just bring daily life to a messy halt that’s hard to overcome: “When large numbers of people engage in acts of civil disobedience and disruption, shifting between concentrated methods such as protests and dispersed methods such as consumer boycotts and strikes, even the most brutal opponent has difficulty cracking down and sustaining the repression indefinitely.”  As one soldier they quoted in the NPR story said about why he defied orders to shoot point-blank at protesters, he was afraid he’d be shooting his own kids! And it’s not just soldiers who turn: the elites who keep things running also turn, and things quickly grind to a stop.

They also stress that the successful non-violent campaigns take a lot of planning, and usually play out over a number of years, gradually gaining strength.

The strategy doesn’t always work, but even then, not all is lost over the long haul:

“…. from 1900 to 2006, countries that experienced failed nonviolent movements were still about four times as likely to ultimately transition to democracy as countries where resistance movements resorted to violence at the outset. Nonviolent civic mobilization relies on flexibility and coalition building — the very things that are needed for democratization.”

They also look closely at some of the current examples that seem to undercut the argument for non-violence, namely, Libya, Egypt, and Syria. I thought the Syrian situation was particularly relevant, because massive civil disobedience never really got off the ground before violence broke out, undercutting widespread support among the general public:

taking up arms against the Assad regime’s inevitable brutality destroyed any chance of maintaining the open support for the Syrian opposition on the part of significant numbers of Alawites, Christians, and Druze — minorities who were represented among the nonviolent movement and were crucial to any inclusive, successful civil resistance. The subsequent civil war has alienated many former participants in and supporters of the revolution, and in many ways, it has fortified the regime. And the costs have been enormous.”

I urge you to read the entire Foreign Affairs article. When I can, I’m going to read the whole book.

I’ve done a lot of things that I’m proud of over my career, but none that makes me more proud than the first thing I did as an adult: going through the arduous process of being classified as a conscientious objector during Vietnam and taking two years out of my career to do alternative service as a teacher in an anti-poverty program’s day-care center. Thank you, Haverford College, for gently instilling those values in me, and thank you, Erica Chenoweth and Maria Stephan, for this dramatic proof that non-violent protest works!

Now, back to our regularly-scheduled programming…

 

 

comments: 0 »

Calculating Internet of Things ROI — important tool

Just came across this video while researching how to calculate ROI on Internet of Things investments for the e-book I’m writing, and felt compelled to share it.

That’s because it may be hard to calculate ROI fully and accurately for IoT investments if you aren’t thinking in terms of what my friend/patron Eric Bonabeau always pounds into my head: what can you do now that you couldn’t do before?

In the case of the IoT, there are  several things, such as “predictive maintenance,” that weren’t possible before and thus we don’t automatically think of calculating these benefits. It will require a conscious change in figuring ROI to account for them.

According to Axeda CMO Bill Zujewski, there are 6 levels of M2M/IoT implementation, and there are both cost savings and revenue enhancements as you move up the curve:

  1. Unconnected: this is where most firms are today. No M2M/IoT investments.
  2. Connected, pulling data for future use: No return yet.
  3. Service: the investment begins to pay off, primarily because of lower service costs.
    1. Cost reductions:
      1. fewer repair visits  Now that you’re harvesting real-time information about products’ condition, you may be able to optimize operating conditions remotely.
      2. first-time fix rate increases: Now you may know what the problem is before you leave, and can also take the proper replacement parts.
      3. reduced call length: You may know the problem in advance, rather than having to tinker once you’re there to discover it.
    2. Higher Revenues:
      1. Greater customer satisfaction. Customer doesn’t have to pay as much for repairs, down-time is reduced.
  4. Analyze: Putting data into BI and other analysis tools to get greater insights. For example, understand what are bad parts, when they’re failing.
    1. Cost reductions:
      1. fewer service visits: instead of monthly service you may be able to switch to quarterly.
      2. lowering returns
      3. improve product design
    2. Higher Revenues:
      1. Increase product up-time: due to better design and more effective maintenance, longer mean-time-to-failure.
  5. Data integration: begin to integrate data with business processes.
    1. Cost reductions:
      1. warrantees (especially for industrial equipment): fewer claims if you can monitor equipment’s operations, warn owner if they’re using it improperly.
      2. recalls: reduced.
    2. Higher revenues:
      1. pay-as-you-go leases: as we’ve discussed earlier, you may be able to increase revenues by leasing products based on how much the customer actually uses them (which you can now document), rather than selling them.
      2. increased sales of consumables: you’ll be able to know exactly when the customer needs them.
  6. Reinvent the customer experience: According to Zujewski, this is where you “put machine data into the end users’ hands” through a smartphone app, for example, that gives them access to the information.
    1. Cost reductions:
      1. reduced calls to call center: the end user will be able to initiate service and troubleshoot themselves.
    2. Higher revenues:
      1. increases sales: your product will be enhanced, leading to more successful sales calls. You also may be able to charge for some of the new data access services that make the product better.

Zujewski concludes by saying that all of these changes combine into 4 major benefits:

  1. world-class service
  2. business insights (such as better understanding of how your customers are using your products) from all the data and analysis
  3. improve business processes: integrating data allows you to improve the way you perform current processes
  4. highly-differentiated offering due to to the apps and information you can provide users. “You end up demo-ing your apps vs. just the machines”

I was really impressed with this presentation, and it makes sense to me as a framework for calculating ROI on Internet of Things investments (I want to think about other benefits of the IoT that were impossible before to see if there are any other factors that should also be calculated).

