FTC report provides good checklist to design in IoT security and privacy

FTC report on IoT

FTC report on IoT

SEC Chair Edith Ramirez has been pretty clear that the FTC plans to look closely at the IoT and takes IoT security and privacy seriously: most famously by fining IoT marketer TrendNet for non-existent security with its nanny cam.

Companies that want to avoid such actions — and avoid undermining fragile public trust in their products and the IoT as a whole — would do well to clip and refer to this checklist that I’ve prepared based on the recent FTC Report, Privacy and Security in a Connected World, compiled based on a workshop they held in 2013, and highlighting best practices that were shared at the workshop.

  1. Most important, “companies should build security into their devices at the outset, rather than as an afterthought.” I’ve referred before to the bright young things at the Wearables + Things conference who used their startup status as an excuse for deferring security and privacy until a later date. WRONG: both must be a priority from Day One.

  2. Conduct a privacy or security risk assessment during design phase.

  3. Minimize the data you collect and retain.  This is a tough one, because there’s always that chance that some retained data may be mashed up with some other data in future, yielding a dazzling insight that could help company and customer alike, BUT the more data just floating out there in “data lake” the more chance it will be misused.

  4. Test your security measures before launching your products. … then test them again…

  5. “..train all employees about good security, and ensure that security issues are addressed at the appropriate level of responsibility within the organization.” This one is sooo important and so often overlooked: how many times have we found that someone far down the corporate ladder has been at fault in a data breach because s/he wasn’t adequately trained and/or empowered?  Privacy and security are everyone’s job.

  6. “.. retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these service providers.”

  7. ‘… when companies identify significant risks within their systems, they should implement a defense-in -depth approach, in which they consider implementing security measures at several levels.”

  8. “… consider implementing reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or even the consumer’s network.” Don’t forget: with the Target data breach, the bad guys got access to the corporate data through a local HVAC dealer. Everything’s linked — for better or worse!

  9. “.. companies should continue to monitor products throughout the life cycle and, to the extent feasible, patch known vulnerabilities.”  Privacy and security are moving targets, and require constant vigilance.

  10. Avoid enabling unauthorized access and misuse of personal information.

  11. Don’t facilitate attacks on other systems. The very strength of the IoT in creating linkages and synergies between various data sources can also allow backdoor attacks if one source has poor security.

  12. Don’t create risks to personal safety. If you doubt that’s an issue, look at Ed Markey’s recent report on connected car safety.

  13. Avoid creating a situation where companies might use this data to make credit, insurance, and employment decisions.  That’s the downside of cool tools like Progressive’s “Snapshot,” which can save us safe drivers on premiums: the same data on your actual driving behavior might some day be used become compulsory, and might be used to deny you coverage or increase your premium).

  14. Realize that FTC Fair Information Practice Principles will be extended to IoT. These “FIPPs, ” including “notice, choice, access, accuracy, data minimization, security, and accountability,” have been around for a long time, so it’s understandable the FTC will apply them to the IoT.  Most important ones?  Security, data minimization, notice, and choice.

Not all of these issues will apply to all companies, but it’s better to keep all of them in mind, because your situation may change. I hope you’ll share these guidelines with your entire workforce: they’re all part of the solution — or the problem.

comments: Comments Off on FTC report provides good checklist to design in IoT security and privacy tags: , , , ,

The #IoT Can Kill You! Got Your Attention? Car Security a Must

The Internet of Things can kill you.

Got your attention? OK, maybe this is the wake-up call the IoT world needs to make certain that privacy and security are baked in, not just afterthoughts.

Markey_IoT_car_reportI’ve blogged before about how privacy and security must be Job 1, but now it’s in the headlines because of a new report by our Mass. Senator, Ed Markey (Political aside: thanks, Ed, for more than 30 years of leadership — frequently as a voice crying in the wilderness — on the policy implications of telecomm!), “Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk,” about the dangers of not taking the issues seriously when it comes to smart cars.

I first became concerned about this issue when reading “Look Out, He’s Got an Phone,!” (my personal nominee for all-time most wry IoT headline…), a litany of all sorts of horrific things, such as spoofing the low air-pressure light on your car so you’ll pull over and the Bad Guys can get it would stop dead at 70 mph,  that are proven risks of un-encrypted automotive data.  All too typical was the reaction of Schrader Electronics, which makes the tire sensors:

“Schrader Electronics, the biggest T.P.M.S. manufacturer, publicly scoffed at the Rutgers–South Carolina report. Tracking cars by tire, it said, is ‘not only impractical but nearly impossible.’ T.P.M.S. systems, it maintained, are reliable and safe.

“This is the kind of statement that security analysts regard as an invitation. A year after Schrader’s sneering response, researchers from the University of Washington and the University of California–San Diego were able to ‘spoof’ (fake) the signals from a tire-pressure E.C.U. by hacking an adjacent but entirely different system—the OnStar-type network that monitors the T.P.M.S. for roadside assistance. In a scenario from a techno-thriller, the researchers called the cell phone built into the car network with a message supposedly sent from the tires. ‘It told the car that the tires had 10 p.s.i. when they in fact had 30 p.s.i.,’ team co-leader Tadayoshi Kohno told me—a message equivalent to ‘Stop the car immediately.’ He added, ‘In theory, you could reprogram the car while it is parked, then initiate the program with a transmitter by the freeway. The car drives by, you call the transmitter with your smartphone, it sends the initiation code—bang! The car locks up at 70 miles per hour. You’ve crashed their car without touching it.’”

