“The future ain’t what it used to be.” ~Yogi Berra
Did you know that there are more “things” that actual people connected to the internet? Seriously – more devices than people on Earth are now connected to the ol’ interwebs. You probably use some of them. Your FitBit, your Apple Watch, your Smart TV, your Nest thermostat. Without giving away too much, my home has over 75 IP addresses – and I don’t have kids. My dog even has an IP address.
Does that seem excessive, or will you say, “Well, you’re an IT geek, of course you do?” I’d guess that you don’t really think about just HOW MUCH we’re all connected – and how much data moves around without your knowledge.
You’ve heard of the Internet of Things? Or the Internet of Everything? It’s here, and it’s getting bigger every day. A few quick examples:
If you travel through the Austin airport (or any major U.S. airport, really), the security gates will update the time while you’re standing there in real-time based on tracking the phones that move through security. Every pair of Levi’s has an RFID chip in the price tag, allowing the stores to track what items are the most moved, most sold and most looked at. Wal-Mart tags every pallet, package and truck with RFID, allowing real-time tracking of inventory. Even herding cows has been made easier with IoT.
Little tags/trackers can be put on your keys, your suitcase, your car or even your kids to allow real-time tracking. The baby monitor has entered a whole new area again – far from just listening, you can monitor your baby’s temperature, breathing rate, etc. – all from your phone or tablet. And, of course, GPS that allows you to monitor whether the nanny took your kids to the park today!
I’m a skier. My electronic pass tracks me around all the ski resorts to tell me my total vertical feet for the day and runs I’ve completed, and it also allows me to compete with my friends. If you didn’t really think about these things as IoT, you’re not alone. Many of these devices have very subtly insinuated themselves into our daily lives. In fact, we’re moving away from the Internet of Things and toward the Internet of Everything.
The Internet of Automobiles
If you have seen the ads for the Automatic device from a large car insurance company, that’s also IoT. This is a device that plugs into the OBD-II port on your car, reads the diagnostics and information from your car, and then sends it via Wi-Fi or cellular connection to the insurance company for analysis and tracking.
New cars can be “geo-fenced:” If you don’t want your car going to Chicago, you can disable it when it leaves Denver. Or have it send an alert. Did you crash? Alert the paramedics. Law enforcement can actually remotely disable vehicles with OnStar.
Audi and the city of Las Vegas have partnered to provide real-time data of how long your Audi will sit at a red light in the name of optimizing traffic. Vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) have also been areas of heavy research to help monitor and model traffic flows in cities and to provide updates on accidents, road conditions, public safety and, of course, insurance data.
While you endure your daily commute, your navigation will be ever-smarter and ever smoother (we hope!) thanks to the updates your car gives and receives from those around it, and the data it receives from the road signs and sensors on the way to your office. (Yes, the signs will have sensors – temperature, GPS, etc.) Did a car ahead of you spin a wheel on the ice? Its ABS sensor will notify the network for potential ice. Did you forget where you parked? It will remind you when you’re off work for the day.
And, of course, self-driving cars. They’re already here. Tesla does their updates all the time to Autopilot, and the Cadillac SuperCruise is an amazing system. The new Mercedes S-Class can drive itself via cameras, GPS, automatic braking, acceleration and steering control. Google, Ford and GM are all making significant strides here. And, my personal favorite, the Arrow SAM Corvette, plays a huge part in this arena as well.
Smart Homes and Offices
More and more of these devices are around you in stores, office buildings and even your own home. The Nest devices, Google Home, WeMo smart switches, Amazon’s Alexa, Philips HUE… all of these things are becoming increasingly ubiquitous. New office buildings have internet-connected HVAC motion sensors that can automatically turn up and down the heat, turn on lights, unlock doors, call security and provide analytics on who uses which doors more often in the mornings.
Did you forget to shut the garage door when you left this morning? All good – your house can alert you and automatically close it if you leave your defined GPS “zone.” The fact is, you’re surrounded by the Internet of Things – and it’s only going become more woven into the fabric of your life.
Basically, nearly everything can be made “smart.” Water? Yeah. Clothes? You bet. Lights, thermostats, cars – you’re probably pretty used to those. But here are some interesting thoughts: How about smart chairs? Is somebody sitting there? How heavy are they? Where is the chair? Large hotels and conference venues could easily plan for capacity, know who was sitting where by correlating phone data with chair data (scary but cool, right?). Smart tables are showing up – you can order from the table. What about a smart glass that could automatically reorder your beer when it was empty (that could be a problem…)?
How about kegs that monitor their temperature and volume? Automatic inventory! Smart umbrellas that automatically track the sun’s angle, and open and close for sunrise/sunset. The possibilities are basically only limited by your imagination.
