Does Your CIO have the Right Policies and Standards for IoT?
In our last exploration of the Internet of Things (IoT) we presented some issues surrounding IoT such as device security, scalability and reliability, but there’s that 4,000 pound elephant still lurking in the corner. “What are standards for these devices and who sets them?”
In acquiring a very connected device for your operations, the security standards need to be in place to ensure that your operations are not breached. As indicated in our previous article by Dr. Romeo Farinacci on Cyber Security, data is one of the most valuable assets your company has. Security breaches resulted in the loss $450B for companies in 2016. Leadership can also be held responsible for data breaches that occur on their watch, because of the consequences these attacks have against the organization. As the result of data breaches in the last give years, Target’s CIO and CEO in 2014, the head of the U.S. government’s personnel office in 2015, and OPM’s CIO in 2016, have all resigned.
Yet, the battle for quality is also a key challenge for IoT devices. Those of us with some grey hair can recall the battle for standards over the years. In the early days of home video recorders, the battle was between Sony Betamax and VHS, and then there was also NTSC versus the European PAL standard. Now technology relics from our past, VHS ultimately prevailed; sadly, not because it was a superior format, but because the largest producer of videos was actually the pornography industry and they favored the VHS format (enough said). The Hollywood powers at the mainstream film studios including Disney, didn’t want their names to be sullied by being put in the same basket as that thriving industry in Los Angeles’ San Fernando Valley, but they needed to use the format that a majority of people were using at the time.
We have also seen similar standards battles in many technology advances from personal computer operating systems, cellular technology, internet search, to the current blockchain movement. Much the same, standards will determine the quality of IoT devices produced from now on and will dictate the security, scalability and reliability of these devices in the future.
What are the industry standards for IoT?
There are quite a few. Here is just a short alphabet soup of some of them: IEEE, ISO/IEC JTC 1 Special Working Group 5 (Internet of Things) and Working Group 7 (Sensor Networks), GSMA, oneM2M, ITU-T, IETF, and W3C.
The Institute of Electrical and Electronics Engineers (IEEE) has continually driven the standards within electrical, electronics and computing industries. The IEEE has recognized the current fragmented ‘standards’ as they currently exist for IoT connected devices; identifying approximately 15 separate entities in their Project P2413 – Standard for an Architectural Framework for the Internet of Things (IoT). The following are excerpts from the project abstract:
“The Internet of Things (IoT) is predicted to become one of the most significant drivers of growth in various technology markets. Most current standardization activities are confined to very specific verticals and represent islands of disjointed and often redundant development.
The architectural framework for IoT provides a reference model that defines relationships among various IoT verticals (e.g., transportation, healthcare, etc.) and common architecture elements. It also provides a blueprint for data abstraction and the quality “quadruple” trust that includes protection, security, privacy, and safety.”
This standard will help to reduce current fragmentation in the various IoT verticals. By addressing the need for an IoT architectural framework, IEEE will fulfill its mission to benefit humanity by increasing the interoperability and portability of IoT solutions to both the industry and the end consumer.”
The IEEE’s IoT Architecture Working Group contains the bulk of the technology heavyweights across multiple sectors, including Cisco, Emerson, Hitachi, Honeywell, IBM, Intel, Kapersky, Rockwell Automation, Schneider Electric and Toshiba – Automation to Infrastructure and Security.
Apple is conspicuously missing. HomeKit by Apple is at least one of their answers to resolving the disparities in IoT standards, creating their own called HomeKit in 2014, for home automation (at least for some devices initially, Apple iOS in particular). The initial introduction required the purchase of their approved authentication device, but in an announcement earlier in 2017, Apple has revealed they’ll be using a more open standard of software based authentication and cited 50 partner companies on their website, but I’m not sure of this. Apple has a history of not playing nice with others, but thanks to them moving to an Intel chip, my MacBook works with Windows, Linux and Apple iOS. The HomeKit may evolve to be compatible with other devices as well. Interested in what’s on the forefront of home automation and need a vacation? Attend the upcoming European Smart Homes 2017 conference on October 25th & 26th in London.
What about mobile standards for IoT?
One of the most pervasive IoT devices is the smart phones which, of course, has quality standards. Groupe Speciale Mobile (GSM) is an international telecommunications standard for the transmission of voice and data between cell phones and other mobile devices.¹ While involved in the early days of Internet streaming media, the GSM market was of particular interest, as at the time (nearly 15 years ago), 1 in 6 people were using GSM cellular devices. Today there are 7.5B people on the planet and as of this year, 66+% or 5B are unique users of GSM networks with at least one device (over 8B devices and counting).
GSMA, the industry association realizing that IoT has implications for mobile devices and applications, has recognized the need for standards in that they estimate nearly ¼ of them will be mobile devices or sensors. Key initiatives for this program include:
- Mobile IoT = Trusted IoT – Enable cost effective GSM operator solutions to securely scale mobile IoT
- IoT Big Data – Methods and practices for opening the data silos from the discrete GSM operators and industry sources
- IoT Security – Initiatives to control security from the beginning and every stage of the IoT value chain
- IoT Policy and Regulation – Create an environment to grow the socioeconomic benefits by creating a sustainable policy and regulatory environment to support the successful scaling of IoT
- Industry Engagement – Work closely with industry to create a solid foundation creating strategic alignment
Of the standards working groups mentioned, I do sincerely hope that they create standards that make sense and are adopted by technology providers. Clearly, one size isn’t going to fit all and there will most likely be variations of the standards to meet the needs of specific applications and/or industries, but it’s a goal all in the industry should be cheering along and supporting. I would advise to see how other companies are defining a device as secure, reliable and cost-effective before making your initial investment.
At last count, over 1,000 specialty companies have sprouted up globally to provide industry and application specific IoT solutions. Dell, HP and others have developed commercial IoT offerings and recently, the heavyweight global conglomerate Hitachi has put its hat into the IoT digital transformation ring with the creation of Hitachi Vantara and the commercial release of their Lumada IoT platform utilizing its 2015 acquisition of Pentaho as the analytics cornerstone. For a full list of current IoT providers, visit www.ioglobalnetwork.com.
The Internet of Things seems to be one of the pervasive technology conversations. The technology has generated astounding levels of media buzz and holds immense promise as a transformational technology. The implications of IoT are staggering on how we approach our day to day lives, how our infrastructure is managed – roads, power plants and grids, water, transportation, manufacturing, telecommunications, aviation including un-manned aircraft, security and surveillance to name just a few – the real challenge will be to be proactive, industry wide initiative to establish and, more importantly, maintain the necessary standards, security, scalable architectures, auditing and monitoring tools, growth strategies, skill development and training and all the other moving parts are in place for a stable, highly scalable IoT now and in the future. I don’t think anyone wants our self-driving car to get hijacked and have to pay a ransom (in bitcoin of course), power grids being shut down by hackers and we all want planes to stay in the air until they’re supposed to be on the ground, not before.