Hubris: it’ll get you every time….

So now Senator Markey lays out the full scope of this issue, and it should scare the daylights out of you — and, hopefully, Detroit! The report is compiled on responses by 16 car companies (BMW, Chrysler, Ford, General Motors, Honda, Hyundai, Jaguar Land Rover, Mazda, Mercedes-Benz, Mitsubishi, Nissan, Porsche, Subaru, Toyota, Volkswagen (with Audi), and Volvo — hmm: one that didn’t respond was Tesla, which I suspect [just a hunch] really has paid attention to this issue because of its techno leadership) to letters Markey sent in late 2013. Here are the damning highlights from his report:

“1. Nearly 100% of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.

2. Most automobile manufacturers were unaware of or unable to report on past hacking incidents.

3. Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across all automobile manufacturers, and many manufacturers did not seem to understand the questions posed by Senator Markey.

4. Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time, and most say they rely on technologies that cannot be used for this purpose at all. (my emphasis)

5. Automobile manufacturers collect large amounts of data on driving history and vehicle performance.

6. A majority of automakers offer technologies that collect and wirelessly transmit driving history data to data centers, including third-party data centers, and most do not describe effective means to secure the data.

7. Manufacturers use personal vehicle data in various ways, often vaguely to “improve the customer experience” and usually involving third parties, and retention policies – how long they store information about drivers – vary considerably among manufacturers.

8. Customers are often not explicitly made aware of data collection and, when they are, they often cannot opt out without disabling valuable features, such as navigation.”

In short, the auto industry collects a lot of information about us, and doesn’t have a clue how to manage or protect it.

I’ve repeatedly warned before that one of the issues technologists don’t really understand and/or scoff at, is public fears about privacy and security. Based on my prior work in crisis management, that can be costly — or fatal.

This report should serve as a bit of electroshock therapy to get them (and here I’m referring not just to auto makers but all IoT technologists: it’s called guilt by association, and most people tend to confabulate fears, not discriminate between them. Unless everyone in IoT takes privacy and security seriously, everyone may suffer the result [see below]) to realize that it’s not OK, as one of the speakers at the Wearables + Things conference said, that “we’ll get to privacy and security later.” It’s got to be a priority from the get-go (more about this in a forthcoming post, where I’ll discuss the recent FTC report on the issue).

I’ve got enough to worry about behind the wheel, since the North American Deer Alliance is out to get me. Don’t make me worry about false tire pressure readings.


PS: there’s another important issue here that may be obscured: the very connectedness that is such an important aspect of the IoT. Remember that the researchers spoofed the T.P.M.S. system not through a frontal assault, but by attacking the roadside assistance system? It’s like the way Target’s computers were hacked via a small company doing HVAC maintenance. Moral of the story? No IoT system is safe unless all the ones linking to it are safe.  For want of a nail … the kingdom was lost!

Resolved: That 2015 Is When Privacy & Security Become #IoT Priority!

I’m a right-brained, intuitive type (ENFP, if you’re keeping Myers-Briggs score…), and sometimes that pays off on issues involving technology & the general public, especially when the decidedly non-technical, primal issue of FEAR comes into the equation.

I used to do a lot of crisis management work with Fortune 100 companies, and usually worked with engineers, 95% of whom are my direct opposite: ISTJ.  Because they are so left-brained, rational and analytical, it used to drive them crazy that the public would be so fearful of various situations, because peoples’ reaction was just so darned irrational!

I’m convinced that same split is a looming, and extremely dangerous problem for the Internet of Things: the brilliant engineers who bring us all these great platforms, devices and apps just can’t believe that people could be fraidy cats.

Let me be blunt about it, IOT colleagues: get used dealing with peoples’ fears. Wise up, because that fear might just screw the IoT before it really gains traction. Just because a reaction is irrational doesn’t mean it isn’t very, very real to those who feel it, and they might just shun your technology and/or demand draconian regulations to enforce privacy and security standards. 

That’s why I was so upset at a remark by some bright young things at the recent Wearables + Things conference. When asked about privacy and security precautions (a VERY big thing with people, since it’s their very personal bodily data that’s at risk) for their gee-whiz device, they blithely said that they were just a start-up, and they’d get to security issues after they had the device technology squared away.

WRONG, KIDS: security and privacy protections have to be a key priority from the get-go.

That’s why I was pleased to see that CES asked FTC Chair Edith Ramirez to give opening remarks at a panel on security last week, and she specifically focused on “privacy by design,” where privacy protections are baked into the product from the get-go. She emphasized that start-ups can’t get off the hook:

“‘Any device that is connected to the Internet is at risk of being hijacked,’ said Ms. Ramirez, who added that the large number of Internet-connected devices would ‘increase the number of access points’ for hackers.