There are smart garbage cans at amusement parks that signal when they’re full. Smart mousetraps – yep, it’s FINALLY here (I’m not kidding – the trap will signal when it’s tripped!). Smart pools that can report water temperature, chemical balance and if the surface is broken/splashed for kids/pet monitoring. Smart windows report temperature inside/outside, open or closed, and tie your alarm system – which also connects to the internet, by the way. Correlate this data with weather forecasting, your guest reservation system and their personal preferences, and you can determine how to order for the restaurants, whether to open the pool patio, and if you order more of the IPA or more of the porter. Move this analytics power upstream, and your supplier can start loading the trucks before you make the phone call. That’s powerful stuff.
It’s all about the data, baby!
Why collect all this stuff? What’s the point? What are they doing with it? (Who’s THEY, anyway?)
Okay, so that’s the buzzword. Why is everyone all a-twitter about analytics? The reason for analytics is monetization and efficiency at scale. Finding patterns. Finding anomalies. Discovering efficiencies that we didn’t know existed. However, analytics doesn’t work without a massive dataset. Oh, look – you helped create that dataset! What happens to that data? How is it being correlated with other data? Does it get linked to my Visa and the buying patterns and habits I have? (The answer is yes, in case you’re wondering.) When you buy your coffee via your smartphone, you can be assured that your information is heavily analyzed and correlated, and marketing campaigns are created for it. These devices collect data and send it to the cloud where it’s parsed, analyzed and sorted… and then, in most cases, sold to advertisers.
Some of these things are very useful from a diagnostics standpoint; some are useful for an insurance company to make determinations about you and your risk assessment. Combine your acceleration and braking habits with GPS information, route driven and miles/year, and you can quickly develop a VERY accurate profile of a driver. Whether that’s good or bad is outside the scope of this article, but it’s worth remembering. (Cool? Sure. Creepy? Maybe.) Combine your buying patterns, your routes, your behaviors and your information and you have a VERY accurate target for advertising. (Remember – if something is free, YOU’RE the product!)
Where consumers need to keep an eye out is to ask, “How are you safeguarding my data?” More and more of this data is being “pooled,” which allows for fascinating, and also disturbing, use cases. The recent GDPR policy in Europe is part of a response to this.
“I have an idea…”
So, how do people connect and collect all this stuff? What if you build a smart laptop bag? (See, I’m giving you all these killer ideas free of charge. Hook me up if you build one.)
ArrowConnect allows for IoT developers, manufacturers, software suppliers and middleware to have a secure platform to further leverage IoT. As we move forward into new devices and new markets, security remains a critical piece in ensuring data integrity and privacy, as this information is far more personal and relevant to people. From an infrastructure standpoint, IoT security is paramount, as we increasingly rely on automation and software to control water, power, sewage and traffic in our large cities. As those cities develop, the technology naturally moves “downmarket” into mid- and small-sized cities. Securing these devices and their networks is critical, and requires careful planning, forethought and a willingness to actually STOP business—or at least pause it—to fully understand the ramifications of connecting all these devices.
ArrowConnect was built with security in mind and has the ability to accept any current protocol (WiFi, Bluetooth, Zigbee, etc.). If you invent a new protocol, we’ll work with you to integrate it into ArrowConnect. ArrowConnect then will move your data onto a platform of your choosing.
Who’s Watching the Watchers?
So, as usual, there’s a dark side, or a side that isn’t all shiny and excited about the future. This is where my privacy advocate kicks in. What is happening with this data? Where is it? Who’s securing it? Is it even secure? What can I do about it?
The sobering reality is: not much. Many manufacturers give lip service to security, relying on traditional security methods such as home Wi-Fi encryption and home firewalls. The complexity of home networks is now beginning to approach parity with business networks. In my own home, I have a next-generation firewall, two wireless access points and all these IP-enabled devices – and about 10 of them are traditional PCs, phones or tablets. Where does all that data go, exactly? Manufacturers have their analytics, updates and licensing requirements. Devices can talk to their apps and each other. Alexa is always listening, as are Google and Siri. You can’t block it, because then it doesn’t work as designed. You can’t really diagnose it, because it’s proprietary. So, you either trust it, or just do your best to secure it while still enjoying the 21st century.
The proven poor track record of information security hasn’t been any better in the IoT space. Devices are rushed to market for functionality, with security an afterthought. This must change. In my opinion, the inflection point will be when a high-profile target is compromised – a celebrity, a politician – and then the weight of the legal system is brought to bear on the manufacturer/software developer. Security standards need to be created for IoT – and Arrow is a leader in that space.
IoT networks and devices should be treated like any other IT device – identified, monitored, and properly controlled and segmented as needed. Ask yourself, “What is the device, what is it supposed to do, and who is it supposed to talk to?” You have a company security policy, right? (If not, call me or email me immediately!)
Let Arrow help you craft a strong security plan around your IoT strategy.
Davitt J. Potter
Field CTO, Arrow Security
Arrow ECS Security
Last modified: May 3, 2019