The Argument for IoT Security Regulation in Today’s At-Risk World

Posted on February 22nd, 2017

Image: Grant Gross

In a recent hearing of two United States House subcommittees, veteran cybersecurity expert and Harvard lecturer Bruce Schneier made the claim that the U.S. government must pass overarching regulations mandating internet of things (IoT) security measures before device vulnerabilities start killing people. The hearing was held in large part due to recent cyber security attacks such as the Dyn DDoS attack in October of 2016.

While that statement is sure to invoke a reaction, the reality of the open standards vs regulation is a bit more complex. While regular readers of this blog know where we stand as outlined in our Principles, we would be remiss to not look at all sides, knowing that the true “answer” is likely somewhere in the middle.

Schneier’s point revolves around the fact that sellers and customers of IoT devices have little reason to fix the security issues within them without a push from the government.

An article from Computerworld covering the hearing condensed Schneier’s point as, “Many IoT devices are low-profit products with little security built in, no easy avenue to patch vulnerabilities, and no way for customers to know their devices are compromised, he and other experts said. And while users replace smartphones every 18 months, a compromised DVR may be used for five years, a car for 10, and a thermostat may be replaced approximately never. This leads to a market failure where regulation is needed.”

While the Republican majority Congress is not keen on regulation, it isn’t completely against some of Schneier’s points. They are however, cautious to avoid creating these regulations as a  “knee-jerk reaction” to recent attacks, said Representative Greg Walden, an Oregon Republican. “The United States cannot regulate the world.” Many IoT devices are manufactured overseas, Walden noted, and U.S. regulations can’t mandate their security measures.

In addition, the committee argued, regulations have a way of stifling innovation – something we tend to agree with. Particularly as the IoT market grows, loss of innovation at any level could strangle progress. However, witnesses at the hearing pressed the U.S. government to find a common ground on regulations that the industry can adopt without suffering too much loss on innovation.

According to Kevin Fu, CEO of Virta Labs and a computer science professor at the University of Michigan, “IoT security remains ‘woefully inadequate’ even as security experts saw the problems coming. We are in this sorry and deteriorating state because there’s almost no cost for a manufacturer to deploy products with poor cybersecurity.”

This argument further demonstrates the need for research, work and effort into the open standards argument. While the side we fall on is clear, we also want to acknowledge and discuss arguments from all sides of this complex and vitally important issue.

Late in 2016, U.S. National Institute of Standards and Technology released updated guidance on securing IoT.

If you’re curious to learn more about our perspective on open standards, check out our infographics. If you stand in support of open standards development, please, consider signing your name in support of our principals.

 

Posted in News

Federal Networks Benefit from Open Standards

Posted on February 15th, 2017

Image: Fedscoop

Consolidation has been a hot topic in government conversations of late. As more and more Internet-based activities move toward being cloud-based, the acceptance of open standards within the government has become a necessity. A recent article by Tim Solms on Fedscoop outlined how and why the move to open standards is a move towards securing the future of federal networks.

The key word to focus on in the cause of this migration to open standards is consolidation. Whereas in the past the connotation of that word alluded to a physical connection, today it means something more abstract. Consolidation is the convergence of networks while also bringing together disparate technologies. The government is looking for better ways to create an efficient and cost-effective network. Ensuring that technological infrastructure works together throughout all branches and agencies is a vital component in achieving that goal.

As you can imagine, there are very real security risks involved here. The article points out that “it can be extremely challenging for network administrators to converge and combine closed, proprietary software solutions that are inherently incompatible. This incompatibility can create significant security holes while undermining goals for a more streamlined network.”

Outdated legacy software that was built on proprietary standards is still prevalent in today’s federal agencies. That outdated technology can mean major security risks, particularly given the increased sophistication of cybercriminals. However, software built using an open standard development community, “coupled with the expertise of companies who specialize in open software to provide timely support and guarantee the quality, allows users to have the latest updates and patches that can immediately and easily be installed.” In other words, the cost is too high not to move to open standards.

As those familiar with our OpenStand Principles know, our belief in Collective Empowerment is a building block to innovation. By nature, software built on open standards is more compatible and transparent. Creating usable, functional and flexible networks across federal agencies allows users to securely share and access information, something the federal government cannot do without in today’s information age.

To read more on the open data in government debate, check out our post Open Data for Groups, Governments, and Communities Around the World, Brought to You by Open Standards or become an advocate by signing our petition for open standards.

 

Posted in News

How Open Standards are Shaping the Disruptive Technology 3D Printing

Posted on February 8th, 2017

Image: RomboStudio

As we can see from Damian Hennessey’s article on the implications of 3D printing on the IoT, there is no question that 3D printing is a significant part of our technology upgrades in the past decade. We have seen particular improvements when using this technology in automotive, healthcare and electronics industries and we know that this movement will only continue to grow. In and of itself, this 3D printing is exciting and the possibilities are endless. But, as the Internet of things (IoT) grows alongside it, the impact the IoT can have on 3D printing can make it even more advantageous for businesses going forward.  