Ms. Ramirez seemed to be directing her remarks at the start-ups that are making most of the products — like fitness trackers and glucose monitors — driving the so-called Internet of Things.

She said that some of these developers, in contrast to traditional hardware and software makers, ‘have not spent decades thinking about how to secure their products and services from hackers.'”

I yield to no one in my love of serendipitous discoveries of data’s value (such as the breakthrough in early diagnosis of infections in neonates by researchers from IBM and Toronto’s Hospital for Sick Children, but I think Ms. Ramirez was on target about IoT developers forcing themselves to emphasize minimization of data collection, especially when it comes to personal data:

“Beyond security, Ms. Ramirez said that technology companies needed to pay more attention to so-called data minimization, in which they collect only the personal data they need for a specific purpose and delete it permanently afterward. She directly challenged the widespread contention in the technology industry that it is necessary to collect large volumes of data because new uses might be uncovered.

‘I question the notion that we must put sensitive consumer data at risk on the off chance a company might someday discover a valuable use for the information,’ she said.

She also said that technology companies should be more transparent about the way they use personal data and should simplify their terms of use.”

Watch for a major IoT privacy pronouncement soon from the FTC.

It’s gratifying that, in addition to the panel Ms. Ramirez introduced, that CES also had an (albeit small…) area for privacy vendors.  As the WaPo reported, part of the reasons for this area is that the devices and apps are aimed at you and me, because “consumers are finding — thanks to the rise in identity theft, hacks and massive data breaches — that companies aren’t always good stewards for their information.” Dealing with privacy breaches is everyone’s business: companies, government, and you and me!

As WaPo reporter   concluded: “The whole point of the privacy area, and of many of the products being shown there, is that technology and privacy don’t have to fight. They can actually help each other. And these exhibitors — the few, the proud, the private — are happy to be here, preaching that message.”

So, let’s all resolve that 2015 when privacy and security become as big an IoT priority as innovation!


Oh, before I forget, its time for my gratuitous reference whenever I discuss IoT privacy and security, to Gen. David Petraeus (yes, the very General “Do As I Say, Not As I Do” Petraeus who faces possible federal felony charges for leaking classified documents to his lover/biographer.), who was quite enamored of the IoT when he directed the CIA. That should give you pause, no matter whether you’re an IoT user, producer, or regulator!

Global Warming: The IoT Can Help Fill Some of the Gap Due to Government Inaction

I won’t dwell on politics here, but  97% of scientists agree that global warming is real, and, according to the latest United National report this month, it is worse than ever (according to the NYTimes,

“The gathering risks of climate change are so profound that they could stall or even reverse generations of progress against poverty and hunger if greenhouse emissions continue at a runaway pace, according to a major new United Nations report.”). (my emphasis)

Thus, it should be noted that the chances of significant government action to curb global warming during the next two years have vanished now that Senator James Inhofe will chair the the Senate Environmental Committee (I won’t repeat any of the clap-trap he has said to deny global warming: look it up…).

While probably not enough to combat such a serious challenge, the Internet of Things will help fill the gap, by helping bring about an era of unprecedented precision in use of energy and materials.

Most important, the IoT is a critical component in “smart grid” electrical strategies, which are critical to reducing CO2 emissions.

According to the Environmental Defense Fund, “Because a smart grid can adjust demand to match intermittent wind and solar supplies, it will enable the United States to rely far more heavily on clean, renewable, home-grown energy: cutting foreign oil imports, mitigating the environmental damage done by domestic oil drilling and coal mining, and reducing harmful air pollution. A smart grid will also facilitate the switch to clean electric vehicles, making it possible to “smart charge” them at night when wind power is abundant and cheap, cutting another huge source of damaging air pollution.”

And then there’s generating electricity from conventional resources: GE, as part of its “industrial internet” IoT strategy, says that it will be able to increase its gas turbines’ operating efficiency (which it says generate 25% of the world’s electricity) by at least 1%.

Equally important, as I’ve written before, “precision manufacturing” through the IoT will also reduce not only use of materials, but also energy consumption in manufacturing.

In other important areas, the IoT can also help reduce global warming:

  • Agriculture: conventional farming is also a major contributor to global warming. “Climate-smart” agriculture, by contrast, reduces the inputs, including energy, needed while maximizing yield (Freight Farms, which converts old intermodal shipping containers into self-contained “Leafy Green Machine” urban farming systems, is a great example!).
  • IoT-based schemes to cut traffic congestion.  As The Motley Fool (BTW, they’re big IoT fans of the IoT as a smart investment opportunity) documents, “1.9 billion gallons of fuel is consumed every year from drivers sitting in traffic. That’s 186 million tons of unnecessary CO2 emissions each year just in the U.S. “

The Motley Fool concludes that, combined, a wide range of IoT initiatives can reduce carbon emissions significantly while increasing the economy’s efficiency:

“A recent report by the Carbon War Room estimates that the incorporation of machine-to-machine communication in the energy, transportation, built environment (its fancy term for buildings), and agriculture sectors could reduce global greenhouse gas emissions by 9.1 gigatons of CO2 equivalent annually. That’s 18.2 trillion pounds, or equivalent to eliminating all of the United States’ and India’s total greenhouse gas emissions combined, and more than triple the reductions we can expect with an extremely ambitious alternative energy conversion program.

