Entries in IoT (3)

Friday
Sep112015

FBI and the DHS (Finally) Weigh in on IoT

It's been a long time coming, IMO, but the NCCIC Computer Emergency Readiness Team has released a note "…capturing the urgency of an IC3 alert on Internet of Things devices…" 

An excerpt:

What are the IoT Risks?
Deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness, provide cyber actors with opportunities to exploit these devices. Criminals can use these opportunities to remotely facilitate attacks on other systems, send malicious and spam e-mails, steal personal information, or interfere with physical safety. The main IoT risks include:
  • An exploitation of the Universal Plug and Play protocol (UPnP) to gain access to many IoT devices. The UPnP describes the process when a device remotely connects and communicates on a network automatically without authentication. UPnP is designed to self-configure when attached to an IP address, making it vulnerable to exploitation. Cyber actors can change the configuration, and run commands on the devices, potentially enabling the devices to harvest sensitive information or conduct attacks against homes and businesses, or engage in digital eavesdropping; 
  • An exploitation of default passwords to send malicious and spam e-mails, or steal personally identifiable or credit card information; 
  • Compromising the IoT device to cause physical harm; 
  • Overloading the devices to render the device inoperable; 
  • Interfering with business transactions.

For anyone involved in this arena, this rates a round of polite applause, but also feels (to me) to be far too little, far too light and far too late.  The recommendations included in the document are sensible, practical and fall woefully short of providing guidance to the nature of IoT devices that are managed and administered remotely.   

Thanks to Bob Gourley, who blogged on this in: Time To Spread The Word on Internet of Things Dangers: Read what FBI and DHS Cyber Centers Need Us All To Know - CTOvision.com:

Sunday
Sep062015

Avoiding an Internet for (Useless) Things

When I hear about or read about the Internet of Things, I am both intrigued and appalled at the general lack of attention to the Industrial Internet, and an incredible number of what I consider an Internet of Consumer Things … or better put, an Internet for Consumer Things.  For that reason, I resonate completely with Allison Arieff in her NYT Sunday Review Op-Ed entitled: The Internet of Way Too Many Things

Arieff points out the distinctions between the Smart Home and the Smart City initiatives that rely on information and communication technology (ICT) to enhance quality and performance of urban services, to reduce costs and resource consumption and generally to engage more effectively with citizenry and businesses

The move toward the Smart City — programs ranging from 311 to Comstat and sensor-enabled trash collection — is very much about using data to improve efficiency, reduce costs and make better use of resources. This has not carried over to the realm of the Smart Home; instead, the tendency has been to throw excess technological capability at every possible gadget without giving any thought to whether it’s really necessary.

After taking the Smart Home and the Internet of Consumer Things to task, her assessment comes down to this:

The Internet of Things is pitched as good for the consumer. But is it? At this point, it seems exceptionally awesome for those companies working on products for it. The benefit to the average homeowner pales dramatically in relation to the benefit for the companies poised to accumulate infinite amounts of actionable data. You and I benefit by determining whether our dog got enough exercise last Wednesday. Is that a fair tradeoff? Doesn’t feel like it

Agreed.  My advice is, first, that we stop calling this part of the industry the 'Internet of Things' and identify it for what it really is … and Internet for Consumer Things.  But more to the point, the ICT industry's attention should take seriously a charter of Smart Cities, Intelligent Infrastructure, and a true Industrial Internet

Sunday
Nov032013

A Decision Tier for Data Capture Networks

I'm a big fan of Adron Hall and understand the nature of this piece. But, I respectfully disagree, at least to the initial premise.

So I’ve been in more than a few conversations about data structures, various academic conversations and other notions about where and how data should be stored. I’ve been on projects and managed projects that involve teams of people determining how to manage data so that other people can just not manage data. They want to focus on business use and not the data mechanisms underneath. The root of everything around databases really boils down to a single thing – how can we store X and retrieve X – nobody actually trying to get business done or change the world is going to dig into the data storage mechanisms if they don’t have to. To summarize,

nobody actually gives a shit…

At least nobody does until the database breaks, or somebody has to be hired to manage or tune queries or something or some other problem comes up.

The point at which I take exception is when considering data collection and distributed data processing in conjunction with the Internet of Things (IoT) and, particularly, Industrial Internet.  Frankly, I have not yet encountered any group (commercial, open source, ...) to whom I can attribute a complete grasp of the IoT topologies required for efficient (intelligent) data acquisition and its retrieval or analysis.

That said, I fully agree that, once understood, the questions of where best to place data and the rise of the Intelligent Data System is our objective.

What would happen if the systems storing the data knew where to put things? What would be the case for providing an intelligent indexing policy or architecture at the schema design decision layer, the area where a person usually must intervene? Could it be done?

A decision tier that scans and makes decisions on the data to revamp the way it is stored against a key value, geo, time series or other method. Could it be done in real time? Would it have to go through some type of processing system? The options around implementing something like this are numerous, but this just leaves a lot of space for providing value add around the data to reduce the complexity of this decision making.

Thanks, Adron, for mooting the notion of a 'decision tier'.  I'm planning on using this mercilessly in my contemplations of Data Capture Networks (DCNs) for Industrial Internet.