And this isn’t just a theory. Manufacturers using IoT solutions saw an average of 29% increase in revenue between 2013 and 2014 according to a TATA Consultancy Survey. Combining 3D printing and the IoT can make business production processes more effective and efficient.

By connecting big data analytics to 3D printing through embedded sensors, the IoT can help to ensure quality control. As the article from IT Pro Portal outlined:

“The IoT involves a constantly-growing number of sensors and devices gathering every possible bit of data about human behaviour and interaction, and allowing businesses to gather information about how their products behave, and use it to understand and predict future behaviours.

By placing sensors to collect and analyse manufacturing information to detect production problems in real time, the technology can identify factors such as temperature and structural integrity that help improve the quality of output coming from the manufacturing floor. This is something that is already being applied by companies such as GE Aviation in the aerospace industry.”

Given the potential of both IoT and 3D printing, and the ways it can disrupt and improve current practices, open standards are imperative. As regular readers of our blog know, the OpenStand principles can guide 3D printing and the IoT for the betterment of businesses across multiple industries. This technology is being used across the globe and open standards will only make it function in a more efficient and effective way. This marketplace demands innovation and offers a great opportunity to merge with other devices and processes to bring together a new digital world for the future. Even more specifically, open standards and IoT solutions are in a great position to merge with the new digital manufacturing processes, to help bring together the new “digital enterprise.”

Join us in supporting the OpenStand Principles by signing the petition to Stand With Us, and be sure to let us know in the comments ways that you have seen open standards impact manufacturing industries.

Posted in News

Why the Future of Your Security Depends on Open Standards

Posted on February 1st, 2017

Image: elenabsl

According to Cisco, the number of connected devices worldwide will rise from 15 billion today to 50 billion by 2020. If that’s not convincing enough, due to growth of devices, solutions and IT services, global spending on Internet of Things (IoT) devices and services is estimated to grow to $1.7 trillion in 2020. The bottom line is that IoT devices are more than just a hot topic, they are here and will only continue to grow in prevalence and technology.

With that growth, come new concerns and potential issues. As we’ve discussed previously, chief among those issues is security. Security is both the key to the success, or failure, of the interconnectedness of IoT. And the key to a successful and secure system is open standards. Allowing public inspection of code and contribution of patches are the best way to ensure the triumph of IoT devices.

How big of an issue is security in regards to IoT devices? Well, one real-life example is when a connected car was hacked in mid-2015, just over a year ago. From the steering to the brakes and the engine, the hackers were in charge of everything about the car, including the passengers inside. Finding ways to keep connected devices safe from these types of incidents is a top priority for those working in the field.

A recent article outlining the security issues present with IoT devices points out the incredible need for open standards in security. It states, “With everything becoming connected through IoT, security will be key for IoT to be successful in the long term. IoT will continue to require better security solutions than what is currently available. The best way to secure a system is to allow anybody to inspect the code and contribute a patch. Closed source is just hiding potential issues, not making solutions more secure. Through open source more eyes can look at the code and solve any security issues.”

Through allowing open standards and open sourcing, the industry can accelerate the discovery process for the technology, create more ways to control cost, and find more ways to sell IoT devices globally.

In an earlier post on this blog, we discussed how open standards and open sourcing work together in telecomm. Security needs are another area where the two can come together to improve product interconnectivity. By working to ensure the cooperation and collective empowerment of IoT devices, they will work better, be more accessible and, perhaps most importantly, be safer. Do these benefits sound familiar? You may have read a version of them before in our Open Standards Principles.

If you are interested advocating for the OpenStand principles, sign your name as a supporter You may also consider displaying a site badge or infographic on your website.

Posted in News

How Developers Can Get the Most Out of IoT Standards and Tools

Posted on January 25th, 2017

Image: Shutterstock

The Open Mobile Alliance (OMA) recently held their IOT Developer seminar/webinar “How Developers Can Get the Most Out of IoT Standards and Tools.”  This developer-focused event gave an overarching view of the industry standards and tools that are fostering interoperability and market growth in the Internet of Things (IoT). Presented in conjunction with the IoT Singapore group, #IOTSG, the seminar featured both international and local presenters offering their insights for active IoT developers. Highlights from the seminar included:

  • A presentationby Amit Shah, Head of R&D, IOT Business Unit, Nokia covering the Importance of Use of Standards and Protocol Validation Services. This talked focused on ways to bridge the gap between standards and developers in the IoT space. He focused on the importance of interconnectivity, the growing opportunity for IoT, and the very real obstacles IoT faces. He then delved into ways to solve and overcome those obstacles starting with bridging the developer standards gap through certification programs.
  • Also of note was the presentation by Nicolas Damour, Senior Manager, Business and Innovation, Sierra Wireless, Combining LightweightM2M and oneM2M for Developers. This talk was from a developer’s perspective. He laid out the claim that LightweightM2M is a good first step for IoT standards and that oneM2M is a natural extension of LightweightM2M. He then went on to outline the reasons a combination would work from full data semantics to advanced security.

