IoT: Connected world faces benefits, threats

By now, we have all heard the term “Internet of Things” (IoT), but what does it really mean?

The term was first defined in 1999 by British technologist Kevin Ashton as “the network connecting objects in the physical world to the Internet.” It had all started with this question:

“Why does a particular shade of brown lipstick keep disappearing from store shelves?”

At the time, Kevin was working at Procter & Gamble, which was conducting a research project with the Massachusetts Institute of Technology (MIT) where radio-frequency identification (RFID) tags were used to track items to improve supply chain management. What soon emerged was one of the key benefits of IoT, the ability to track information via “connected objects”, thereby enabling better decision making.

Today, this still-developing technology may one day allow us to live in a world that is much safer, more efficient, and even more comfortable. Of course, at present, there is much hype (and concern) about IoT, and some see it as the next industrial revolution. But it takes a lot of effort to understand the complexity of this ecosystem, and to find appropriate solutions that really work for your business.

As many of you likely have heard, there are many notable predictions out there now about IoT:

  • Cisco Systems says 50 billion things (devices) will eventually be connected on Earth by 2020;
  • EMC predicts that all data created and copied annually will amount to 44 trillion GB by 2020;
  • McKinsey & Co. forecasts IOT’s economic impact could be $11 trillion per year by 2025;
  • Ericsson predicted this summer that the number of IoT-connected devices will surpass all mobile devices by 2018. (This is a full two years earlier than previous forecasts!)
According to EMC, the digital universe by 2020 will contain nearly as many digital bits as there are stars. It is doubling in size every two years, and by 2020 the digital universe will reach 44 zettabytes, or 44 trillion gigabytes.

So how will it all work?

Thousands of things (devices) will connect wirelessly to routers. Those routers will communicate with the cloud where we will be able to run fast analytics and have machines make decisions, communicate those decisions back to the devices, and finally allow the devices to take actions. Artificial Intelligence (AI) is going to play a big role in the way we make decisions. Some of these calculations have the potential to be made at the device level, as well as in the cloud. Rather than act individually, all these devices will communicate with each other and create a system similar to an organism.

The author recently teamed with Northwestern University to update an eager AGC-IT Forum audience at its annual meeting in Chicago.

Here is one example I hear all the time:

Every morning, your ‘smart home’ will check your schedule and traffic time for your commute. If needed, it will adjust your alarm accordingly to wake you up earlier than scheduled, and to start your coffee maker brewing so that all will be ready as you open your eyes.

When I hear things like this, I ask two simple questions: “What is the economic value?” and “Is this something for which I will be willing to pay extra to improve the quality of my life?” If the answers pass one or both of these tests, then I think that particular IoT innovation will survive and even has the potential to be widely implemented.

The challenge of data security

Security and privacy pose the biggest challenge to that wide implementation. I am concerned that one bad example — such as a major city losing control of its traffic lights for couple of hours — could stop or significantly slow down the IoT evolution. If you follow the tech security news that came out of the recent Black Hat and DEF_CON conferences in Las Vegas, you would have noticed a lot of emphasis on the vulnerabilities of IoT devices. But I don’t believe scaring the public helps to resolve these issues. It is more about understanding the challenges and doing what needs to be done to resolve them.

So, what can we do?

Most devices today don’t have encryption since that requires processing power, memory and storage. Security features are often seen as too cost prohibitive to incorporate into the product’s development. One good example is baby monitors. Manufacturers know their vulnerabilities, but due to market price pressures, they don’t develop products with higher levels of security.

Shodan is the world’s first search engine solely focused on internet-connected devices. It allows users to find IoT devices and highlights all vulnerable webcams and devices. In just the last three months, several major Distributed Denial of Service (DDoS) cyber-attacks (bombarding websites with requests more than they can handle) have been reported and some initiated from IoT devices. Experts say hackers switch from networks of hijacked machines to IoT devices since they are easier to take over. Why? Because users usually don’t set up passwords, and don’t know how or when to perform security updates.

Of particular interest to the built environment, the real estate industry is also vulnerable to these threats. In just the last few years, there have been several reported hacking stories related to building management systems. One in 2013 involved Google in Sydney, Australia. Hackers there searched access points via Shodan and found one belonging to Google that lacked a password. Remotely, they would have been able to control heating and cooling. But they informed Google and the problem was fixed before any damage was done. Still, that got a lot of people’s attention.

Similarly, last summer’s biggest cyber-security news involved two hackers who demonstrated how they could take control of cars at the Black Hat and DEF_CON conferences. Although they were able to perform some simple functions, they were not able to take full control of the vehicles. Still, those two hackers got so much publicity that a few months later, Uber hired them to be security experts.

Uber, meanwhile, is working on a driverless car fleet in which all the vehicles will be connected. Uber just announced that customers in Pittsburgh will be calling self-driving cars from their phones. For now, humans still will be able to supervise the automated rides from the driver seats of modified Volvo SUVs.

Other sensational stories in the news this year have included one about a German hacker who was able to access a U.S. Congressman’s phone. But when you find out the details, you learn that the hacker had gotten special access to a German wireless operator’s network, which an expert said was “like giving someone the keys to your house.” So, while many of these stories are certainly cause for concern, upon closer examination, they can be secured by people managing these technologies.

Why you should care

Most IoT devices have limited functionality, so accessing them is not going to provide much value to a hacker. So why should most of us care? Because the hacker’s true target is accessing other networked devices to capture data or gain control. Similarly, it is also clear that accessing your smart home network through an IoT device does not provide anywhere near as much value to a hacker as accessing a corporation or institution. For example, consider hospitals.

“60% of hospitals have been targeted by ransomware
in the last 12 months”

— Healthcare IT News, April 2016

According to HIMMS and Healthcare IT News, 60% of hospitals have been targeted by ransomware in the last 12 months. Often, hospitals would rather pay a ransom than risk potential life-threatening delays in patient care. So, as we move into a world with millions of connected devices, end-to-end security will be a key focus for mission critical services such as healthcare, banking, and financial services.

Privacy is another matter.

We need to develop protective policies on data collection for firms that provide IoT solutions such as devices, routers, analytics, and cloud computing. The threshold question: Who owns the data?

Other questions follow: What level of detail is allowed to be used by corporations? Are they allowed to share it with others? Is there a separation between our personal data and other types of data?

These are all critical questions for the adaption of these technologies by the general public. There have been several studies about millennials’ having a higher tolerance level for the sharing of their personal data in return for economic benefits. But as a society, I don’t believe that we are there yet.

Still, there is no question that that end-to-end security must be implemented during IoT deployments. This includes endpoint security, security of communication between endpoints, management and monitoring, data distribution and secure storage. For a guide, we may want to look to the telecom industry, which has been through a similar evolution related to both security and privacy. I believe there is a lot to be learned from telecom and IoT can follow a similar path.

Based in Chicago, the author is a recognized industry technologist and thought leader who advises start-ups, speaks at industry events, and serves as adjunct faculty at Northwestern University. By day, he is VP and Operations Director of Telecommunication Infrastructure at Lendlease. In addition to IoT, he writes about other tech solutions, including drones, wearables, robotics, predictive analytics, and their applications to real estate and the AEC space.