I shared the IDC study on IoT and the issues/concerns for implementation etc they found. I’ve seen a couple of other studies that found the reality of IoT integration and skills as well as security and management to be concerns.
First off, IoT security is an interesting problem. It’s interesting because it won’t only impact large corporations and government agencies. It will impact everyone. All of us. From a compromised watch on your wrist that is recording everything onto your compromised cellular phone and sending that off to someone in another country. To simply enabling physical security holes in systems, blind spots and other ways for people to access places they shouldn’t be able to be in. The potential is limitless when considering the reality of security.
At the same time, the world is hurtling down the IoT highway at a rate of more than a billion new devices every year. I talked about the concept from a connected to my phone and using my phone’s network and processor to co-processing but connected to software on my phone for data collection IoT devices. There are many more out there. Devices that will connect to your Wi-Fi network in your home to provide you with critical information.
I have personally over the past few months been publishing a few ideas that I think will solve some of the initial issues facing full on IoT implementations. First off, the concept of modular security for IoT devices (or more broadly the US Government National Institute for Standards and Technology (NIST) ululated guidelines around Cyber Physical Systems (CPS). Modular security simply moves the device security to a single chip. Certainly that presents a risk, in that the chip can be identified and compromised. But the value proposition is replacing the security chip not the IoT device. The other concept is that of Mesh sensor systems. This is a system that is self-reliant and interactive. Where there are multiple connects between the IoT mesh and the world. In a mesh network scenario, the CPS devices are smart enough to know their direct connection isn’t working, so I move my critical data to another form of communication. Mesh network IoT/CPS systems present another bad actor risk, where I block the direct connection of a series of IoT/CPS devices and offer a false network for the data to be pushed to. In that scenario there may be IoT/CPS capabilities to be utilized that I won’t talk about here. But one of the easy ways this particular security hole would be a two-way validation on the security chips of a mesh. Not knowing the size of anyone mesh, and no one device knowing how many others it is connected to, would increase the ability of the system to reveal hacked devices quickly.
The most intriguing thing however in the IDC study was the sudden appearance of skills as a problem for IoT/CPS implementations going forward. I’ve actually predicted part of this problem more than 3 years ago in my innovation series of blogs. The reality of innovation is that some of the people that would normally be cutting edge driver sin companies, have moved on to crowd funding opportunities. I talked about that in my book on innovation. There is an environmental issue that causes innovators to move to startup’s. In part this is a distinct issue of inter-generational knowledge transfer and in part an enablement of a new market.
One thing organizations can do is consider building an IGKT that aligns with their organizational goals but is also adaptive enough that it can support new ideas and new thinking. This is not forcing the boiling of the great ocean of knowledge management to get a teaspoon of table salt. This represents a multi-party system that is designed to support Knowledge Transfer. You will lose some innovative thinking to Crowd Funding. You will also lose some historical organizational reference points to retirement. This system better enables the development of people and processes to capture information. The goal of the system is to remove the expert tradition from your organization and create a vibrant growing creative and inspiring organization.
There isn’t one answer to the problems 40 billion IoT/CPS devices will create. There are however things that can be done now, that will reduce the impact of risk then. When you are up to your neck in water, surrounded by alligators it is hard to remember your assigned job was drain the swamp.
Yea though my sensors tell me everything I will not fear checking the actual weather myself!