According to Intel IoT is expected to be a multi-trillion-dollar market, with 50 billion devices creating 44 zettabytes (or 44 trillion gigabytes) of data annually by 2020. But that widely cited 50 billion IoT devices in 2020 number is clearly not correct! Forecast of 50 Billion Devices by 2020 Is Outdated. In 2017 we should be talking about about some sensible numbers. The current count is somewhere between Gartner’s estimate of 6.4 billion (which doesn’t include smartphones, tablets, and computers), International Data Corporation’s estimate of 9 billion (which also excludes those devices), and IHS’s estimate of 17.6 billion (with all such devices included). Both Ericsson and Evans have lowered their expectations from 50 billion for 2020: Evans, who is now CTO of Stringify, says he expects to see 30 billion connected devices by then, while Ericsson figures on 28 billion by 2021.
Connectivity and security will be key features for Internet of Things processors in 2017. Microcontroller (MCU) makers will continue to target their products at the Internet of Things (IoT) in 2017 by giving more focus on battery life, more connectivity of various types, and greater security. The new architectures are almost sure to spawn a multitude of IoT MCUs in 2017 from manufacturers who adopt ARM’s core designs.
ARM will be big. Last year, ARM’s partners shipped 15 billion chips based on its architectures. The trend toward IoT processors will go well beyond ARM licensees. Intel rolled out the Intel Atom E3900 Series for IoT applications. And do not forget MIPS an RISC-V.
FPGA manufacturers are pushing their products to IoT market. They promise that FPGAs solve challenges at the core of IoT implementation: making IoT devices power efficient, handling incompatible interfaces, and providing a processing growth path to handle the inevitable increase in device performance requirement.
Energy harvesting field will become interesting in 2017 as it is more broadly adopted. Energy harvesting is becoming the way forward to help supplement battery power or lose the need for it altogether. Generally researchers are eyeing energy-harvesting to power ultra-low-power devices, wearable technology, and other things that don’t need a lot of power or don’t come in a battery-friendly form factor.
Low power wide area networks (LPWA) networks (also known as NarrowBand IoT) will be hot in 2017. There is hope that f LPWA nets will act as a catalyst, changing the nature of the embedded and machine-to-machine markets as NB-IoT focuses specifically on indoor coverage, low cost, long battery life, and enabling a large number of connected devices. The markets will become a kind of do-it-yourselfers paradise of modules and services, blurring the lines between vendors, users and partners. At the same time for years to come, the market for low power wide area networks (LPWA) will be as fragmented and is already in a race to the bottom (Sigfox, said to be promising costs approaching $1 per node per year). Competing technologies include Sigfox, LoRa Alliance, LTE Cat 1, LTE Cat M1 (eMTC), LTE Cat NB1 (NB-IoT) and other sub-gigahertz options almost too numerous to enumerate.
We are starting to see a battle between different IoT technologies, and in few years to come we will see which are winners and which technologies will be lost in the fight. Sigfox and Lora are currently starting well, but telecom operators with mobile networks NB-IoT will try hit the race heavily in 2017. Vendors prep Cat M1, NB1 for 2017: The Cat M1 standard delivers up to 380 Kbits/second over a 1.4 MHz channel. NB-1 handles up to 40 Kbits/s over 200 kHz channels. Vendors hope the 7-billion-unit installed base of cellular M2M modules expands. It’s too early to tell which technologies will be mainstream and which niche. It could be that cellular NB-IOT was too late, it will fail in the short term, it can win in the long term, and the industry will struggle to make any money from it. At $2 a year, 20 billion devices will contribute around 4% of current global mobile subscription revenues.
New versions of communication standards will be taken into use in 2017. For example Bluetooth 5 that adds more speed and IoT functionality. In 2017, we will see an increase in the number of devices with the new Bluetooth 5 standard.
Industrial IoT to gain traction in 2017. Industrial applications ultimately have the greater transformative potential than consumer products, offering users real returns on investment (ROI) rather than just enhanced convenience or “cool factor”. But the industrial sector is conservative and has been slow to embrace an industrial IoT (IIoT), but is seems that they are getting interested now. During the past year there has been considerable progress in removing many of the barriers to IIoT adoption. A global wide implementation of an IIoT is many years away, of course. The issues of standards and interoperability will most likely remain unresolved for several years to come, but progress is being made. The Industrial Internet Consortium released a framework to support development of standards and best practices for IIoT security.
The IIoT market is certainly poised to grow. A Genpact research study, for instance, indicates that more than 80% of large companies believe that the IIoT will be essential to their future success. In a recent market analysis by Industry ARC, for instance, the projected value of the IIoT market will reach more than $120 billion by 2021. Research firm Markets and Markets is even more optimistic, pegging IIoT growth at a CAGR of 8% to more than $150 billion by 2020. And the benefits will follow. By GE’s estimate, the IIoT will stimulate an increase in the global GDP of $10 to $15 trillion over the next 20 years.
Systems integrators are seeking a quick way to enter the industrial Internet of Things (IIoT) market. So expect to see many plug and play IoT sensor systems unveiled. There were many releses in 2016, and expect to see more in 2017. Expect to see device, connectivity and cloud service to be marketed as one packet.
IoT analytics will be talked a lot in 2017. Many companies will promise to turn Big Data insights into bigger solutions. For industrial customers Big Data analytics is promised to drive operational efficiencies, cut costs, boosting production, and improving worker productivity. There are many IIoT analytic solution and platform suppliers already on the market and a growing number of companies are now addressing industrial analytics use.
In 2016 it was all bout getting the IoT devices connected to cloud. In 2017 we will see increased talk about fog computing. Fog computing is new IoT trend pushed by Cisco and many other companies. As the Internet of Things (IoT) evolves, decentralized, distributed-intelligence concepts such as “fog computing” are taking hold to address the need for lower latencies, improved security, lower power consumption, and higher reliability. The basic premise of fog computing is classic decentralization whereby some processing and storage functions are better performed locally instead of sending data all the way from the sensor, to the cloud, and back again to an actuator. This demands smarter sensors and new wireless sensor network architectures. Groups such as the Open Fog Consortium have formed to define how it should best be done. You might start to want to be able to run the same code in cloud and your IoT device.
The situation in IoT security in 2016 was already Hacking the IoT: As Bad As I Feared It’d Be and there is nothing that would indicate that the situation will not get any better in 2017. A veritable army of Internet-connected equipment has been circumvented of late, due to vulnerabilities in its hardware, software or both … “smart” TVs, set-top boxes and PVRs, along with IP cameras, routers, DSL, fiber and cable modems, printers and standalone print servers, NASs, cellular hot spots, and probably plenty of other gear. IoT world at the moment is full of vulnerable devices, and it will take years to get then replaces with more secure devices. Those vulnerable devices can be used to make huge DDoS attacks against Internet services. The 2016 October 21 cyberattacks on Dyn brought to light how easily many IoT devices can be compromised. I expect that kind of incidents will happen more in 2017 as DDoS botnets are pretty easy to build with tools available on-line. There’s no question that everyone in the chain – manufacturers, retailers and consumers – have to do a better job securing connected devices.When it comes to IoT, more security is needed.
2,275 Comments
Tomi Engdahl says:
The Week In Review: IoT
AT&T, IBM add IIoT analytics; Samsung debuts Bixby; IoT Maker Board.
http://semiengineering.com/the-week-in-review-iot-45/
AT&T and IBM are expanding their joint Internet of Things effort to offer AT&T’s new IoT analytics capability, helping customers yield insights from their industrial IoT data. The capability takes in AT&T’s M2X, Flow Designer, Control Center, and other IoT offerings; IBM Watson IoT; the IBM Watson Data Platform; and the IBM Machine Learning Service, part of Watson Data Platform on the IBM Cloud.
Renesas Electronics used the Cadence Perspec System Verifier for verification of a microcontroller design for IoT applications.
Samsung Electronics confirmed details about its Bixby mobile assistant
The Korean company has grander ambitions for the artificial intelligence-based assistant, planning to include Bixby in Internet of Things devices, such as air conditioners, refrigerators, and televisions, and in multiple mobile devices.
Arrow Electronics is offering the MAX1000 development board, an IoT Maker Board, based on Intel’s MAX10 field-programmable gate array. The board is aimed at use by equipment manufacturers, start-ups, and universities.