“Increased communication between everything — engines, appliances, generators, automobiles — allows for instant feedback for more efficient travel routes, optimized fertilizer and water consumption to reduce deforestation, real-time monitoring of electricity consumption and instant feedback to generators, and fully integrated heating, cooling, and lighting systems that can adjust for human occupancy.”

It always amuses me that self-styled political conservatives are frequently the ones who are least concerned with conserving resources. Perhaps the IoT, by making businesses more efficient, and therefore more profitable, may be able to bring political conservatives into the energy efficiency fold!

comments: Comments Off on Global Warming: The IoT Can Help Fill Some of the Gap Due to Government Inaction tags: , , , , , ,

Live Blogging from IoT Global Summit

I’ll be live-blogging for the next two days from the 2nd Internet of Things Global Summit.

  • Edith Ramirez, FTC chair:
    • potential for astounding benefits to society, transforming every activity
    • risks: very technology that allows this can also gather info for companies and your next employer
    • possible consumer loss of confidence in connected devices if they don’t think privacy w
    • 3 challenges:
      • adverse uses
      • security of the data
      • collection of the data
    • key steps companies should take:
      • security front and center
      • deidentify data
      • transparent policies
    • data will provide “startlingly complete pictures of us” — sensors can already identify our moods, even progression of neurological diseases
    • how will the data be used? will TV habits be shared with potential employers? Will it paint picture of you that others will see, but you won’t
    • will it exacerbate current socio-economic disparities?
    • potential for data breaches such as Target grows as more data is collected
    • FTC found some companies don’t take even most basic protections. Small size and cheap cost of some sensors may inhibit data protections
    • steps:
      • build security in from beginning
      • security risk assessment
      • test security measures before launch
      • implement defense and depth approach
      • encryption, especially for health data.
    • FTC action against TrendNet
    • follow principle of “data minimization,” only what’s needed, and dispose of it afterwards.
  • she’s skeptical of belief that there should be no limits on collection of data (because of possible benefits)
    • de-identified data: need dual approach — commit to not re-identify data
    • clear and simple notice to consumers about possible use of data.
    • Apple touting that it doesn’t sell data from Health App — critical to building consumer trust
    • transparency: major FTC priority. FTC review of mobile apps showed broad and vague standards on data collection & use.
  • Ilkka Lakaniemi, chair, FIWARE Future Internet PPP, EU perspective on IoT:
    • lot easier to start IoT businesses in Silicon Valley because of redundant regulations in EU
    • Open Standard Platform + Sustainable Innovation Ecosystem. “Synergy Platform”
  • Mark Bartolomeo,   vp of integrated solutions, Verizon:
    • Bakken Shale area visit: “landscape of IoT” solutions — pipeline monitoring, water monitoring, etc.
    • concerned about rapid urbanization: 30% of city congestion caused by drivers looking for parking. $120B wasted in time and fuel yearly.
    • cars: “seamless nodes” of system.
    • market drivers & barriers:
      • increased operational efficiency, new revenue streams, better service, comply with regulators, build competitive edge
      • fragmented ecosystem, complex development, significant back end obstacles
    • they want integrated systems.
    • need to remove barriers: aging infrastructure, congestion, public safety, economics
    • remove complexity
    • economies of scale: common services
    • trend to car sharing, smart grid
    • yea: highlighting intellistreets — one of my 1st fav IoT devices!!
    • Verizon working primarily on parking & traffic congestion on the East Coast, and water management in CA.

Smart Cities:

  • Nigel Cameron: nation-state receding, cities and corporations on ascendency
  • Sokwoo Rhee, NIST: Cyber-Physical Systems — emphasis on systems dynamics, data fed back into system, makes it autonomous.  Did Smart America Challenge with White House. Fragmentation on device level. Demonstrate tangible effects through collaborations. Examples: health care systems, transactive energy management, smart emergency response, water distribution, air quality. 24 projects.  Round Two is application of the projects to actual cities. Now 26 teams.
  • Joseph Bradley, VP, IoT Practice, Cisco Consulting: value isn’t in the devices, but the connections. Intersection of people, data, process, and things. Increase City of Nice’s parking revenue 40-60% without raising taxes through smart parking. They project $19 trillion in value over 10 years from combo of public and private innovations. Smart street lighting: reduces crime, property values increase, free wi-fi from the connected street lights. Barcelona is Exhibit A for benefits. Need: comprehensive strategy (privacy is a contextual issue: depends on the benefits you receive), scalability, apps, data analytics, transparency, powerful network foundation, IoT catalyst for breaking down silos, IoT must address people and process.
  • Ron Sege, chair and ceo of Echelon Corp: got started with smart buildings, 25 yrs. old. Why now with IoT: ubiquitous communications, low cost, hyper-competition, cloud. They do outdoor & indoor lighting and building systems. Challenges: move to one infrastructure/multiple use cases, will IT learn about OT & visa-versa?, reliability: critical infrastructure can’t fail & must respond instantly.
  • Christopher Wolf, Future of Privacy Forum: flexible, use-based privacy standards. Industry-wide approach to privacy: auto industry last week told NISTA about uniform privacy standards for connected cars (neat: will have to blog that…).
  • Peter Marx, chief innovation officer, City of LA:  big program to reduce street lights with LEDs: changed whole look of city at night & saves lot of money. 6 rail lines being built there. Adding smart meters for water & power. EV chargers on street lights. Held hackathon for young people to come up with ideas to improve city. Procurement cycles are sooo arcane that he suggests entrepreneurs don’t do business with city — he just tries to enable them.

