IOT: Hype Holds Intelligence For Ransom


Few concepts have captured the IT community as the internet of things(IOT). Such a kidnapping generally has major elements as driving forces: Scale and Scope

  • Scale: How about 50 billion or maybe 20 billion, all within the next decade or so? Any forecast is in the two digit billions and is only the beginning.
  • Scope: Not only does mankind have ever evolving smartphones and AI assistants, we are immersed in a sea of intelligent every day, ever-present machines including cars and trucks.

The Specter

Why do we raise the specter that hype has taken intelligence for ransom? Because reflecting on recent events and connecting a few bright points of insight on some of the basic assumptions underlying the hype, reveals deep concerns.

First, from recent news: Ars Technica, October 21,2016: “Double-dip Internet of Things botnet attack felt across the Internet” (the Dyn attack).

This was one of the flood of news stories of a massive attack on a critical domain service provider which disrupted service to such major content providers as Amazon, Twitter, Netflix, around the globe. The unusual aspect of this attack was the use of Botnets which exploit the vulnerabilities in embedded devices. These devices include specifically Wi-Fi routers, IP cameras, web cams and other connected devices.

One of the most notorious of these malwares, is Mirai, an apparently hacker generated software worm that roams the web searching for IoT devices to infect. Devices from particular subassembly manufacturers appeared to be particularly vulnerable. The number of vulnerable items is already in the millions at least.

In the recent past, we should keep in mind the preproduction model hack of a Fiat – Chrysler self driving car; a breach uncovered and reportedly corrected before the mischief became impactful.

Problems Introduced By Scale

Remember, the IoT industry for both hardware and software is not only global but consists of many subassemblies, including different operating system releases and stacks.

The standard solution to a virus, or malware is, fix the code, and the standard way to fix the code is an update.

This standard solution is not just highly impractical for a vast consumer market of billions of devices, most which will have an average cost of probably under 10 dollars – remember there may be 50 billion of them.

You and I will not update our web cam, refrigerator, light bulb/LED – maybe our car once a year – much less other appliances. This gross impracticality of the standard solution is an example of a dream, IoT, seriously diverging from reality.

The mass market is a heterogeneous mix of yesterday and today, characteristics and expectations.

Security, Not An Easy Or Uniform Fix

While security is now beginning to get more attention in the IoT landscape, there are boundary conditions. Low cost seldom leads to rigorous security solutions. This implies that the IoT markets approach will become highly segmented with some areas such as industrial applications receiving robust sustainable security approaches and others much, much less so. Where does that leave the self-driving car/truck?

These reflections, on IoT and security, may be part of a larger set of issues. It is often a good economic strategy to use an infrastructure platform to it fullest extent, both in volume of activity and specific performance characteristics. However, this good economic strategy does not mean that round pegs fit in square holes. It has it limits.

Our Take

Reviewing the way we arrived at this security crisis in IoT caused us to look at IoT and the “Internet”

The Internet was conceived as a network of human minds and their tools. It began in the U.S. as Arpanet, a network linking leading academic centers’, public and private, neural networks.

Berners-Lee in his dialogues speaks of the Internet as linking minds.

The Internet and its domain, URL, structure, of today was a person-purposed architecture. If the need is for machine to machine, which is what the IoT is predominately, we may be reaching the round peg square hole threshold.

At this point we need to determine what M2M should have as a global network architecture, what standards and the best transition plan from today. Clearly the security issue needs to be fundamentally addressed in way that a mass sustaining market is possible; new M2M standards need to be developed incorporating the mobile cloud computing evolution, if the current industry enthusiasm for numerous new industry forums is an indication.

The likely next step for the IoT hype is a rapid maturation to the global IP networks of tomorrow which very likely will be more heterogeneous rather than homogeneous and with centricities separating Man and Machine for the foreseeable future.