Ubuntu Core has been ported to the LS1043A quad-core system-on-a-chip device under a collaboration between Canonical and NXP Semiconductors. The companies see the combination being used in IoT gateways and networking equipment.
Oracle this week unveiled the Oracle Utilities Operational Device Cloud Service, offering IoT device management and smart grid supervision.
Bsquare debuted cross-platform IoT applications running on its DataV Hybrid IoT Platform, targeting business and industrial IoT use cases. The IIoT apps can be used in conjunction with Amazon Web Services and Microsoft Azure
Juniper Research forecasts Bluetooth beacons, digital signs, and other products connected to IoT platforms used by retailers will increase from 2.7 billion business assets last year to 12.5 billion by 2021
The industrial IoT market will add more than 13 million new wireline and wireless connections around the world this year, on top of an installed base of 53 million connections, according to ABI Research.
Tomi Engdahl says:
micro HTTP server in C
Communicate with a computer from your browser, using a minimalist HTTP compliant server written in POSIX/C
https://hackaday.io/project/20042-micro-http-server-in-c
This is a compact, single-threaded, embedded server that supports blocking and polled modes, IPv4 and IPv6, CORS, and a few other features that could boost your “IoT” project.
You can use it to serve static files, receive basic commands, or both.
Licence: AGPLv3
Some of the goals of this project are:
* support HTTP 1.1 (persistent connections are not working yet)
* implement most of the HTTaP features
* remain as compact as possible
* serve some files (not functional yet)
* split the header and the actual response data
* implement proper timeouts
Tomi Engdahl says:
5 IoT Trends to Watch in 2017
http://www.eetimes.com/author.asp?section_id=36&doc_id=1331513&
Networking, security and machine learning are among five key areas to track this year as the Internet of Things goes mainstream.
Enterprises across many different verticals are now well-aware of the potential benefits of the IoT, although most are still in the early stages of thinking about how, when and where to deploy IoT solutions. Consumers are also getting in on the act, thanks to smart home devices and platforms such as Amazon’s Alexa.
The smart home market alone is predicted to grow to more than 1.4 billion units by 2021, up from 224 million in 2016. Following are five key IoT trends engineers need to track this year.
LPWA goes mainstream: Licensed spectrum low-power wireless access (LPWA) technologies are coming into the market in earnest in 2017.
This year we will see service providers deploy their first commercial NB-IoT and LTE Cat M1 networks
Carriers tap developers: Developer outreach will be a greater focus as operators try to drive usage of their IoT platforms and infrastructure. Carriers want a greater understanding of potential new IoT use cases across a broader range of industries.
Security becomes a priority: Data, network and device security are becoming a focus as the vulnerability of a broad, distributed and heterogeneous network of connected devices becomes apparent. This year we’ll see more instances of hacked IoT devices and networks exposing points of weakness, both via lower-end consumer devices and more sophisticated IoT products.
Learn about machine learning: The value of IoT data will start to be realized in 2017 in more ways than one. We are seeing a shift to enabling processing and analytics at the IoT network edge, minimizing the need to transport large amounts of data back to the network core before triggering an action or alert.
IoT drives service business models: Early adopters are exploring how best to use IoT data and analytics to support new, transformational business models. This will have an impact across all verticals, particularly where heavy upfront capital investment is needed for infrastructure and where ongoing maintenance and operation of that infrastructure is required.
Tomi Engdahl says:
The Arrow Quadro IoT Wi-Fi Kit
https://www.eeweb.com/blog/eeweb/the-arrow-quadro-iot-wi-fi-kit
They don’t call it the “Internet of Everything” for nothing. These days, almost every product is eligible to become part of the Internet of Things (IoT) — from the electric toothbrush to the jet engine.
https://www.eeweb.com/uploads/pdf/WP_Arrow_Quadro_IOT_WiFi_Kit_FINAL.pdf
Tomi Engdahl says:
Lowest Power. Most Flexibility. Built-in Security.
https://www.eeweb.com/blog/eeweb/lowest-power.-most-flexibility.-built-in-security
https://www.eeweb.com/uploads/pdf/WP_Cypress_PSoC6_FINAL.pdf
Tomi Engdahl says:
EEMBC Offers Benchmark for Bluetooth LE in IoT
It’s the first in a series of wireless protocol benchmarks for devices in IoT applications.
http://semiengineering.com/eembc-offers-benchmark-for-bluetooth-le-in-iot/
The Embedded Microprocessor Benchmark Consortium is introducing the IoTMark-BLE benchmark, for certifying the performance of devices using the Bluetooth Low Energy wireless protocol for Internet of Things applications. It is the first in the group’s IoT-Connect benchmark series.
EEMBC also is preparing the ULPBench 2.0 standard, which will test the ultra-low-power capabilities of connected peripherals, specifically in analog-to-digital conversion, serial peripheral interfaces (SPI), pulse width modulation (PWM), and real-time clocks (RTC). An introduction is planned for this spring.
http://www.eembc.org/index.php
Tomi Engdahl says:
Cheap Smarthome Gadget(s) Hacked into Zigbee Sniffer
http://hackaday.com/2017/03/27/cheap-smarthome-gadgets-hacked-into-zigbee-sniffer/
French hacker [akila] is building up a home automation system. In particular, he’s been working with the “SmartHome” series of gadgets made by Chinese smartphone giant, Xiaomi. First, he started off by reverse-engineering their very nicely made temperature and humidity sensor. (Original in French, hit the translate button in the lower right.) With that under his belt, he opened up the PIR motion sensor unit to discover that it has the same debugging pinouts and the same processor. Almost too easy.
For a challenge, [akila] decided it was time to implement something useful in one of these gadgets: a ZigBee sniffer so that he can tell what’s going on in the rest of his home network. He built a USB/serial programming cable to work with the NXP JN5169’s bootloader, downloaded the SDK, and rolled up his sleeves to get to work.
http://faire-ca-soi-meme.fr/domotique/2017/02/27/hack-xiaomi-mi-smart-temperature-and-humidity-sensor/
http://faire-ca-soi-meme.fr/hack/2017/03/13/hack-xiaomi-mi-smarthome-zigbee-sniffer/
Tomi Engdahl says:
Hacked IoT Switch Gains I2C Super Powers
http://hackaday.com/2017/03/27/hacked-iot-switch-gains-i2c-super-powers/
Economies of scale and mass production bring us tons of stuff for not much money. And sometimes, that stuff is hackable. Case in point: the $5 Sonoff WiFi Smart Switch has an ESP8266 inside but the firmware isn’t very flexible. The device is equipped with the bare minimum 1 MB of SPI flash memory. Even worse, it doesn’t have the I2C ports exposed so that you can’t just connect up your own sensors and make them much more than just a switch. But that’s why we have soldering irons, right?
[Jack] fixed his, and documented the procedure.
Sonoff WiFi Smart Switch With I2C Port
http://www.jackenhack.com/sonoff-switch-i2c/
How to add an I2C interface to a Sonoff WiFi Smart Switch.
Tomi Engdahl says:
HTTaP
Test Access Port over HTTP
https://hackaday.io/project/20170-httap
HTTaP is a sub-protocol of HTTP1.1 designed to access hardware resources (and more) with a browser-friendly interface. It’s a good bet for your IoT project when Apache+CGI don’t fit
It is initially designed to provide a connexion (over a trusted link) to a device (either hardware or software, real, emulated or virtual), on the same computer, or next to it, or on the other side of the planet.
Contrary to other ad hoc protocols or WebSockets, HTTaP can work directly with a HTML/JavaScript page, using only plain GET and POST messages (unlike other lower-level protocols that require system programming). This enables rich and portable interfaces that work on most browser-enabled devices.
HTTaP was first published in the french GNU/Linux Magazine n° 173 (july 2014) “HTTaP : Un protocole de contrôle basé sur HTTP” as a simpler alternative to WebSockets.
The project #micro HTTP server in C is designed to implement this protocol.
micro HTTP server in C
https://hackaday.io/project/20042-micro-http-server-in-c
Tomi Engdahl says:
IOT and intelligent technology of interest to Finnish companies
Half of the organizations in Finland as early as the end product to take advantage of the latest and services in the IOT or smart technologies, says research firm Gartner report. During the end of 2017, eight per cent planning to use IoT solutions.