Outside the City:

  • Darrin Mylet, Adaptrum: Using “TV white space spectrum” in non-urban areas. Spectrum access critical:need mix of spectrum types. Where do we need spectrum? Most need in non-line-of-sight areas such as trees, etc. Examples: not only rural, but also some urban areas (San Jose); Singapore; Africa; redwood forests;
  • Arturo Kuigami, World Bank: examples in developing nations: (he’s from Peru); most of global migration is to smaller cities; look at cities as ecosystems; “maker movement” is important — different business models: they partnered with Intel and MIT on “FabLabs” in Barcelona this year. MoMo — water access point monitoring in Tanzania.  Miroculus: created by a global ad hoc team — cheap way to make cancer diagnosis: have identified 3-4 types of cancers it can diagnose. Spirometer to measure COPD, made by a 15-year old! “IoT can be a global level playing field.”
  • Chris Rezendes, INEX Advisors: Profitable sustainability: by instrumenting the physical world, we can create huge opportunities for a wide range of people outside our companies. Focusing on doing a better job of instrumenting and monitoring our groundwater supplies: very little being done in SW US right now (INEX investing in a startup that is starting this monitoring). If we have better data on groundwater, we can do a better job of managing it. “Embrace complexity upfront” to be successful.
  • Shudong Chen, Chinese Academy of Sciences: talking about the Chinese food security crisis because of milk production without a food production license.  Government launched “Wuxi Food Science & Technology Park.”

Smart Homes:

  • Tobin Richardson, Zigbee Alliance: critical role of open, global standards. Zigbee LCD lights now down to $15.
  • Cees Links, GreenPeak Technologies: Leader in Zigbee-based smart home devices. Smart home waay more complex than wi-fi.  1m chips a week, vs. 1 million for whole year of 2011. “Not scratching the surface.” Small data — many small packets.
  • Todd Green, CEO PubNub: data stream network.
  • no killer app for the smart home..  Controlling by your phone not really that great a method.
  • FTC agrees with me: a few adverse stories (TrendNet baby cam example) can be really bad for an industry in its infancy.
  • always hole in security. For example, you can tell if no one’s home because volume of wi-fi data drops.W
  • FTC: consumer ed critical part of their work. Working now on best practices for home data protection.
  • mitigation after a security breach? Always be open, communicate (but most hunker down!).

DAY TWO

Beyond Cost Savings: Forging a Path to Revenue Generation

  • Eric Openshaw: (had tech problems during his preso: very important one — check the Deloitte The Internet of Things white paper for details) cost savings through IoT not enough for sustainable advantage: need to produce new revenue to do that. Defined ecosystem shaping up, which creates clarity, breaks down silos.
    • areas: smart grid, health care, home automation, cars, industrial automation
    • study the GE jet model for health care: what if doctors were paid to keep us healthy.
    • need comprehensive understanding of the change issues
    • be very specific: singular asset class, etc. — so you get early victories
    • companies will have overarching, finite roadmap
    • security & privacy dichotomy: differentiate between personal health care data and data from your washing machine. Most of us will share all sorts of information if there’s something in return
    • get focused on customer and product life cycle — that’s where the money will be. Focus on operating metric level. This is most far-reaching tech change he’s seen.

Managing Spectrum Needs

  • Julius Knapp, Chief, FCC Office of Engineering & Technology: new opportunity to combine licensed and unlicensed space. Described a number of FCC actions to reconsider role of various types of spectrum. “Hard to predict I0T’s long-term spectrum needs” because industry is new: they’ll watch developments in the field.
  • Prof. H. Nwana, exec. director of Dynamic Spectrum Alliance: most spectrum usually not used in most places at most time.  His group working to use changes to spectrum to end digital divide: (used incredible map showing how much of world, including US, China, India, W. Europe, could be fitted into Africa).
  • Carla Rath, VP for Wireless Policy, Verizon: “in my world, the network is assumed.”  Need for more spectrum — because of growth in mobile demand. Praises US govt. for trying to make more spectrum available. Don’t want to pigeonhole IoT in certain part of spectrum: allow flexibility.  Tension between flexibility and desire for global standards when it comes to IoT.
  • Philip Marnick, group director of spectrum policy, Ofcom UK:  no single solution.  Market determines best use. Some applications become critical (public safety, etc.) — must make sure people using those are aware of chance of interference.
  • Hazem Moakkit, vp of spectrum development for 03b (UK satellite provider for underserved areas of developing world): “digital divide widened by IoT if all are not on board.” Fair allocation of spectrum vital.
  • interesting question: referred to executive of a major farm equipment manufacturer whose products are now sensor-laden (must be John Deere…) and is frustrated because the equipment won’t work in countries such as Germany due to different bands.

