Critical Infrastructure and IoT
Robert Metzger, Shareholder, Rogers Joseph O’Donnell
- a variety of constraints to direct government involvement in IoT
- regulators: doesn’t trust private sector to do enough, but regulation tends to be prescriptive.
- NIST can play critical role: standards and best practices, esp. on privacy and security.
- Comparatively, any company knows more about potential and liabilities of IoT than any government body. Can lead to bewildering array of IoT regulations that can hamper the problem.
- Business model problem: security expensive, may require more power, add less functionality, all of which run against incentive to get the service out at lowest price. Need selective regulation and minimum standards. Government should require minimum standards as part of its procurement. Government rarely willing to pay for this.
- Pending US regulation shows constant tension between regulation and innovation.
Gary Butler, CEO, Camgian
- Utah cities network embedding sensors.
- Scalability and flexibility needed. Must be able to interface with constantly improving sensors.
- Expensive to retrofit sensors on infrastructure.
- From physical security perspective: cameras, etc. to provide real-time situational awareness. Beyond human surveillance. Add AI to augment human surveillance.
- “Dealing with ‘data deluge.'” Example of proliferation of drones. NIST might help with developing standards for this.
- Battery systems: reducing power consumption & creating energy-dense batteries. Government could help. Government could also be a leader in adoption.
Cyber-Criminality, Security and Risk in an IoT World
John Carlin, Chair, Cybersecurity & Technology Program, Aspen Institute
- Social media involved in most cyberwar attacks & most perps under 21. They become linked solely by social media.
- offensive threats far outstrip defenses when it comes to data
- now we’re connecting billions of things, very vulnerable. Add in driverless cars & threat even greater. Examples: non-encrypted data from pacemakers, and the WIRED Jeep demo.
Belisario Contreras, Cyber Security Program Manager, Organization of American States
- must think globally.
- criminals have all the time to prepare, we must respond within minutes.
- comprehensive approach: broad policy framework in 6 Latin American countries.
Samia Melhem, Global Lead, Digital Development, World Bank
- projects: she works on telecommunications and transportation investing in government infrastructure in these areas. Most of these governments have been handicapped by lack of funding. Need expert data integrators. Integrating cybersecurity.
Stephen Pattison, VP Public Affairs, ARM
- (yikes, never thought about this!) cyberterrorist hacks self-driving car & drives it into a crowds.
- many cyber-engineers who might go to dark side — why hasn’t this been studied?
- could we get to point where IoT-devices are certified secure (but threats continually evolve. Upgradeability is critical.
- do we need a whistleblower protection?
- “big data starts with little data”
Session 4: Key Policy Considerations for Building the Cars of Tomorrow – What do Industry Stakeholders Want from Policymakers?
Ken DiPrima, AVP New Product Development, IoT Solutions, AT&T
- 4-level security approach: emphasis on end-point, locked-down connectivity through SIM, application level …
- deep in 5-G: how do you leverage it, esp. for cars?
- connecting 25+ of auto OEMs. Lot of trials.
Rob Yates, Co-President, Lemay Yates Associates
- massive increase in connectivity. What do you do with all the data? Will require massive infrastructure increase.
Michelle Avary, Executive Board, FASTR, VP Automotive, Aeris
- about 1 Gig of data per car with present cars. Up to 30 with a lot of streaming.
- don’t need connectivity for self-driving car: but why not have connectivity? Also important f0r the vehicle to know and communicate its physical state. Machine learning needs data to progress.
- people won’t buy vehicles when they are really autonomous — economics won’t support it, will move to mobility as a service.
Paul Scullion, Senior Manager, Vehicle Safety and Connected Automation, Global Automakers
- emphasis on connected cars, how it might affect ownership patterns.
- regulatory process slow, but a lot of action on state level. “fear and uncertainty” on state level. Balance of safety and innovation.
Steven Bayless, Regulatory Affairs & Public Policy, Intelligent Transportation Society of America
- issues: for example, can you get traffic signals to change based on data from cars?
- car industry doesn’t have lot of experience with collaborative issues.
How Are Smart Cities Being Developed and Leveraged for the Citizen?
Sokwoo Rhee, Associate Director of Cyber-Physical Systems Program, National Institute of Standards and Technology (NIST)
- NIST GCTC Approach: Smart and Secure Cities. Partnered with Homeland Security to bring in cybersecurity & privacy at the basis of smart city efforts “Smart and Secure Cities and Communities Challenge”
Bob Bennett, Chief Innovation Officer, City of Kansas, MO
- fusing “silos of awesomeness.”
- 85% of data you need for smart cities already available.
- “don’t blow up silos, just put windows on them.”
- downtown is 53 smartest blocks in US
- can now do predictive maintenance on roads
- Prospect Ave.: neighborhood with worst problems. Major priority.
- great program involving multiple data sources, to predict and take care of potholes — not only predictive maintenance but also use a new pothole mix that can last 12 years
- 122 common factors all cities doing smart cities look at!
- cities have money for all sorts of previously allocated issues — need to get the city manager, not mayor, to deal with it
- privacy and security: their private-sector partner has great resoures, complemented by the city’s own staff.
Mike Zeto, AVP General Manager, IoT Solutions, AT&T
- THE AT&T Smart Cities guy.