For 50 percent of organizations in Finland to take advantage of IOT or end product of intelligent technologies and services, says Gartner in its report. Only 17 percent do not see any need in the future for the exploitation of IoT solutions or smart technologies.
“Finland-based data and billed according to use other than IT-services already provides 26 per cent of organizations, while the corresponding figure is 21 per cent globally. This tells us that Finland is at the forefront of IoT development, “said Gartner Vice President Sanna Korhonen.
Source: http://www.uusiteknologia.fi/2017/03/28/iot-ja-alytekniikat-kiinnostavat-suomalaisyrityksia/
Tomi Engdahl says:
Dishwasher has directory traversal bug
Thanks a Miele-on for making everything dangerous, Internet of Things firmware slackers
https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/
Don’t say you weren’t warned: Miele went full Internet-of-Things with a network-connected dishwasher, gave it a web server, and now finds itself on the wrong end of a security bug report – and it’s accused of ignoring the warning.
The utterly predictable vulnerability advisory on the Full Disclosure mailing list details CVE-2017-7240 – aka “Miele Professional PG 8528 – Web Server Directory Traversal.” This is the builtin web server that’s used to remotely control the glassware-cleaning machine from a browser.
“The corresponding embedded Web server ‘PST10 WebServer’ typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks,” reads the notice, dated Friday.
Proving it for yourself is simple: Using a basic HTTP GET, fetch…
…from whichever IP address the dishwasher has on your network to reveal the shadow password file on its file system. That’s pretty sad.
It’s unclear which libraries or software components Miele used to craft the web server in the dishwasher’s firmware. The PG 8528, which boasts “remote service” features and is designed for restaurants and bars, appears to be running a form of embedded Linux. Without a fix from the vendor – for a professional dishwasher – the best option is to make sure the appliance isn’t exposed directly to the internet, or otherwise firewall it off from other devices.
[CVE-2017-7240] Miele Professional PG 8528 – Web Server Directory Traversal
http://seclists.org/fulldisclosure/2017/Mar/63
Tomi Engdahl says:
Smart Tech Doesn’t End the Hidden Factory
The manufacturing inefficiencies associated with Six Sigma’s “hidden factory” are not eliminated by advanced technology.
https://www.designnews.com/automation-motion-control/smart-tech-doesn-t-end-hidden-factory/137912586556466?cid=nl.x.dn14.edt.aud.dn.20170328
Most of us know these problems as workarounds, lost orders, late delivery, excess inventory, long set-ups, and lost customer loyalty. This collective operating dysfunction works as an undercurrent to the improved efficiencies that come from advanced manufacturing technology. Added together, these inefficiencies can decrease optimal plant output by 30%.
In the race to implement new manufacturing technologies and systems, such as the Industrial Internet of Things, it is often forgotten that factories and operations already have systems in place—and the inner workings of these systems tend to actively resist any change forced upon them. So says John Carrier, senior lecturer of system dynamics at the MIT Sloan School of Management . He notes that the “hidden factory” that results from counterproductive and unpredictable old and new technologies will, over time, results in an unknown “process” that delivers defect-laden products behind schedule.
Tomi Engdahl says:
3 Ways Requirements Documents Kill Product Development Projects
https://www.designnews.com/design-hardware-software/3-ways-requirements-documents-kill-product-development-projects/24388564156526?cid=nl.x.dn14.edt.aud.dn.20170328
We all agree that a requirements document is an essential part of the product development process, but can this document actually lead to the downfall of a project?
1. It Doesn’t Exist
It’s pretty tough to start a project and get everyone moving forward in the same direction if you don’t have a requirements document. However, this happens far more often than you may think.
Early startups often struggle here. “We are just trying to prove feasibility,”
2. Requirements Doc Is Really a Specification Doc in Disguise
Too many developers forget that a requirements document is meant to describe what the product will do. Because engineers are problem solvers, our brains love to jump quickly to solutions, and we often fall in love with those early solutions.
3. Requirements Doc Doesn’t Include Design or Usability Requirements
Many times, developers will populate the document with the most well-known items. “It has to be portable; it must fit in the trunk of a car; it must have a display.”
These are all important requirements, but also very simple ones.
Design requirements should go beyond this by gathering a deeper understanding of the user and their needs through various forms of research to discover hidden and unmet user needs.
Conclusion
Taking the time to create a stellar requirements document can prevent wasted time by eliminating redundant tasks.
Tomi Engdahl says:
Chaim Gartenberg / The Verge:
IKEA’s Trådfri system for smart home lighting goes live on Swedish website, available in Swedish stores on March 31 starting at about $85
Ikea is getting into home automation with a new smart hub
Smart lights on a budget
http://www.theverge.com/circuitbreaker/2017/3/27/15071562/ikea-tradfri-smart-lights-gateway-ethernet-cheap-dimmer-remote
Ikea is finally getting into the home automation game with its own system for smart lighting. The new range of products is called Trådfri — which means “wireless” in Swedish — and is built around the ZigBee Light Link standard for connected lights (the same as Philips Hue). The system seems to have rolled out to select European countries last fall, but will be seeing a larger release at the end of March.
The core of the Trådfri system is a gateway device that connects to the internet via an Ethernet connection and creates a local Trådfri network to connect local bulbs. Like most of Ikea’s wares, the company is pursing an extremely aggressive pricing scheme, with a base set of the internet gateway, a remote, and two Trådfri bulbs running just 749 kr, or roughly $85.40.
The standard Trådfri bulbs are dimmable LED lights with three color temperature options
Ikea is also offering a variety of standalone bundles
Currently, the Trådfri system only shows up on Ikea’s Swedish website, with the products expected in stores by March 31st
http://www.ikea.com/se/sv/catalog/categories/departments/living_room/36812/
Tomi Engdahl says:
Energy and fourth industrial revolution happening at same time
http://www.controleng.com/single-article/energy-and-fourth-industrial-revolution-happening-at-same-time/e3805032cc9ba62a7b6f11c611157edf.html
Ulrich Spiesshofer, chief executive of ABB, said the fourth industrial revolution and the energy revolution are happening at the same time and how their changes are impacting one another as well as the workforce in profound ways.
“There is a lot going on in the world,” said Ulrich Spiesshofer, chief executive of ABB during his keynote address at ABB Customer World 2017 in Houston. “The energy revolution and the fourth industrial revolution are going on at the same time.”
In the energy revolution, he said there was, “More pressure not only on the grid, but there is tremendous proliferation on the demand side. The management of bits and bytes of the grid is more complicated. Electricity is flowing many different ways,” he said, “but we have to make sure you get the electricity like you always have in a reliable way.”
When it comes to the fourth industrial revolution, Spiesshofer said this one is different from the previous versions.
“The first three industrial revolutions were about replacing people with machines. The fourth industrial revolution uses artificial intelligence. We are having an unprecedented speed of change. Technology is the key enabler in the fourth industrial revolution,” he said.
Part of that change in technology will improve engineering efficiency, operator performance and asset utilization. That change also entails jobs potentially changing on the fly.
Tomi Engdahl says:
Energy company using smart grids to reduce downtime
http://www.controleng.com/single-article/energy-company-using-smart-grids-to-reduce-downtime/63f6fb41610091bcea1ae20925e8260a.html
Duke Energy, a U.S.-based sustainable electric and gas company, is working to improve customer service to their roughly 7.2 million customers in the Southeast and Midwest with smart grids.
Self-healing networks
Sacha Fontaine has been a consultant for Duke’s smart grid division since 2010. He explained how Duke Energy has worked on advanced meter infrastructure (AMI), which connects smart meters, communications networks and data management systems together to enable customers to better manage their energy supply. He also talked about using smart street lighting in certain municipalities, and the deployment of self-healing networks.
Self-healing networks, Fontaine said, offer value to the business and to the customer because they do what personnel used to do manually. In the past, an individual would monitor the system but wouldn’t automatically be alerted to a fault on the power line. Manually, they would have to see where to isolate the fault, so that the fewest number of customers are inconvenienced and left in the dark. Then, they would see what alternative sources of power could be used to power everyone else up (not on the fault line).
“It could take an hour. You have to send a crew to locate and isolate the fault, then get the power rerouted, and finally you could send the crew to fix the fault,” explains Fontaine.
“With IoT we have remotely controllable devices through the grid that immediately alert us to outages. This takes it out of the hands of the dispatchers and puts it into a centralized system that would make the same decisions the system operator would make, but just a lot faster.”
