The IoT is a subject that DVK consultants advises its customers on its application and exploitation. In the course of our work we noticed a lack of attention and some misunderstandings on the correct way to use IoT technology. We point these issues in the present article.
Internet-of-Things (IoT) or Internet of everything as CISCO likes to say, will change our lives over the next years. McKinsey predicts in their article that the annual economic benefits of IoT will reach $3.9 trillion to $11.1 trillion by 2025. A huge market for every related player. Similar studies have been published from many consulting firms and vendors.
As a result, these numbers created a gold rush fever from small to large companies to penetrate the market. Over the years the miniaturization of sensors, the reduction in the costs of the chips reinforced the production of integrated solutions from all over the world. Furthermore, effortless PCB boards like Raspberry gave the ability to every hardware-oriented student to dream and test ideas very fast. We have seen even dedicated hardware incubators that have partnerships with Chinese manufacturers to arise globally.
We will like to bring your attention to semantics. In the term “Internet-of-Things”, we have seen the solutions that are being developed to focus on the “Things”, rather than the “Internet-of”.
At the moment, there is too much segmentation on how the devices are communicate and under which protocol.
The gold rush drove the decision makers to create siloed solutions that don’t communicate with other devices. Machine-2-Machine (M2M) communication is currently inexistent. The whole ecosystem of IoT devices haven’t managed to be regulated and standards haven’t been adopted.
The result is:
A series of communication protocols have been used from time to time. You may read an extended article here to understand the huge segmentation. Protocols differ in regards to the usage, range, power consumption and the cost.
Image Credit: Helium
Decision makers and software architects should re-define their strategy and focus on the M2M protocols and communication. There is a need for the devices to be smarter and more cognitive. Devices should automatically identify themselves in the network, logging in & out, automatically stop to reduce consumption, communicate with other devices in a secure manner, their statuses and their control should be always in the ownership of manager.
As we like to say in DVK, “let you be the one that controls the data, and not the data that control you”.
Machines need their own social network to communicate between themselves with minimum required human interference. We live in the era of Big Data. With IoT, simply the size of the data is going to scale exponentially. Due to the fact that there are different levels of communication, there are different risks on per level basis of the integrated solutions. While you can be secure in one level, you can be hacked in different tiers. Security must be holistic and multi-level.
By 2020, 25 percent of cyberattacks within enterprises will involve IoT devices, but just 10 percent of IT security budgets will be dedicated to safeguarding them, Gartner forecasts. Another study revealed that 54% of IoT device owners do not use a third-party security tool to protect their devices from outside threats – and more than a third (35%) don’t change the default password on their devices, leaving them vulnerable to attacks. An astonishing and worrying failure.
An example that revealed the security vulnerabilities of the IoT devices was the Mirai Botnet. In 2016, when the “Mirai” (“Future” in Japanese) bot malware was released the whole internet was caught off guard.
Devices infected by Mirai scanned addresses and infected other Linux based devices, with little or no security, and recruit them to consist an army of “zombie” devices that had 2 purposes. First to recruit more devices and secondly to launch denial of service (DOS) attacks on selected targets.
McAfee reported 2.5 million devices affected by Mirai Botnet in Q4 2016. The victim was the servers of Dyn, a company that controls much of the internet’s domain name system (DNS) infrastructure. It was hit on 21 October and remained under sustained assault for most of the day, bringing down sites including Twitter, the Guardian, Netflix, Reddit, CNN and many others in Europe and the US.
Geo-locations of all Mirai-infected devices uncovered. Source: link
If we continue to live in gold rush without paying attention to important issues like security then companies risk their sustainable future in dices.
It’s matter of strategy to stop the anarchy, reduce the risk of failure and make the architecture of devices more cognitive and self-sustainable. In DVK, we focus in our ability to go to the opposite direction. This gives our customers significant advantages over the years to outperform the competition.