Architecting the IoT: Sensing, Networking & Analytics: 

  • Tom Davenport: IoT highly unpredictable. “Great things about standards is there’s so many to choose from” — LOL.  Will IoT revolution be more top down or bottom up?
  • Gary Butler, CEO, Camgian: announcing an edge system for IoT. Driven by sensor info. Need new networking architecture to combine sensing and analytics to optimize business processes, manage risk. Systems now built from legacy equipment, not scalable. They’re announcing new platform: Egburt. Applicable to smart cities, retailing, ifrastructure (I’ll blog more about this soon!!). “Intelligence out of chaos.” Anomaly detection. Real-time analysis at the device level. Focus on edge computing. Must strengthen the ROI.
  • Xiaolin Lu, Texas Instruments fellow & director of IoT Lab: Working in wearables, smart manufacturing, smart cities, smart manufacturing, health care, automotive. TI claims it has all IoT building blocks: nodes, gateway/bridge or router/cloud.  Power needs are really critical, with real emphasis on energy harvesting from your body heat, vibration, etc. Challenges: sensing and data analytics, robust connectivity, power, security, complexity, consolidation of infrastructure and data. Big advocates for standards. They work on smart grid.
  • Steve Halliday, president, RAIN RFID: very involved in standards. 4 BILLION RFID tags shipped last year. Don’t always want IP devices. Power not an issue w/ RFID because they get their power from the reader. Think RFID will be underpinning of IoT for long time. Lot of confusion in many areas about IoT, especially in manufacturing.
  • Sky Mathews, IBM CTO: IBM was one of earliest in the field, with Smarter Planet. Lot of early ones were RFID. A variety of patterns emerging for where and how data is processed. What APIs do you want to expose to the world? “That’s where the real leaps of magnitude will occur” — so design that in from beginning.

‘People’ Side of the IoT: meeting consumer expectations:

  • Mark Eichorn, asst. director, Consumer Protection Bureau, FTC: companies that have made traditional appliances & now web-enable them aren’t always ready to deal with data theft. Security and privacy: a lot don’t have privacy policies at all. At their workshop, talk about people being able to hack your insulin readings.
  • Daniel Castro, sr. analyst, Center for Data Innovation: thinks that privacy issue has been misconstrued: what people really care about is keeping data from government intrusion. Can car be designed so a cop could pull it over automatically (wow: that’s a thought!). Chance for more liability with misuse of #IoT data.
  • Linda Sherry, director of national priorities, Consumer Action: “convenience, expectations and trust.” “What is the IoT doing beside working?” Connecting everything may disenfranchise those who aren’t connected. Need to register those who collect data – hmm. Hadn’t heard that one before. Even human rights risks, stalking, etc. — these issues must be thought about. Can algorithms really be trusted on issues such as insurance coverage? How do you define particularly sensitive personal data? “Hobbling the unconnected” when most are connected? “Saving consumers from themselves.” “Document the harms.” Make sure groups with less $ can really participate in multi-stakeholder negotiations.
  • Stephen Pattison, vp of public affairs, ARM Holdings: disagrees with Linda about slowing things down: we want to speed up IoT as instrument of transformation. We need business model for it. Talks about how smart phone didn’t explode until providers started subsidizing purchase. He suspects that one model might be that a company would provide you whole range of smart appliances in return for your data. “Getting data right matters.” “Freak events” drive concerns about data security & privacy: they generate concern and, sometimes, “heavy-handed” regulation.
    Industry must work together on framework for data that creates confidence by public. Concerns about data are holding back investment in the field. They’re working with AMD on a framework: consumers own their own data — must start with that (if they do, people will cooperate); not all data equally sensitive — need chain of custody to keep data anomyzed; security must be right at the edge; simplify terms and conditions.
    Sometimes thinks that, in talking about IoT, it’s like talking about cars in 1900, but we managed to create a set of standards that allowed it to grow: “rules of the road,” etc.
comments: 2 »

Why It’s So Hard to Predict Internet of Things’ Full Impact: “Collective Blindness”

I’ve been trying to come up with a layman’s analogy to use in explaining to skeptical executives about how dramatic the Internet of Things’ impact will be on every aspect of business and our lives, and why, if anything, it will be even more dramatic than experts’ predictions so far (see Postscapes‘ roundup of the projections).

See whether you thing “Collective Blindness” does justice to the potential for change?

 

What if there was a universal malady known as Collective Blindness, whose symptoms were that we humans simply could not see much of what was in the world?

Even worse, because everyone suffered from the condition, we wouldn’t even be aware of it as a problem, so no one would research how to end it. Instead, for millennia we’d just come up with coping mechanisms to work around the problem.

Collective Blindness would be a stupendous obstacle to full realization of a whole range of human activities (but, of course, we couldn’t quantify the problem’s impact because we weren’t even aware that it existed).