Through algorithms and machine-learning technologies, these networks can evaluate capacity, choose alternative sources, and isolate the smallest section of the network to isolate and repair.
“What used to take about an hour now takes less than 30 seconds, so it’s a great improvement in terms of customer minutes of interruption,” Fontaine said.
Another project Duke Energy has been working on since 2014 has been providing smart lighting to municipalities or cities. By providing more efficient lighting using LEDs, lighting lasts longer and uses up to 50% less power.
Another IoT project, AMI, was initially rolled out across five states in 2014. Duke, the biggest utility company in the US, worked with Itron, Cisco, and other tech firms to deploy smart meters-building blocks which enable distribution automation, distributed generation, and a whole host of distributed intelligence and embedded sensing applications. Pilot projects allowed customers to track time-of-use rates, get peak time rebates, and see critical peak pricing.
Tomi Engdahl says:
Edge computing
https://en.wikipedia.org/wiki/Edge_computing
Edge computing is pushing the frontier of computing applications, data, and services away from centralized nodes to the logical extremes of a network.[1] It enables analytics and knowledge generation to occur at the source of the data. This approach requires leveraging resources that may not be continuously connected to a network such as laptops, smartphones, tablets and sensors.[2] Edge Computing covers a wide range of technologies including wireless sensor networks, mobile data acquisition, mobile signature analysis, cooperative distributed peer-to-peer ad hoc networking and processing also classifiable as local cloud/fog computing and grid/mesh computing, dew computing,[3] mobile edge computing,[4][5] cloudlet, distributed data storage and retrieval, autonomic self-healing networks, remote cloud services, augmented reality, and more.[6]
Tomi Engdahl says:
The Fog: Direct VS Indirect Edge Computing
http://blog.schneider-electric.com/smart-cities/2016/12/13/fog-direct-vs-indirect-edge-computing/
“Fog computing” has received an increased amount of attention in the IoT & IIoT communities. I briefly reviewed the Fog in “IoT & the Pervasive Nature of Fast Data & Apache Spark”. In this paper, I identified Fog as part of the evolution of low latency analytical solutions. However, Fog is a rather nebulous term especially when used interchangeably with the term “Edge computing“. This has led to many discussions regarding the desire to rename or clarify the terminology.
The result being my suggestion of “Indirect Edge”. Why Indirect Edge? I did not want to not replace “Fog” with a nicer sounding albeit equally vague term that obfuscates purpose and meaning. I instead sought to denote and distinguish the core concepts of the associated underlying architectures by identifying.
1. Where does the Edge end and the Fog begin?
2. What purpose does each serve?
3. What are the differences?
4. Why are they so similar?
Let’s first address the origin of term “Fog”. Fog is generally considered to be a bad marketing term originally coined by Cisco. It is understood to have been developed to drive sales by making “…its internet routers into edge computing devices”.
despite the original sales slant, of Fog, it provides value by denoting some architectural variations of Edge when addressing Cloud computing. Moreover; the IoT community is not beholden to the term “Fog” nor any particular vendor’s rendition of it.
Fog shares many similarities to Edge and it is fair to view it as an architecture pattern of Edge computing; thus the proposal to use the term ”Indirect Edge” vs “Direct Edge”.
A key tenet of each architecture is low latency data processing. Both achieve this by not requiring data be sent to the Cloud or remote data-center for analytics. Each takes place left of the Cloud integration layer at the devices’ network level
Edge computing stores and processes data on the devices themselves or a device gateway. Not surprisingly Edge computing is generally less robust than a Cloud solution, due to the limited compute power of devices. I refer to this as the “Direct Edge” or we may say just the Edge.
However, Fog computing takes place on a node near the Edge but not on the devices themselves i.e. indirectly at the Edge. The Fog introduces the practice of selectively sending data to the Cloud as needed.
We now understand these patterns are very similar and utilize the Edge devices directly and indirectly as a key component of the architecture.
One key deviation of Fog is that it leverages the concept of a Cloudlet. A Cloudlet is similar to a device Gateway in so much that it resides near the Edge devices. In an Edge topology, a gateway typically serves as an aggregation point. In an Indirect Edge scenario the gateway would be a more powerful server, VM or Cloudlet. Cloudlets are more powerful, store more data, and perform more robust analytics than edge devices or gateways. A subset of an IoT Platform’s services could be deployed to the Cloudlet for example. Data can further be selected for intelligent distribution to an IoT Platform in the Cloud.
Tomi Engdahl says:
“Samsung Connect” wrangles all the insecure Things in your Internet of Things
https://arstechnica.com/gadgets/2017/03/samsung-connect-lets-you-control-all-your-insecure-iot-devices/
Controlling your home—or the security-nightmare “smart” parts of it—with your voice.
Connect is able to automatically identify Samsung-branded smart devices on your home’s LAN, along with any other devices compatible with Samsung’s SmartThings platform. SmartThings came under fire last May for numerous flaws and security vulnerabilities, though the company claims that it has since fixed its problems
Tomi Engdahl says:
Dong Ngo / CNET:
Samsung unveils Connect Home, a mesh WiFi system that integrates with SmartThings devices and lets users manage network remotely via a mobile app; price TBD
Samsung Connect Home: A Google Wifi clone with a SmartThings twist
https://www.cnet.com/products/samsung-connect-home/preview/
Looking for something with the easy installation of a Google Wifi or Eero mesh router system, but with a SmartThings hub built in? You’ll be able to get one soon.
Samsung announced its first Wi-Fi system today, the Samsung Connect Home. This is a midtier (2×2 MU-MIMO 802.11ac) system that’s very similar to the Google Wifi, or the Eero for that matter. It includes up to three identical hardware units (it is also available with a single router), each of which is a compact wireless router with two network ports.
If you get a pack of three, one unit connects to your broadband modem and the rest of the units work as network extenders
An all-in-one mobile app
Like other Wi-Fi systems, the Connect Home is connected to a mobile app you use to set up and manage your home network. Samsung says at launch the app, called Samsung Connect, is only available for the newly released Galaxy S8. Toward the end of the year it will be available on other Android devices and maybe even iOS devices, too.
Apart from managing the Wi-Fi network it will also enable users to manage — including the setup process — Samsung-branded smart household devices, ranging from cameras to large appliances. The router also works as a hub for Samsung’s SmartThings home automation system, and the app will let you program and control SmartThings-compatible devices from third-party product makers.
This unified approach has been a long time coming. Since Samsung acquired SmartThings in August 2014
Tomi Engdahl says:
Finns want digital partner, “sharing the risk”
Half of Finnish companies are already using smart technologies and networked devices it offers to customers services and products. The results are reflected in the published at the beginning of March, research firm Gartner survey.
Only about a fifth of Finnish business leaders were of the opinion that these technologies will never be a need for them.
“The investment survey asked the top management of the risks brought up by the IT side of familiar things. The outcome was, for example, operational reliability, fault situations and scaling using the service globally. These mentioned by a small number of respondents, but issues related to service level agreement has never been mentioned before. Now, they raised the issue of financial managers and the CEO, ”
Management has woken up but not necessarily rest of the organization.
Owing to the splitting of risks many would be interested to buy digital transformation and innovation of services in support of appropriate service provider for continuing agreement.
“Sharing the risk of attracting and when your own skills is not enough, experts provide fast and agile to move, ”
Nearly one in four respondents would be willing to buy the Internet of Things solution as a service, which would at the same time new business model.
Source: http://www.tivi.fi/Kaikki_uutiset/suomalaiset-haluavat-digikumppanin-riskin-jakaminen-houkuttaa-6636998
Tomi Engdahl says:
IoT over corporate networks are divided into a plurality of reserved portions for different purposes. Thus, the normal office equipment, and IoT components are kept apart portions of the web. When the IoT devices are added, the equipment to be automatically associated with the appropriate virtual network segments.
Data Network configuration management Eerola, it should be automated, because at the moment most of the maintenance of corporate networks going maintenance of the existing network system settings, and not leave enough time to change management.
It is estimated that eighty percent of a typical network configuration should be easily automated with appropriate tools -> open up the network for each of IoT devices with the necessary services.
Cisco Systems is described a proposal Usage Manufacturer Description Framework standard proposal.