- creating services to facilitate smart cities.
- energy and utilities are major focus in scaling smart cities, including capital funding. AT&T Digital Infrastructure (done with GE) “iPhone for cities.”
- work in Miami-Dade that improved public safety, especially in public housing. Similar project in Atlanta.
- privacy and security: their resources in both have been one of their strengths from the beginning.
Greg Toth, Founder, Internet of Things DC
- security issues as big as ever
- smart city collaboration booming
- smart home stagnating because early adopter boom over, value not sure
- Quantified-Self devices not really taking hold (yours truly was one of very few attendees who said they were still using their devices — you’d have to tear my Apple Watch off).
- community involvement greater than ever
- looming problem of maintaining network of sensors as they age
- privacy & security: privacy and security aren’t top priorities for most startups.
IoT TECH TALKS
- Dominik Schiener, Co-Founder , IOTA speaking on blockchain
- working with IoT version of blockchain for IoT — big feature is it is scaleable
- why do we need it? Data sets shared among all parties. Each can verify the datasets of other participants. Datasets that have been tampered are excluded.
- Creates immutable single source of truth.
- It also facilitates payments, esp. micropayments (even machine to machine)
- Allows smart contracts. Fully transparent. Smart and trustless escrow.
- Facilitates “machine economy”
- Toward “smart decentralization”
- Use cases:
- secure car data — VW. Can’t be faked.
- Pan-European charging stations for EVs. “Give machines wallets”
- Supply chain tracking — probably 1st area to really adopt blockchain
- Data marketplace — buy and sell data securely (consumers can become pro-sumers, selling their personal data).
- audit trail. https://audit-trail.tangle.works
- DJ Saul, CMO & Managing Director, iStrategyLabs IoT, AI and Augmented Reality
- focusing on marketing uses.
Raising the bar for federal IoT Security – ‘The Internet of Things Cybersecurity Improvement Act’
- Jim Langevin, Congressman, US House of Representatives
- very real threat with IoT
- technology outpacing the law
- far too many manufacturers don’t make security a priority. Are customers aware?
- consumers have right to know about protections (or lack thereof)
- “failure is not an option”
- need rigorous testing
- Beau Woods, Deputy Director, Cyber Statecraft Initiative, Atlantic Council
- intersection of cybersecurity & human condition
- dependence on connected devices growing faster than our ability to regulate it
- UL developing certification for medical devices
- traceability for car parts
- John Marinho, Vice President Cybersecurity and Technology, CTIA
- industry constantly evolving global standards — US can’t be isolated.
- cybersecurity with IoT must be 24/7. CTIA created an IoT working group, meets every two weeks online.
- believe in public/private partnerships, rather than just regulatory.
Session 9: Meeting the Short and Long-Term Connectivity Requirements of IoT – Approaches and Technologies
- Andreas Geiss, Head of Unit ‘Spectrum Policy’, DG CONNECT, European Commission
- freeing up a lot of spectrum, service neutral
- unlicensed spectrum, esp. for short-range devices. New frequency bands. New medical device bands.
- trying to work with regulators globally to allow for globally-usable devices.
- Geoff Mulligan, Chairman, LoRa Alliance; Former Presidential Innovation Fellow, The White House
- wireless tradeoffs: choose two — low power/long distance/high speed.
- not licensed vs. unlicensed spectrum. Mix of many options, based on open standards, all based on TCP/IP
- low power wide area networks
- battery operated
- long range
- low cost
- couple well with satellite networks
- LPWAN based on LoRa Radio
- unlicensed band
- open standards base
- openly available
- open business model
- low capex and opex could covered entire country for $120M in South Korea
- IoT is evolutionary, not revolutionary — don’t want to separate it from other aspects of Internet
- Jeffrey Yan, Director, Technology Policy, Microsoft
- at Microsoft they see it as critical for a wide range of global issues, including agriculture.
- Charity Weeden, Senior Director of Policy, Satellite Industry Association
- IoT critical during disasters
- total architecture needs to be seamless, everywhere.
- Andrew Hudson, Head of Technology Policy, GSMA
- must have secure, scalable networks
Session 10: IoT Data-Ownership and Licencing – Who Owns the Data?
- Stacey Gray, Policy Lead IoT, Future Privacy Forum
- consumer privacy right place to begin.
- need “rights based” approach to IoT data
- at this point, have to show y0u have been actually harmed by release of data before you can sue.
- Patrick Parodi, Founder, The Wireless Registry
- focus on identity
- who owns SSID identities? How do you create an identity for things?
- Mark Eichorn, Assistant Director, Division of Privacy and Identity Protection, Federal Trade Commission
- cases involving lead generators for payday loan. Reselling personal financial info.
- Susan Allen, Attorney-Advisor, Office of Policy and International Affairs, United States Patent & Trademark Office
- focusing on copyright.
- stakeholders have different rights based on roles
- Vince Jesaitis, Director, US Public Affairs, ARM
- who owns data depends on what it is. Health data very tough standards. Financial data much more loose.
- data shouldn’t be treated differently if it comes from a phone or a browser.
- industrial side: autonomous vehicle data pretty well regulated. Pending legislation dealing with smart cities emphasis open data.