The event, moderated by C K Vishwakarma, Founder of IOTSG, brought together many interesting ideas, concepts and real world solutions. For more information on ways that IoT is engaging various industries across the globe, see all of the presentation slide decks here.

If you are interested in learning more about how the OpenStand Principles can support mobile development, check out our conference recap on telecommunications technology and our article on the rise of proprietary mobile apps and how that could threaten our progress.

Join us in working to make the web a better place; become an OpenStand advocate! You can:

Posted in News

Open Standards and Open Source in Telecom

Posted on January 18th, 2017

Image: vs148

“Open standards” and “open source” are two terms that can often be confused. While regular readers of this blog are likely able to differentiate, for clarification’s sake, open source is the term used for software when the original source code is freely available and can also be redistributed and modified. But it doesn’t just reference access to the source code – distribution terms of open source software must comply with its own set of criteria.

When telecommunications was in its infancy, standards were needed and established before any technology was released. As the development of new networks and technology grows, it will mean prototypes in open source, collaborative projects, which are challenges that we’ve discussed in a previous blog post. The development of new internet-enabled mobile devices and internet service providers have brought telecommunications to the forefront, as well as trends towards cooperation between the Open Standards and Open Source communities, as previously highlighted in our blog about the need for collaboration in mobile security.

As Dave Ward, an OpenStand Advocate at CISCO, pointed out, “new Open Source Consortiums (OSS) are being started daily to expedite innovation, it’s important to acknowledge that the cycle time of an OSS and a Standards Development Organization (SDO) are fundamentally different.” But they can work to compliment each other.

Standards bodies must exist to continue internet innovation and functionality. As pointed out in a recent article from Pipeline, SDOs benefit the mobile value chain in different ways. For example, SDOs:

  • Help the industry prevent overlap and fragmentation of work by including players from across the mobile value chain, allowing insight into the entire system architecture.  Without this, pieces of solutions coming from multiple vendors are unlikely to work together.  
  • Evolve historical standards such as MMS or Device Management as networks shift to preserve interoperability and backward compatibility.  
  • Provide a legal and business framework that ensures fair practices in licensing, participation rights, publication processes and conflict resolution.

In order to build and maintain successful innovations like 5G networks and IoT devices, a collaborative network must exist between SDOs and OSS. SDOs can assist with architecture, quality and interoperability of Open Source projects, as well as enhance the overall vitality of the mobile value chain.

Belief in the necessity of standards organizations like OpenStand means a lot to those working daily to raise awareness about the need for open standards. You can advocate for open standards, as well, by joining our growing community of OpenStand Advocates.

 

Posted in News

Open Standards Make Smart Homes Smarter

Posted on January 11th, 2017

Image: Serghei Starus

Author Phil Keys pointed out a recent  Forbes article entitled “Who Will Win the Broken Connected Home Market?” that today’s Internet-of-Things (IoT) related smart homes often fail to realize their promises. According to Keys:

“While most smart home devices are connected to the Internet many of these devices can’t communicate or work with each other. This is partly due to the fact that most of the current crop of connected home devices perform a single function. For companies fighting for market share, there is little incentive for the manufacturers to play nice with each other.”

What results is less smart homes – and more like homes full of smart devices that either don’t connect to each other or don’t work properly together. As Keys points out, this problem is compounded by the fact that the lifespan of smart home products can be unpredictable (as technology continues to evolve), plus we are seeing rapid churn in the market.  

“The lack of interoperability means that if you buy a connected device and the manufacturer later decides to discontinue the cloud service needed to support your device, you are left with an expensive useless object. With no other company supporting the device, you also have no recourse.”  

Keys cited examples of products, such as, the Aether Cone streaming music device, the Revolv home automation hub and the VueZone wireless. To combat this reality, Keys highlighted how telcos like AT&T are cobbling together their own smart home solutions and leasing them to consumers under the guise of “turnkey” solutions.  

As we have discussed in a previous article, the lack of interoperability and compatibility between IoT related devices is compounded by the sheer proliferation of proprietary technology dominating the market today. This is in part unavoidable, in a highly competitive and rapidly expanding marketplace where, as Keys notes, the drive to capture market share continues to drive a “first-to-market” proprietary development.  