Collective Blindness has been a reality, because vast areas of our daily reality have been unknowable in the past, to the extent that we have just accepted it as a condition of reality.

Consider how Collective Blindness has limited our business horizons.

We couldn’t tell when a key piece of machinery was going to fail because of metal fatigue.

We couldn’t tell how efficiently an entire assembly line was operating, or how to fully optimize its performance.

We couldn’t tell whether a delivery truck would be stuck in traffic.

We couldn’t tell exactly when we’d need a parts shipment from a supplier, nor would the supplier know exactly when to do a new production run to be read.

We couldn’t tell how customers actually used our products.

That’s all changing now. Collective Blindness is ending, …. and will be eradified by the Internet of Things.

What do you think? Useful analogy?

Internet of Things critical to attack global warming

I haven’t understood for a long time why there isn’t universal support for serious — and creative — measures to reduce global warming.

I first did a speech on the subject in 1996, and suspect it’s because — wrongly — people confuse energy efficiency with sacrifice, when in fact it’s just using creativity and technology to reduce waste and inefficiency. Who, especially those who style themselves as “conservatives,” could be opposed to that (although recent polls show those Tea Party types just won’t look at the facts..)?

At any rate, as far as I’m concerned, debate on this issue and toleration of “deniers” is no longer an option — we must act, and act NOW — because of the reports by two esteemed scientific panels this week that even if we DO act, catastrophic melting of part of the Antarctic may already be irreversible, ultimately raising ocean levels by 10′ — or more:

“A large section of the mighty West Antarctica ice sheet has begun falling apart and its continued melting now appears to be unstoppable, two groups of scientists reported on Monday. If the findings hold up, they suggest that the melting could destabilize neighboring parts of the ice sheet and a rise in sea level of 10 feet or more may be unavoidable in coming centuries.”

(Aside to Senator Rubio: perhaps scuba expeditions around the former Miami may be a big tourist draw after the apocalypse …).

The Internet of Things can and must play a critical role in such a strategy.

The Environmental Defense Fund’s smart grid initiative, especially its demonstration program in Austin, TX, shows the promise for integrated, large scale programs to turn the electricity system into a truly integrated one where customers will be full partners in demand-side management AND in generation, through small-scale, distributed production from sources such as solar and wind.

Smart AC modlet

But each of us can and must act individually to reduce our carbon footprints, which brings me to a neat device from Thinkeco, the SmartA/C “modlet.” It plugs into the wall socket where you plug in your window-mounted A/C unit, then the A/C plugs into the modelet.

You create a schedule to automatically turn your A/C on and off to save energy. The thermostat also senses the room temp and turns your A/C on and off to maintain a temperature around your set point.  And, rather than keep the A/C on all day when you’re at work just so the apartment will be cool when you get home, you can regulate the temperature from the smartphone app, turning it down before you leave the office.

Several utilities, including Con Ed in NYC, now provide the units to their customers, and they can really make a difference: in New York City alone, there are 6.5 million room air conditioners, which account for up to 2,500 megawatts of demand, or 20 percent of peak demand in the city.  What could be better: an apartment that’s cool when you need it, lower utility bills, and a reduction in greenhouse gases?

Or, there’s Automatic, which plugs into your car’s diagnostic port, and, through Bluetooth, sends you “subtle audio clues” (evidently “SLOW DOWN, IDIOT” doesn’t modify behavior) when it senses you’re accelerating or braking too rapidly or speeding. It also compiles a weekly overall score for your driving — the higher the score, the more economically you’re driving. Hopefully, you’ll modify your driving behavior, save gas money, and reduce emissions (Automatic also has some nice additional features, such as automatically notifying emergency officials if you crash).

I’m a grandfather, and I’m sick about the world that we’re leaving our grandchildren. Let’s all resolve, whether through IoT technology or personal habit change, to tread lightly on the earth and reduce our carbon footprint. It’s no longer a choice.

comments: Comments Off on Internet of Things critical to attack global warming tags: , , , , ,

Failure to inspect oil rigs another argument for “real-time regulation”

The news that the Bureau of Land Management has failed to inspect thousands of fracking and other oil wells considered at high risk for contaminating water is Exhibit A for my argument we need Intnet of Things-based “real-time regulation” for a variety of risky regulated businesses.

According to a new GAO report obtained by AP:

“Investigators said weak control by the Interior Department’s Bureau of Land Management resulted from policies based on outdated science and from incomplete monitoring data….

“The audit also said the BLM did not coordinate effectively with state regulators in New Mexico, North Dakota, Oklahoma and Utah.”

Let’s face it: a regulatory scheme based on after-the-fact self-reporting by the companies themselves backed up by infrequent site visits by an inadequate number of inspectors will never adequately protect the public and the environment.  In this case, the GAO said that “…. the BLM had failed to conduct inspections on more than 2,100 of the 3,702 wells that it had specified as ‘high priority’ and drilled from 2009 through 2012. The agency considers a well ‘high priority’ based on a greater need to protect against possible water contamination and other environmental safety issues.”

