As IoT grows, how should networks be configured to optimize security and functionality? The answer depends on what values your company has.
Whether it’s the Internet of Things (IoT), Internet of Everything (IoE) or the ethics of AI (Artificial Intelligence) that ultimately leads to homicidal attacks on employees by the canteen toaster, one thing is certain, it’s totally unclear how we are supposed to manage connected devices on a network.
Should we consider security, practicality, remote access or any of a myriad of other elements? The answer is, of course, consider as much as possible. As more devices connect to the Internet, if we believe Cisco, global data storage will be in terms of zettabytes (for the curious, that’s 36,000 years of HD-TV, or what it feels like after a few hours of non-biased political coverage on Fox News). I’m looking forward to a time where Big Data becomes Colossal Data and encourages everyone to share all information with their government overlords and digital marketers. It will keep them busy developing algorithms to distinguish my interactions from conversations between my microwave and washing machine.
Conspiracy theories aside, what is driving IoT growth? How should networks be configured to optimize security and functionality?
“Today’s changes are technology driven and it is the impact of these that will define the role of the IoT in every sector, use case and application - including those in commercial buildings, manufacturing and the industrial environment. There is a solid foundational basis for today’s advance and the seemingly unstoppable growth in the IoT and it is all associated with technology enablers,” said Alan Woolhouse, Chair of the Weightless SIG Marketing Working Group, a global open standards body for LPWAN technology.
Virtually all the high growth that is happening, and forecasted to happen over the next decade and longer, will be derived from distributed and wide area networks, he added.
The Network of Things?
We’re all familiar with the concept of a simple network, with workstations, routers, firewalls, network printers and other devices, all with an assigned IP address and each considered a network node. Add IoT into the mix and each sensor or connected device is a node, also with an IP address, making the IPv6 migration essential, as IPv4 cannot assign enough IP addresses to handle rising demand.
As Woolhouse pointed out, each connected node has considerations including, but not limited to:
Connectivity And Bandwidth
“Most nodes in a system will either not be capable of being connected via a physical link, like an Ethernet cable or fibre, or it will not be commercially feasible. That means wireless and that means a very, very significant ramp in capacity - in a finite amount of radio spectrum that is already stretched. It means battery power because in many cases mains electricity is as difficult or expensive to hook up as an Ethernet cable,” said Woolhouse.
Each node and each connection is a potential conduit for a hacker to gain access to what will often be critical command and control infrastructure.
Range and Signal Propagation
The data being collected will invariably be far away from where it is being processed.
In some use cases, one hundred end devices that cost $100 each and $1 per year to maintain might be acceptable. However, 100 thousand devices typically will not be. With this many devices, the value of the data will not be sufficient to justify the investment in capturing and processing it.
Integration Or Segregation Of IoT?
Should IoT be integrated or separated from networks that are needed to reach business goals? It’s yet another “how long is a piece of string?” brainteaser. Every use case and scenario is different.
As Woolhouse pointed out, “One of the most significant obstacles preventing data capture across an IoT network is the lack of contextualization that a well-designed Big Data system can support. That makes decision making far less intelligent.”
Using a simple example, he demonstrated that depending on requirements, both are possible for the same use case.
“If we have sensor data that indicated that a farmer’s field is dry then we might reasonably want to use this to determine the state of an irrigation system. In this case, we would certainly conclude that the field needs more water and so cause an actuator to turn on. If on the other hand we could aggregate data not only from soil moisture sensors but also from an online metrological forecasting service then we can nuance that actuation decision with a second set of, very different, data. If the soil is dry but rain is expected then the decision might be to not actuate an irrigation system,” said Woolhouse.
Sounds easy enough, but Woolhouse confirmed there is a major challenge involved, as with all evolving tech.
Historically, such data sets have never been combined in any type of automated system. The formatting and architecture to permit the de-siloing of disparate data sets is all new and difficult. From this standpoint, we can unequivocally conclude that we must design systems that integrate data from different origins to enable the evolution of far greater intelligence.
