The Internet of Very Scary Things
Internet of things likely to include frightening things...
WE’VE suggested before in SEN that the internet of things is really the internet of our things – security, safety and automation solutions, with a frill of glitzy sub systems to thrill punters. But is this true, or is there an internet of everything just beyond immediate perception?
A STRONG case could be made that the latter is correct. That expanding connectivity and the advent of 5G will drive a new generation of devices allowing the monitoring of any connected thing via cloud, with none of the limitations we currently face.
But there’s much to be done before such solutions become prevalent. When you open your mind to IoT, you realise the monster has so many moving and proprietary parts, so many interest groups – not only in hardware but in operating software and firmware, too – that consensus is practically impossible. In some ways internet of things creates as many issues as it resolves, and these issues must be addressed if widespread IoT is to be realised.
The first of these issues is concerns over privacy. The notion that anything can be tracked is disconcerting for the public, as well as for many people in the security industry. Privacy issues also mean there are fears around use of some of the electronic security industry’s most capable future technologies, such as analytics-enabled CCTV cameras and microphones.
Concerns in the community are larger than that of hacking. There’s a distinct lack of trust based on the technological and moral failings of corporations and government entities and these make users reticent to fully embrace IoT and the cloud backend that must inevitably support it. Businesses are reluctant to use data centres that are out of country.
The answer is more than industry-wide privacy laws and protocols – it’s global privacy laws and protocols. Yet the chances this will happen are remote. Think about network standards, comms standards, authentication standards, sensing standards, data storage and handling standards, encryption standards and all the rest. How is such a vast global undertaking to be materially managed, let alone agreed on across industries and borders?
Along with privacy fears are security fears fuelled by past hacking of cameras, NVRs, baby monitors, video doorbells, smart devices, smart switches, plant equipment, defence servers, defence networks, power grids, aircraft and all the rest. It’s understandable such concerns exist. Cyber security experts are quick to point out that the battle against cyber-crime will be never-ending.
Making things harder is that there’s no consensus among IoT manufacturers over what communications security even constitutes most makers are focused on the next consumer hook. There are plenty of low-end products in the IoT space that comprise controllers of doubtful design, sensors of dubious quality and apps of questionable security. There’s also no uniformity in terms of M2M protocols and no security standard for these protocols. Nor is there any minimum level of authentication for IoT controllers – some use a PIN, others have multi-layer authentication.
The mess spills into the professional IoT sphere, where actioning of IoT events has none of the standards-based procedures found with monitored alarm systems – even if these are simply logging and recording of events. Let’s not forget artificial intelligence, which is certain to become hugely powerful in the future and unlikely to be managed with integrity by those in a position to take advantage. Another potential horror is open-source analytics. It’s hard to know which of these 2 is potentially worse.
At the heart of the splintered nature of IoT is comms – systems use diverse communication channels, usually in a server/client structure, to authenticate and link IoT networks. But carried into the future, this structure is going to pose serious problems at chokepoints struggling to deal with vast numbers of devices communicating simultaneously. Those chokepoints are going to be overloaded cloud servers the failure of which will bring down entire networks.
Building high performance decentralised networks will be challenging and expensive. It’s more likely we’ll see a hybrid fog model with IoT hubs providing distributed intelligence, allowing cloud servers to gather data and handle analysis.
For the electronic security industry, the stakes are higher than most but unlike other industries, we do have more or less standards, as well as organisations which for decades have worked painstakingly towards a sort of technological consensus. This confers an advantage but offers a lesson. ONVIF has battled for more than a decade to bring the video surveillance and access control industries closer together. It’s going to take longer with IoT…