Source: http://www.uusiteknologia.fi/2017/03/30/pro-2017-tietoturva-eristaa-iot-laitteet/
Tomi Engdahl says:
Manufacturer Usage Description Framework
draft-lear-mud-framework-00
https://tools.ietf.org/html/draft-lear-mud-framework-00
Abstract
A key presumption of the Internet architecture has been that devices
are general purpose computers. By constraining the set of devices
that connect to the Internet to non-general purpose devices, we can
introduce a set of network capabilities that provides an additional
layer of protection to those devices. One such capability is the
Manufacturer Usage Description (MUD). This work builds on many
existing network capabilities so as to be easily deployable by all
involved. The focus of this work is primarily, but not exclusively,
in the realm of security; and again primarily, but not exclusively,
relating to smart objects.
Tomi Engdahl says:
Manufacturer Usage Descriptions
https://www.ietf.org/proceedings/95/slides/slides-95-netmod-15.pdf
Tomi Engdahl says:
Building Functional Safety and Security into Medical IoT Devices: IEC 62304 Conformance
https://www.mentor.com/embedded-software/resources/overview/building-functional-safety-and-security-into-medical-iot-devices-iec-62304-conformance-f433c2ce-d04e-4834-b62e-9d352af6a4c5?contactid=1&PC=L&c=2017_03_28_esd_newsletter_update_v3
As the IoT marches on – security and safety issues continue to be a top priority for embedded systems developers. Building security into your medical IoT device not only helps to reduce the chance of a data breach or cyber attack, but also introduces new ways to optimize software, reduces time to market, and increases the potential for product innovation in a very competitive global market.
Tomi Engdahl says:
Mobile network has soon as half a billion IoT devices
Last year, mobile phone networks connected to the IoT devices – practically M2M USB modems – EUR 155.6 million. Berg Insight predicts that the number will grow by over half a billion over the next five years.
In 2022 mobile phone networks should therefore connected to a total of 530.1 million IoT devices. Berg Insight, the rapid growth of technology based on the spread in China, as well as for cars with a network connection is carried out mainly via the cellular phone network.
Furthermore, the majority of M2Mmoduuleista operates in either the GSM or 3G network. In the future, changes to newer radio technology, namely LTE-M or NB-IoT technologies.
IoT’s case is often referred to as custom-designed technologies Lora or Sigfox. However, these were sold last year to a total of 4 and 1.5 million copies. Even in these techniques, however, Berg Insight predicts breakneck growth. In 2022 LoRa- and Sigfox devices sold a total of 50-100000000.
Source: http://www.etn.fi/index.php/72-ecf/6095-kannykkaverkossa-pian-puoli-miljardia-iot-laitetta
Tomi Engdahl says:
Strategy and standards help determine Big Data, IIoT value
http://www.controleng.com/single-article/strategy-and-standards-help-determine-big-data-iiot-value/9080d59dab9899559660b74ce4138fbc.html
Cover Story: There are many tools for capturing the potential value Big Data and the Industrial Internet of Things (IIoT) provide, but companies need to know what kind of information they want and how to gather it securely.
Companies that want to capitalize on Big Data and the Industrial Internet of Things (IIoT) are trying to unlock and harness the value from the data they are gathering. However, as the old saying goes, “one man’s trash is another man’s treasure,” and that is true in terms of machine and production data. A machine builder’s Big Data priorities may be very different from the information an end user manufacturer desires.
Data priorities for end users, machine builders
Data analytics benefits
Established Big Data, IoT standards and protocols
The format of the recorded date is not defined by the protocol, which allows it to be packaged in a neutral format, such as java string object notation (JSON), or in a compact format such as binary. This data-interchange format is easy for industrial controls to understand and it enables interoperability for many cloud platforms, middle layer software, and analytics packages on the market.
Tomi Engdahl says:
Four IIoT connectivity challenges for businesses
http://www.controleng.com/single-article/four-iiot-connectivity-challenges-for-businesses/8ebe34b3e0ab56dbba478020945ccd9b.html
Companies looking to implement an Industrial Internet of Things (IIoT) strategy need to address several potential issues as they seek to bridge the gap between operations technology (OT) and information technology (IT).
A Genpact Research Institute survey shows 81% of executives agree that Internet of Things (IoT) adoption will be critical to the future success of their companies, yet only 25% have a clear Industrial Internet of Things (IIoT) strategy. As organizations look to develop such plans, one of the biggest challenges is seamlessly enabling devices or “things” that live at the edge of the network. To bridge the gap between operations technology (OT) and information technology (IT), businesses must develop a strategy and implement a solution that addresses the following four critical issues.
1. Connecting disparate communication mediums
Very often, industrial networking technologies do not leverage Ethernet as their physical communications layer. Instead, they may use anything from RS232/485 to modems to proprietary wiring depending on the environment and what comprises the system.
2. Using non-standard methods of identification
Unlike IP addresses in the IT world, many industrial things don’t use standard addressable schemes for uniquely identifying themselves on the network. Instead, their schemes vary by vendor and type, and they may or may not have built-in discovery mechanisms
3. Determining a request/response model
Industrial networks have historically followed a request/response model.
Instead, IIoT likely needs a push model, where industrial data flows outbound to a cloud platform.
4. Enabling short-term data storage
Within the context of a single industrial network, we may find thousands of things that together may generate several thousand data points. Though this sounds like a small set of data, real-time operations requirements will necessitate these points to be sampled at sub-millisecond rates for data change detection. In the past, this high-frequency data would be simply analyzed, acted on accordingly, and thrown away. As companies move to making this data available to IIoT, thye will need short-term storage to ensure it can be pushed to other parties when they are available.
Tomi Engdahl says:
Cybersecurity guidance for industrial safety systems
http://www.controleng.com/single-article/cybersecurity-guidance-for-industrial-safety-systems/378c11585a0c1a947cafd288d20abd5d.html
Different working groups that focus on cybersecurity have faced challenges with securing industrial control and related systems have discussed, debated, and analyzed the issue for a long time and have worked on the problem from many angles because they are so vital to manufacturing.
For example, the ISA99 committee and IEC Technical Committee 65 Working Group 10 have developed the 62443 series of standards that provide requirements and guidance on all aspects of the subject. This information is deliberately expressed in broad terms, allowing it to be applied across a wide range of industries and situations.
The content of cybersecurity-related standards and practices can be quite technical—even arcane—requiring further interpretation within a specific context before it can be effectively applied. Interpretation of “security-speak” in the context of a related discipline is essential in understanding the full implications of security requirements. This is particularly true in areas of specialization that may have their own established terminology and concepts.
Tomi Engdahl says:
What industrial analytics platforms offer manufacturers
http://www.controleng.com/single-article/what-industrial-analytics-platforms-offer-manufacturers/0532f4f19b410151c3fa37f46445693e.html
Challenges and benefits of analytics applications for the Industrial Internet of Things (IIoT) are highlighter as well as the value analytics can provide.
Equipment-operational states are monitored by human operators, who in some cases are aided by simple analytic algorithms such as threshold-based alerts. By and large, most of these systems have not benefited from advanced analytics capabilities developed over the past decade. On the other hand, these industrial-control systems connect to many sensors and have sophisticated data-collection capabilities that provide a wealth of information about their instant operational states. There is substantial value hidden in these data. By connecting to the manufacturing equipment, SCADA and DCS are able to collect data from them and then apply advanced analytics, to gain valuable insights into their operations.
This will enable us to:
Detect anomalies, diagnose faults, raise alerts and prescribe actions for speedy repair of machine failures, thereby increasing uptime;
Perform smart-monitoring of machine-usage patterns to optimize work plans and increase utilization;
Improve quality-control and correlate it with the manufacturing-process metrics to optimize operation parameters;
Predict needs for maintenance actions to repair machines before unexpected breakdowns, thereby avoiding interruptions and reducing unnecessary routine services;
Detect and eliminate wasteful-usage patterns to reduce energy and material consumption; and
Perform optimization on a fleet of machines by dynamically adjusting the operation level of individual devices based on resource availability, operation cost and production demand.
Analytics requirements
To meet the needs of the production industries, an industrial-analytics solution should demonstrate a few important capabilities. The first one is to deliver correct results and to “do-no-harm.” This requires strong analytics and safeguards in their application. Further, as we just have seen, continuous application of analytics must be possible. However, continuous analysis often requires substantial amounts of data to be transferred from the point of data collection to the point of analysis-the decision point.