By contrast, requiring that oil rigs and a range of other technology-based products, from jet engines to oil pipelines, have sensors attached (or, over time, built in) that would send real-time data to the companies should allow them to spot incipient problems at their earliest stages, in time to schedule early maintenance that would both reduce maintenance costs and reduce or even eliminate catastrophic failures. As I said before, this should be a win-win solution.

If problems still persisted after the companies had access to this real-time data, then more draconian steps could be required, such as also giving state and federal regulators real-time access to the same data — something that would be easy to do with IoT-based systems. There would have to be tight restrictions on access to the data that would protect proprietary corporate information, but companies that are chronic offenders would forfeit some of those protections to protect the public interest.

 

comments: Comments Off on Failure to inspect oil rigs another argument for “real-time regulation” tags: , , ,

It’s Time for IoT-enabled “Real-Time” Regulation

Pardon me, but I still take the increasingly-unfashionable view that we need strong, activist government, to protect the weak and foster the public interest.

That’s why I’m really passionate about the concept (for what it’s worth, I believe I’m the first to propose this approach)  that we need Internet of Things enabled “real-time regulation” that wouldn’t rely on scaring companies into good behavior through the indirect means of threatening big fines for violations, but could actually minimize, or even avoid, incidents from ever happening, while simultaneously improving companies’ operating efficiency and reducing costly repairs. I wrote about the concept in today’s O’Reilly SOLID blog — and I’m going to crusade to make the concept a reality!

I first wrote about “real-time” regulation before I was really involved in the IoT: right after the BP Gulf blow-out, when I suggested that:

The .. approach would allow officials to monitor in real time every part of an oil rig’s safety system. Such surveillance could have revealed the faulty battery in the BP rig’s blowout preventer and other problems that contributed to the rig’s failure. A procedure could have been in place to allow regulators to automatically shut down the rig when it failed the pressure test rather than leaving that decision to BP.”

Since then I’ve modified my position about regulators’ necessarily having first-hand access to the real-time data, realizing that any company with half a brain would realize as soon as they saw data that there might be a problem developing (as opposed to having happened, which is what was too often the case in the past..) would take the initiative to shut down the operation ASAP to make a repair, saving itself the higher cost of dealing with a catastrophic failure.

As far as I’m concerned, “real-time regulation” is a win-win:

  • by installing the sensors and monitoring them all the time (typically, only the exceptions to the norm would be reported, to reduce data processing and required attention to the data) the company would be able to optimize production and distribution all the time (see my piece on “precision manufacturing“).
  • repair costs would be lower: “predictive maintenance” based on real-time information on equipment’s status is cheaper than emergency repairs.
  • the public interest would be protected, because many situations that have resulted in disasters in the past would instead be avoided, or at least minimized.
  • the cost of regulation would be reduced while its effectiveness would be increased: at present, we must rely on insufficient numbers of inspectors who make infrequent visits: catching a violation is largely a matter of luck. Instead, the inspectors could monitor the real-time data and intervene instantly– hopefully in time to avoid an incident.

Even though the IoT is not fully realized (Cisco says only 4% of “things” are linked at present), that’s not the case with the kind of high-stakes operation we’re most concerned with.  GE now builds about 60 sensors into every jet, realizing new revenues by proving the real-time data to customers, while being able to improve design and maintenance by knowing exactly what’s happening right now to the engines.  Union Pacific has cut dangerous and costly derailments due to bearing failures by 75% by placing sensors along the trackbed.

As I said in the SOLID post, it’s time that government begin exploring the “real-time regulation” alternative.  I’m contacting the tech-savvy Mass. delegation, esp. Senators Markey and Warren, and will report back on my progress toward making it a reality!

My piece in Harvard Biz Review blaming #370 crash on lack of “Internet of Things” thinking!

Hey, everyone else has weighed in with an explanation on why Flight 370 crashed, so I did, today, with a piece in the Harvard Business Review blog in which I blamed it on lack of “Internet of Things thinking.”

May sound crazy, but I think it’s true, because of two of my “Essential Truths” about the IoT — two things that we can do now but never could before, which open up a huge range of possibilities for change:

  • limitless numbers of devices and people can share the same data on a real-time basis
  • for the first time, we can get real-time data on how devices are actually operating, even conditions deep within the device

In this case, if Malaysia Air had only been willing to pay $10 more per flight, it could have had a wide-ranging flow of real-time data from the plane’s engines. Under regular conditions this data could have allowed the company to tweak the engines’ performance, while also allowing them to do “predictive maintenance,” catching minute problems as they first emerged, in time to make safe, economical repairs rather than waiting until a catastrophic failure.

AND, it also would have allowed them during the crisis two weeks ago to have immediately switched to monitoring the engine data when voice transmissions ended, so they would have known immediately that the plane was still flying, in time to have launched planes to intercept the plane and land it safely.

HOWEVER, what was missing was this “Internet of Things thinking,” so they didn’t think expansively about the value of sharing the data.  They saved $10 per flight, but lost 290 people. Somehow the math doesn’t add up…

http://www.stephensonstrategies.com/">Stephenson blogs on Internet of Things Internet of Things strategy, breakthroughs and management