To address the broader need, an array of industry consortiums, including the AllSeen Alliance and the Open Connectivity Foundation (OCF) are attempting to rally the industry to collaboratively develop and use broader specifications that will help realize the promises of IoT.    More recently, the Alphabet / Google Thread platform, which began as an open developer sandbox, spun out into an industry consortium. Not only has Thread become a consortium, Keys highlights that it is now a member participant in the OCF Alliance.

Without question, the collaborative progress that is being driven by industry consortia is a step in the right direction. However, Keys notes, the ideal solution to the plague of smart home devices would be “an open and globally adopted interoperability standard for connected devices.” However, this is easier said than done.

Without question, a suite of formal standards that ensure interoperability, security, privacy, safety on a global scale, for IoT and smart homes is highly desirable. However, as the market attempts to balance proprietary development against broader development collaboration, it will take awhile for truly open, IoT Standards to emerge. It will take even longer for a competitive shakeout to occur between competing standards in the IoT space.  

The development of open standards, which adhere to the OpenStand Principles, can help ensure the development of the highest quality, market-driven standards, by the broadest possible audience to drive success of the IoT and “smarter everything.”  However, the OpenStand Principles don’t just apply to standards development.

Applying the OpenStand Principles earlier in the technology development process for new IoT and smart home technical specifications can be highly beneficial. By applying the principles of openness, broad consensus, transparency, availability and market-driven adoption, consortia have a better ability to develop inclusive technology that adheres more strongly adhere to the principles that brought us some of the best technological innovations of our time, including the free and open Internet. With truly open specifications in place, the pathway to standardization may also become a more smooth one.  

If you are interested in this topic, see also: How we can’t build the IoT without open standards.

To become an OpenStand advocate please review the OpenStand Principles and sign your name as a supporter.  

Posted in News

Open Standards: Touching Every Part of Life

Posted on January 4th, 2017

Image: Christian Mueller

A recent report from the Alliance for Internet of Things Innovation (AIOTI), presents the global dynamics and landscapes of IoT Standards Developing Organization (SDO), Alliance and Open Source Software (OSS) initiatives and how those can be used. One of the challenges that are associated to LSPs (Large Scale Pilots) addressed in the report is the large number of competing technology standards which are projected in both horizontal and vertical directions.

According to the report, “The vertical direction implies that the standards and protocols are developed for the support of applications/services that are belonging to a particular application domain, i.e., a single vertical industry, such as home automation, smart mobility and wearable medical devices, etc. The horizontal direction implies that the standards and protocols are not targeting a specific vertical industry, but aim at providing general standard, protocols and solutions for as many vertical industry types as possible with the implication of developing limited adaptations to the applications that they need to support.”

So, what does that mean for us? Simply put, in this era of convergence, standards have grown in their complexity and diversity, touching many different industries. Because each vertical carries unique protocols and considerations, it may be necessary to establish new Open Standards which serve as overarching standards across industries, while more specific standards govern each vertical. 

The verticals outlined in the report paint a vast and far reaching landscape of consideration and standardization.  They include, but are not limited to home/building, manufacturing/industry automation, vehicular/transport, healthcare, energy, cities, wearables and agribusiness.  Telecommunications, for example, is an area of open standards which cross all of these verticals.  

While the open standards movement has grown increasingly more global in nature, it is also important to consider the ways in which these standards touch our daily lives, and how this may impact the need for standards.

For example, in vehicular/transport, it is now possible to access real time traffic information and road data through mobile and vehicle-based technology.  We can also find available parking through sensors and mobile apps to prevent endless driving looking for a spot. Soon, the data of where people travel, how frequently and where the highest potential for accidents occurs will inform infrastructure decisions.

Further, wearables is an area that has seen extremely dynamic growth in the last few years.  Consumer-based wearables can monitor heart rates, caloric burn and other valuable health data.  Medical wearables can monitor glucose for diabetics that are connected to apps on their smartphones, allowing immediate access to that data. Doctors are now beginning to access and track this data to provide more proactive patient care.

The way we build our homes is also being impacted by the internet and open standards. We can already use apps on our smartphones to monitor our home’s security, heating and cooling, and lighting. We can monitor or our pets or children left at home to make sure they are safe. These applications are only getting stronger. Soon, our homes will proactively know when to turn on the heat, shut down appliances automatically if they sense fire or danger, and send notifications to your phone and emergency services, if necessary.

But the impact goes further than this.  Even the food we buy will soon be impacted by open standards. We’re using applications today to track the calories and nutritional value of our food. Technology currently exists to combine real-time data from soil, such as moisture levels, pesticide levels and weather forecasts, to spot any crop issues and allow farmers to better monitor farms and resources.

When we leverage open standards to extract data from existing silos and allow it to be be shared across verticals, the true value of the internet and the Internet of Things begins to emerge. We are already taking advantage of open standards in many ways. The value they provide to humanity will only continue to grow with your support. Please Sign your name and stand with us if you hold to our OpenStand Principles.

Posted in News
Next »