Therefore, the analytics solution must support distributed deployment at the edge, whether in IoT gateways next to the equipment, within a server cluster in a facility, or in a remote data center and the Cloud. Different deployment tiers may be required depending on the scope of the data being analyzed.
ndustrial analytics platform
An industrial analytics platform, compared to a custom-built solution, can simplify and optimize IIoT deployments, making them effective, reliable and scalable. It can offer the power of machine learning, Big Data, cloud computing and other emergent technologies without having to directly address their complexity and demand for expertise.
To meet the requirements discussed above, an industrial-analytics platform should have the following capabilities:
Streaming analytics to generate continuous, near-real-time information flows from live machine data;
Distributed analytics in the Cloud, at the factory-floor edge, and in IoT gateways for data processing;
Actionable analytics to turn data into insights and insights into actions;
Multi-modal analytics with multi-dimensional statistical aggregation, complex-event processing (CEP) and machine-learning-based pattern recognition for powerful and efficient analysis of behavior of individual assets, as well as groups of devices;
Adaptive data flow for protocol adaptation, data normalization, policy-based validation and filtering, transformation, and data enrichment to enable easy integration;
Simple customization with code-less configurations for data injection, processing and analytics; and
Security by rigorous design, implementation and validation in accordance with security best practices.
Tomi Engdahl says:
2017: The Year of the Dishwasher Security Patch
http://hackaday.com/2017/03/28/2017-the-year-of-the-dishwasher-security-patch/
As if Windows Update wasn’t bad enough, one has to deal with a plethora of attention-hungry programs and utilities all begging for a continual stream of patches from the Internet. It’s exhausting, but unfortunately also par for the course. Many of these updates are to close security vulnerabilities that could otherwise expose your computer to undesirables. The Internet of Things will only expand the amount of hardware and software you need to keep updated and protected on a daily basis. Now, it’s your dishwasher that’s under attack.
The Register reports that Jens Regel discovered the bug in a Miele dishwasher with a webserver. It’s a basic directory traversal attack that can net the intruder the shadow password file. Armed with this, it’s simple to take over the embedded Linux system and wreak havoc on your local network.
Dishwasher has directory traversal bug
Thanks a Miele-on for making everything dangerous, Internet of Things firmware slackers
https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/
Tomi Engdahl says:
What the oil and gas industry needs from SCADA
Supervisory control systems aggregate data at key points in the supply chain. A list of industry suppliers are included.
http://www.controleng.com/single-article/what-the-oil-and-gas-industry-needs-from-scada/980c4c00d02f17d8426af81a011d682e.html
Tomi Engdahl says:
Safety requires cybersecurity
http://www.controleng.com/single-article/safety-requires-cybersecurity/1dc4479aa9b2e5886ab582698c5a419a.html
Technology Update: If it isn’t secure, it isn’t safe. Cybersecurity vulnerabilities represent additional failure modes and safety incidents not factored into traditional safety assessments. Consider safety when creating a business justification for cybersecurity risk assessments.
Functional safety assessments are a well-established practice in machine and process automation. These assessments focus on random hardware failures or systematic software failures (such as bugs).
However, cybersecurity threats and vulnerabilities represent additional failure modes that may lead to incidents that are unaccounted for in traditional safety assessments. A business justification can be developed for discussing cyber risk assessments.
Identify what devices are communicating with each other. What devices should be communicating with each other? What devices are communicating with each other that perhaps should not be, or were not expected to be? Are any devices communicating using unexpected protocols? Are there control system devices that are trying to communicate to the Internet? Plot the communications and look for anomalous behaviors.
A vulnerability assessment would then analyze the actual servers and workstations that make up the system. Most of the operating systems that are controlling the bulk of industrial facilities today are legacy Microsoft platforms such as XP and Windows Server 2003
The next step in a vulnerability assessment would be to partition the system into zones and conduits
A vulnerability assessment also should include a review of policies and procedures, and include a gap analysis. How does the system stack up against industry standards and best practices? Finally, the assessment should list the vulnerabilities that have been discovered and the recommended mitigations to close the gaps.
Tomi Engdahl says:
Ecosystems: A Critical Component to Successful Development of IoT Applications
https://event.on24.com/eventRegistration/EventLobbyServlet?target=registration.jsp&eventid=1201230&sessionid=1&key=C72D88736261A7C5871F427EA8513BCB&partnerref=ED2_041117&utm_rid=CPG05000002750211&utm_campaign=10371&utm_medium=email&elq2=63eed69f61884f66b6a86bf20313d09f&sourcepage=register
IoT applications require some development expertise that is significantly different from those required in a traditional embedded application. For example, the UI will typical reside on a mobile device rather than on the device itself. Most obviously, the device will need to connect to an IoT platform, which in turn will collect and analyze data. In addition, the IoT is encouraging many companies with no previous embedded development background to investigate embedded sensor-based solutions. As a result, embedded system integrators and product design houses are also an important component an IoT.
Tomi Engdahl says:
IoT Security Risks Grow
http://semiengineering.com/iot-security-risks-grow-3/
Experts at the table, part 3: Why existing standards are insufficient; different strategies for securing connected devices; the widening impact of cost control.
SE: With increased connectivity, we open up doors into the network, the chip and the software. Where is the best place to seal the borders?
Yanamadala: Several years ago, securing the network was good enough. Now each part of the chain has to be secured in a chain of trust. The network, the software and the hardware all have to be secure. The hackers always will look for the weakest link in the chain, so if the hardware is not secure, that’s where the problem will be. It doesn’t matter how many bits AES (Advanced Encryption Standard) uses. AES is mathematically strong. But when the keys are being transported, then the cryptography is strong but the implementation is not.
SE: We have up to 100 IP blocks in some chips, processors from a variety of vendors, multiple levels of connectivity over wired and wireless connections. Can you really seal that up?
Yanamadala: We need to differentiate between trusted resources and non-trusted resources. So architecture definitely plays a role. Then you need good cryptography. That means not just good math, but also good implementation. The root of trust is required at the hardware level. And then off-chip security is required, as well. ARM TrustZone is one good example.
Shen: That’s at all layers—the network layer, the communications layer, the software vulnerabilities, and then the hardware itself. We refer to that as platform security mechanisms. There is a whole list of mechanisms, starting with isolation of execution, so that even if things go bad in one execution environment, the crown jewels are not exposed. There are all kinds of mechanisms required to ensure the confidentiality, integrity and authenticity of assets, whether it’s code or data belonging to different stakeholders. The key point here is future-proofing. You cannot have robust future-proofing without a root of trust.
SE: Let’s talk about the money aspects. Given enough time and resources, anything can be hacked. How do we define a good-enough level of risk? And what’s an acceptable balance of cost versus risk?
Yanamadala: There is certainly need for an orderly progression of security features, starting from a root of trust. But the device owner doesn’t really care if a network gets attacked, as long as it still works. It’s not like a phone where you have Apple, Google and Microsoft working on these problems, testing them and applying patches after release. With IoT devices, margins are much lower. They don’t have the teams or the expertise to allow these kinds of fixes. Neither the users nor the manufacturers are interested. So it may require another entity to step in and force everyone to raise the bar.
Dry: That’s what happened with smart meters. The original versions of smart meters had no security or very little security. A lot of that was based on software. There was a secure element device available, which was a SIM card, but the smart meter manufacturers would not entertain the idea of spending a dollar extra on a $50 BOM.
Yanamadala: A one-dollar increase is not the problem. It’s the relative cost that’s the challenge. But to secure a chip is much easier than trying to secure it afterwards at the system level. With Mirai, it probably would have cost a few pennies to secure the board-level design.
SE: What does that imply for future design?
Dry: The goal of future-proofing designs should be 10-plus years. That’s the best way to prepare for unknowns. Electric meters used to be 15-plus years. The first wave of smart meters was designed to last 10 years—some say 7—due to connectivity changes with ZigBee Smart Energy 2.0 and security.
Tomi Engdahl says:
Security vs. Quality: What’s the Difference?
http://www.securityweek.com/security-vs-quality-what%E2%80%99s-difference
Quality and security. Two words that share an interesting relationship and no small amount of confusion.
What is certain is that both words are meaningful in the context of software. Quality essentially means that the software will execute according to its design and purpose. Security means that the software will not put data or computing systems at risk of unauthorized access. While quality seems to be easier to measure, both are somewhat subjective in their assessment.