“But the Internet and the Internet of Things are very different animals. There must be an interface over which data can be allowed to flow in a controlled way in both directions but one will never be the same as the other. The Internet is for humans, not machines. Machines simply do not behave in a way that people do - in the main they are far less demanding,” observed Woolhouse.
While IoT may be less demanding than employees, security is an essential part of any discussion on IoT. Managing this security does not come without issues, but defaulting to Vulcan logic can help a lot.
“It is, of course, critical that data on which decisions are made or the decisions themselves are both managed securely. This applies to both machine and human interaction over a connection to a network whether we are purchasing something on eBay or controlling traffic lights in a city,” said Woolhouse.
Identifying the risks and reducing the potential for breaches is a crucial part of the process.
“The critical factor in preventing security breaches is to protect the entry points to a network, which could be at the node itself, or the over-the-air connection from the node to the gateway, from the backhaul between the gateways and the central system servers, or via another access point in the back end of the system servers. The question is not which is better but rather how best can we ensure that these potential entry points are protected,” said Woolhouse.
Those of us that refrain from connecting too many IoT-enabled devices may well be misguided, as Woolhouse believes that most are transmitting data of little or no benefit to hackers and are therefore less risky than earlier perceived.
“The commercial value of individual data packets transmitted in a traffic congestion monitoring system, for example, will be near zero. The ease with which mischievous intervention at the node level can be defeated will make this an extremely unlikely target. For sensors reporting data with a higher value - to continue our automotive theme, consider a parking, billing or enforcement use case - the incentive for unauthorized intervention is higher. A parking system might use a similar type of sensor and measure the same type of data - vehicle presence in the time and space domain - but the data has a value that will tend to make attack more probable,” said Woolhouse.
Luckily, most commercially available network and end device technology for the transmission of sensitive data is subject to the same broad levels of security as a modern, digital cellular connection, added Woolhouse.
As device vulnerabilities are identified, a patch or firmware upgrade is released. How these are rolled out is another consideration.
“The number of end devices in a distributed network that must be capable of receiving a firmware upgrade is typically large and it is commercially unfeasible to upgrade every node with a physical visit - typically referred to as ‘truck roll’. A man with a laptop and a ladder is fine for 100 devices updated once per year. It is not fine for 1 million devices updated every month,” said Woolhouse.
This means that network technologies must support firmware over the air (FOTA), which in turn requires a realistic downlink and an effective broadcast or multicast capability. LoRaWAN (spread spectrum) and Sigfox (UNB) are two LPWAN technologies that cannot support FOTA. Weightless-P (narrowband) technology can support FOTA.
What does the future hold for IoT?
Few can deny the changes that the IoT has made in our homes, offices, cars and practically every location you can think. We’re connected, and there is no going back.
“It is easy to see how we can easily get to ten times the number of cellphones currently in use around the world - currently standing at approximately one per person…Remember too that 99% of the things that can be connected are not. We are not at the end of the journey, nor even the end of the beginning. We have not left the beginning of the beginning,” said Woolhouse.
Woolhouse believes that two technologies will prevail in the long term, both narrowband.
“We think public networks based on NB-IoT and its subsequent derivatives will dominate with private networks based on open standard narrowband technology in unlicensed spectrum in support. Think of this like tomorrow’s version of 4G + Wi-Fi,” said Woolhouse.
His final recommendation is that operators and developers design robust security regimes with appropriate levels of authentication. These security methods need to ensure that both the sensor and the network only communicate with known devices, and encryption must be strong enough to prevent unauthorized eavesdropping. “Perhaps all ‘eavesdropping’ is unauthorized. It wouldn’t be called eavesdropping if it wasn’t,” quipped Woolhouse.
In conclusion, take the approach you need to when adding IoT to your business. Consider the implications of manual firmware upgrades, devices without FOTA, and the risk potential for each device if not protected in an effective manner. If connectivity and remote access is important to you, integrate them into your network. If you have doubts, (the potential for a hacker to send a malicious firmware upgrade, for example) then keep them outside your primary network, using different routers, VLANs or whatever method appeals to you most. IoT is nothing if not versatile, so the choice is yours.