I’d be really interested in your reaction: is this a valid methodology? what other factors would you also include?

The 2013 World Series Champs: Boston Strong!

Posted on 31st October 2013 in et. al., Uncategorized

 

Three basic facts to remember:

  1. All literary men are Red Sox fans.” — John Cheever
  2. The Boston Red Sox are the World’s Champions.
  3. The Hub of the Universe is the best city in the world. Boston Strong!

Now back to our regularly scheduled programming!

Dr. Leslie Saxon — Digital Health

Posted on 24th October 2013 in health, Uncategorized

Presentation @ the Center for Connected Health Symposium:

  • “patients want to engage” — willing to share data
  • using body-worn sensors, to let student athletes determine when they’re in high-performance zone either in school or on field.
  • working with same sensors to study military resilience, which members of your team are “in the zone”
  • “Latitude Heart Coach” — trying to empower patients to engage with the data. Make it sticky. Device is a life coach.
  • using YouTube celebrities to help diabetics have constant carb levels.
  • work with lot of mobile solutions
  • also using Instagram   — attach heart rate to photos
  • want to collect everyone’s heart rate in entire world!

et al.: How About Them Red Sox?

Posted on 9th October 2013 in Uncategorized

Here’s one of my infrequent diversions from the business of the IoT and data. My apologies if you don’t suffer from a severe case of Red Sox Fever right now….

How about them Red Sox?  It took until 12:30 AM, but the Bearded Wonders cemented their collective place in the hearts of Red Sox Nation by sending the Rays off to the golf course.

I haven’t checked the Boston City Charter, but I don’t see any insuperable obstacles to Koji Uehara, though technically a Japanese citizen, being elected by acclamation as the next mayor of the Hub of the Universe! Wow. He was lights out!

But my fav hero from last night was the Smartest Guy in Baseball, Craig Breslow. Just as he has been all season, he of the dual majors in molecular biophysics and biochemistry from down the road in New Haven, was unflappable (BTW: read his Wikipedia bio …. when he finally finishes with besbol, he’ll probably cure cancer!).

These guys have brought back such joy to New England after last season’s debacle. On to the World Series!

comments: 0 »

Furious About the Government Shutdown!

Posted on 30th September 2013 in Uncategorized

I try to keep this blog focused on the Internet of Things and related topics such as big data, but I will deviate on occasion (look for at least one post in the next month about the World Champions to Be, AKA the Boston Red Sox!), and this is one of them!

For months, I’ve been looking forward to moderating a panel at the international M2M and IoT Summit, to be held tomorrow and Wednesday at the National Press Club in Washington.

As of now, one of the panelists is Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, at the Federal Trade Commission (the only US agency that’s demonstrated interest in the IoT).

BUT THAT MAY NOT HAPPEN! You see, if the ignoramuses (let me be blunt about it) who make up the 40 or so (out of 435: you do the math — does that constitute a majority???) “Tea Party” types in the House of Representatives don’t suddenly change their ways, the federal government will shut down at 12:01 AM tomorrow, and Mr. Eichorn and the other federal representatives who were supposed to participate in the conference or attend it, won’t be allow to!

I happen to think federal workers are great such as Mr. Eichorn are great: they work long hours, come in for a fair amount of abuse, and have already suffered financial losses because of the equally stupid sequester.

If you agree, please call Speaker Boehner’s Office, 202 225-0600, and tell him what you think about his spineless leadership.

OK, got that off my chest…

PS: Oh, the cause of all this stupidity? The Affordable Care Act, modeled on our own Massachusetts health reform law, signed by a Republican governor in 2006, and acknowledged by all as a success. It works. Get over it. Give me a break!

PSS: The Tea Party? Latest poll shows public support for them has shrunken to near all-time low!

comments: 1 »

I’ll moderate D.C. panel on IoT privacy and security!

Posted on 5th September 2013 in privacy, security, Uncategorized

Huzzah!  As you know, I’ve been repeating the mantra that, as technological barriers such as battery size disappear, the most important obstacle threatening full development of the Internet of Things is the linked issues of privacy and security.

That’s why I’m quite honored to announce I’ll be hosting a panel on those issues at the 2013 M2M and Internet of Things Global Summit, to be held October 1 and 2 at the National Press Club in DC! 

It’s an impressive panel:

Other panels at the summit will discuss a related issue, device security; actualizing the IoT’s benefits; financing the IoT; IoT devices in the 4G era; and global standards.

Major speakers include:

  •  Edith Ramirez, Chairwoman, FTC
  • Chris Vein, Chief Innovation Officer, The World Bank
  • Kevin Petersen, Senior Vice President, Digital Life, AT&T
  • Ed Tiedemann, Fellow and Head of Standards, Qualcomm
  • David Hoffman, Director of Security Policy and Global Privacy Officer, Intel Corporation
  • Alicia Asín, Co-Founder and CEO, Libelium
  • Chad Jones, VP Product Strategy, Xively
  • Chris Rezendes, President, INEX Advisors
  • Doug Merritt, Senior Vice President, Product, Solutions & Industry Marketing, Cisco

It should be a great conference. Sign up now! See you there!

PS: What questions do you think I should ask the panelists?