The real confusion comes when you consider the relationship between quality and security. Are they the same thing or is one a subset of the other? If I have quality, does that mean I’m also secure? Are quality problems also security problems or vice versa?
Defining quality and security defects
For those who take a holistic view of software design and development, quality and security issues both fall into the broad category of defects.
Applying the definition of “defect”, the software malfunctioned or failed in its purpose. This would be a defect and would fall into the category of quality.
Determining if the defect has a security component will take more digging. If I can demonstrate that exploiting this issue in some way to gain unauthorized access to data or the network, then this would also fall under the category of security. It is entirely possible that the defect may simply be a logic issue and, while potentially annoying, does not create an exploitable vulnerability.
Based on my scenario above, we can then draw the conclusion that security is a subset of quality.
Or maybe not.
Clarifying the misunderstandings between quality and security
A simple coding bug such as cross-site scripting (XSS) may counter our argument. The developer can code the software within adherence to the requirements and still make the code vulnerable to an XSS attack. The associated defect would be security related, but does reflect a defect from a quality point of view. Many would argue that a security vulnerability is a quality problem. I could easily get behind that line of reasoning, but others would invoke the stricter interpretation. This disabuses the notion that security is a subset of quality.
Part of the misunderstanding between quality and security was that the two were functionally separated in traditional development shops, and the groups that owned them rarely interacted.
Combining quality and security to enable the developer
As development practices have evolved and agile methods continue to take root, the traditional quality and security silos have had to come down by necessity. Security is being integrated into the development process with the notion of enabling developers to build good security practices into their code. Similarly, the responsibility for quality is now shared by the developers. There is also higher awareness of the architecture, design, and requirements process and how that process affects quality and security.
Broadening the quality and security perspective
In the end, quality and security are critical components to a broader notion: software integrity.
Ultimately, developers strive to develop the best software possible. This implies that defects—quality and security—should be minimalized, or, at best, eliminated. If we agree that quality and security problems are both a form of defect, then we must sufficiently address both to produce software of the highest integrity.
Tomi Engdahl says:
https://www.ingenu.com/technology/
RPMA, or Random Phase Multiple Access, technology is a combination of state of the art technologies designed specifically and exclusively for wireless machine-to-machine communication.
https://www.ingenu.com/technology/rpma/how-rpma-works/
LED Roadway Lighting NXT series luminaires are LED street lights that are remotely monitored, controlled, and automated over RPMA® (Random Phase Multiple Access) wireless connectivity. The street lights provide energy savings of more than 75% over traditional lighting solutions due to the combination of LED lights and RPMA-enabled automatic control, dimming, and alerting.
RPMA’s two-way connectivity makes street light management easy. When maintenance issues arise, the luminaires send alerts through the RPMA network to the back office. Cities like Aruba can quickly control and automate lights from the main office on the fly or using automated plans making event planning, emergency response, and energy savings plans simple to implement.
Because RPMA access points (AP) receive and understand over a thousand messages simultaneously, adjusting street lighting solutions during large events is seamless.
Tomi Engdahl says:
Matt Hamblen / Computerworld:
Verizon to launch 4G LTE Category M1 nationwide network for IoT on Friday, with wireless data costs starting at $2 per month, per device — Chipsets for Cat M1 low-power devices have dropped drastically in the past year — Verizon on Friday will launch a nationwide wireless network designed …
Verizon to launch wireless Cat M1 network nationwide to juice IoT
Chipsets for Cat M1 low-power devices have dropped drastically in the past year
http://www.computerworld.com/article/3186656/internet-of-things/verizon-to-launch-wireless-cat-m1-network-nationwide-to-juice-iot.html
Verizon on Friday will launch a nationwide wireless network designed to help developers, businesses, utilities and municipalities deploy secure internet-of-things devices at lower cost.
The Verizon 4G LTE Category M1 (Cat M1) network will span 2.4 million square miles and will be the first of its kind, the company said.
Many IoT technologies have been slow to catch on, but Verizon’s Cat M1 and similar networks will be game changers for IoT deployments, said Steve Hilton, an IoT analyst at Machnation.
Cat M1 is a low-power, wide area network (LPWAN) technology that competes most directly with other LPWAN networks like LoRa, Sigfox and Narrowband IoT, Hilton said. Cat M1 and Narrowband run on licensed spectrum, while the others run on unlicensed spectrum.
“Cat M1 competes directly with Zigbee, Z-Wave and … Bluetooth,” said Mike Lanman, Verizon senior vice president for IoT, in an interview.
Where Cat M1 might be deployed
Devices running Cat M1, such as water and power meters and asset trackers, will get longer battery life and can be left unattended for up to a decade, Lanman said.
Cat M1 operates at lower bandwidth than 4G LTE, usually between 300Kbps and 400Kbps. Verizon typically provides 4G LTE bandwidth download speeds of 5Mbps to 12Mbps.
The economic benefits of using Cat M1 have improved greatly in the past year, Lanman noted. A year ago, a chipset for a Cat M1 device would have cost $15, but that price is now down to about $8. Verizon offers certified chipsets and devices for Cat M1 from Sequans Communications, Telit Communications, Qualcomm, Encore Networks, Link Labs and NimbeLink.
Hilton predicted the price of a LPWAN device could be less than $3 per device when produced in high volumes.
Verizon also said the wireless data cost for Cat M1 devices would be as low as $2 a month per device, with custom pricing that could be lower.
ThingSpace was created in late 2015 to provide tools for IoT developers to create, test, deploy, manage and market IoT apps. At the time that ThingSpace was launched, Verizon hinted it was working on a dedicated network for IoT to avoid the high cost of using regular LTE connections.
ThingSpace was initially made available to developers in 92 countries but has since grown to 175 countries. “It’s a one-stop shop,” Lanman said.
Better IoT security
With ThingSpace collaboration and connections to Verizon’s network, Lanman said developers can build in stronger IoT security to prevent massive cyberattacks like the one in October blamed on the Mirai botnet that targeted unprotected IoT devices.
When a consumer buys an appliance like a washing machine with Verizon’s Cat M1 connectivity, Lanman said, the machine can be plugged in and securely authenticated over the Cat M1 network automatically, so the consumer doesn’t have to type in a complex 16-digit password.
“The Cat M1 chipset finds the network and connects and authenticates with a layer of security you don’t find in other networks,” Lanman said. “It allows people to manage and update” more easily.
Hilton predicted Cat M1 and other forms of LPWAN will be “game changers for IoT by giving large and small enterprises new options for deploying IoT uses.”
“Within three years, it is possible that 70% to 80% of carriers’ new IoT connections will be LPWAN-based,” he said.
http://www.computerworld.com/article/2998992/internet-of-things/verizon-focuses-on-lowering-costs-for-iot-apps-network.html
Tomi Engdahl says:
Raspberry Pi Zero W rival: New $10 Orange Pi 2G-IoT hooks into mobile networks
http://www.zdnet.com/article/raspberry-pi-zero-w-rival-new-10-orange-pi-2g-iot-hooks-into-mobile-networks/
Raspberry Pi challenger Orange Pi has packed a 2G antenna into its latest developer board, aiming to target Internet of Things applications
Last year the Shenzhen-based maker of the Orange Pi developer board undercut the Raspberry Pi 3 on price but only by sacrificing the better-known board’s Wi-Fi.
Now, a new Orange Pi model, dubbed the Orange Pi 2G-IoT, goes in the opposition direction on connectivity, giving builders a 2G antenna for Internet of Things applications, as well as offering wireless LAN and Bluetooth for a price of $10.
supports 802.11b/g/n Wi-Fi, Bluetooth 2.1, and features a Raspberry Pi-compatible 40-pin GPIO connector.
The 2G antenna supports GSM/GPRS data connections and there’s, of course, a slot to insert a SIM card.
The device can run Android, Ubuntu, Debian
Tomi Engdahl says:
Grand View Research on IoT Warehouse Management
https://www.securerf.com/in-the-news/grand-view-research-iot-warehouse-management/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=49711299&_hsenc=p2ANqtz-88WL68HGp4xAGW8TSNHmtD1i-OhPsl6CBaU_QHtYqFVzfnw0Aram5ZLy1KbMmldcw7OPs2OOBkdXM474KFcrbSDyBRKu_H4RDAeUtlinZbxC2pO4o&_hsmi=49739146
The global IoT warehouse management market was valued at USD 2.27 billion in 2015, owing to the increasing penetration of connected devices across the globe. The growing number of machine-to-machine applications, including video surveillance, smart meters, transportation, health monitoring, and asset tracking, is anticipated to drive the connected device market demand.
Tomi Engdahl says:
SecureRF’s IoT Security Solutions Available on the Arrow Chameleon96 Community Board
https://www.securerf.com/securerfs-iot-security-solutions-available-arrow-chameleon96-community-board/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=49711299&_hsenc=p2ANqtz-90pwlXDxB1PkzAvLLu9lXUiafzeHFic0JtQ3XNo63-U9H37ymS_jRk7cbW4kfnReKL6mvsNXaD98IVd03cNO7ATlcFHGS4qFT4-H0fZcupCQ9eYPk&_hsmi=49739146
SecureRF’s asymmetric (public-key) cryptographic protocols are available on the new Arrow Chameleon96 community board. The company’s security tools enable deployment of small, fast and ultra-low-energy solutions providing integrity, authentication and non-repudiation for IoT devices.
IoT devices are often deployed with little or no protection because most security solutions do not have acceptable runtimes, need a network connection, and require labor-intensive administration of a universal key or password database. SecureRF’s Group Theoretic Cryptography methods, which include the Ironwood™ Key Agreement Protocol and Walnut Digital Signature Algorithm (WalnutDSA™), are at least 60 times faster than ECC, and consume up to 140 times less energy. In addition, there is no need to manage a database or maintain a network connection
https://www.securerf.com/chameleon96/
Tomi Engdahl says:
IoT Security News — Detection Improves, But Gaps Remain
https://www.securerf.com/iot-security-news-detection-improves-gaps-remain/?utm_campaign=Email%20Newsletter&utm_source=hs_email&utm_medium=email&utm_content=49711299&_hsenc=p2ANqtz-_W9BxmMIbKvZwO7opdEegua07PIKwphTjcMUDdRXX1nN802MxA2pq5OCnd7ssoLfx_GPv2Fm4LlodLxN_SO_skzv7kr1fF0R8N1CERdtxuV2BnADQ&_hsmi=49739146
While IoT security hacks and ransomware attacks have been on the rise, the ability to detect attacks and take remedial action has improved. As evidenced by the IoT-security news items below, IT security staff can spot some types of attacks during or immediately after they occur – but in some cases, even the most stringent precautions are no match for determined hackers.
Toy Hack via IoT Is No Child’s Play
Surveillance Cameras Hacked Days Before Presidential Inauguration
University’s IoT Devices Used Against Its Network
To prevent these and other types of attacks from occurring, IoT devices must be secured with strong authentication and data protection solutions.
Tomi Engdahl says:
Command Alexa With a Completely Mechanical Vintage Remote Control
http://hackaday.com/2017/04/02/command-alexa-with-a-completely-mechanical-vintage-remote-control/
In the video below, [Monta Elkins] breaks down a vintage Zenith Space Command to show us how the internal mechanisms work. Then, he takes it a few steps further and demonstrates how he built a system to respond to the remote control. Using a Teensy, an Arduino Uno, and a bit of speech synthesis, the system gets triggered by the Space Command and then speaks a command, which is then registered by an Amazon Alexa.
012 Zenith Space Command Retro-future Ultrasonic Remote Control Project
https://www.youtube.com/watch?v=JrhKW20DIvA&feature=youtu.be
Tomi Engdahl says:
Tomorrow’s products rise today at the IoT & AI Insider labs
https://news.microsoft.com/features/tomorrows-products-rise-today-iot-ai-insider-labs/
Welcome to one of Microsoft’s IoT & AI Insider labs, where engineers like Kelly help guests elevate their businesses and products by tapping into the Internet of Things and artificial Intelligence, further fueling a transformation across sectors that range from energy to retail to robotics.
The newest lab, which Microsoft will open in April in Munich, joins two others launched recently by Microsoft in Shenzhen, China, a hardware hotbed, and in Redmond, Washington, where Kelly works. Munich, an industrial hub of machinists and manufacturers, offers a location that is a central point for interested lab customers in Europe and the Middle East.
Companies of all sizes can work in the labs at no cost. They get access to Microsoft technology and its engineers’ expertise in machine learning, AI and the cloud, all in one-stop shops. During stints that typically span from one to three weeks, visiting development teams learn how to refine their product architecture, unblock technical issues and build the skills to create a full-stack IoT solution.
“Companies have said their three weeks in the lab was worth four, five or six months of coding on their own,” says Cyra Richardson, Microsoft general manager of IoT business development.
Tomi Engdahl says:
IEEE Standards Association, AIOTI, oneM2M and W3C Collaborate on Joint White Paper Covering Semantic Interoperability for the Internet of Things (IoT)
http://standards.ieee.org/news/2016/semantic_interoperability.html
IEEE, the world’s largest technical professional organization dedicated to advancing technology for humanity, and the IEEE Standards Association (IEEE-SA), today announced its collaborative role in the publication of a joint white paper entitled Semantic Interoperability for the Web of Things in conjunction with organizations closely tied to the advancement of the IoT ecosystem.
“Semantic interoperability is a core value of the IoT and IEEE P2413™ is keen to continue this conversation and to build upon the collaborative spirit that led to the creation of this document. In doing so, we can better develop and refine our views for Semantic Interoperability in the IEEE P2413 architectural framework for IoT,” said Oleg Logvinov, chair IEEE P2413, president and CEO, IoTecha.
Dave Raggett, W3C lead for the Web of Things, claims, “The joint white paper is a valuable initial step for building a common understanding across organizations about the vital role that semantic descriptions can play in enabling interoperability.”
Semantic Interoperability for the Web of Things
https://www.researchgate.net/publication/307122744_Semantic_Interoperability_for_the_Web_of_Things?channel=doi&linkId=57c1df6008aeda1ec38cf5f5&showFulltext=true
Tomi Engdahl says:
California Looks to Compel IoT Security
http://hackaday.com/2017/04/03/california-looks-to-compel-iot-security/
There is a bill going through committee in the state of California which, if passed, would require a minium level of security for Internet of Things devices and then some. California SB 327 Information privacy: connected devices in its original form calls for connected device manufacturers to secure their devices, protect the information they collect or store, indicate when they are collecting it, get user approval before doing so, and be proactive in informing users of security updates
This is just a proposal and will change as it finds its way through committee. Currently there a really no methods of punishment outlined, but recent comments have suggested individual prosecutors may have latitude to interpret these cases as they see fit. Additionally it has been suggested that the devices in question would be required to notify in some way the user when information is being collected.
SB-327 Information privacy: connected devices.
http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327
Tomi Engdahl says:
The Week In Review: IoT
NXP adds IoT chips; farm IoT firm gets funding; 24B IoT cell connections in 2025.
http://semiengineering.com/the-week-in-review-iot-46/
NXP Semiconductors this week brought out several Internet of Things devices and other products for using near-field communications in advanced product authentication, integrity assurance, and enhanced user engagement in consumer manufactured goods, health care, retail, and other industries. The company has introduced the NTAG 413 DNA and NTAG 213 Tag Tamper devices to combat fake products, counterfeit transactions, and improper product handling. The NHS3100 and NHS3152 devices, part of NXP’s NTAG SmartSensor line, can offer NFC sensing and logging applications for temperature monitoring in cold supply-chain logistics.
Samsung Electronics introduced Samsung Connect Home, a residential Wi-Fi router that can work as a hub for the company’s SmartThings home automation platform, and a related service called Samsung Connect.
Arable Labs received $4.25 million in private funding for agricultural IoT products and services.
Microsoft is opening an IoT lab in Munich, Germany. The company will work with customers on developing IoT applications, fabricating hardware prototypes, and other IoT-related activities. Microsoft previously set up IoT labs at its headquarters in Redmond, Washington, and in Shenzhen, China. Cisco Systems and IBM also have IoT R&D centers in Germany.
Tomi Engdahl says:
IBM’s Watson Center opened in Helsinki Finland
New Health Care Watson Health Center was opened yesterday in Helsinki. Center 150 health care consultant to develop new applications and solutions. Opened Center is part of Tekes and IBM alia, to conclude a five-year cooperation agreement.
Watson Helsinki Health Center will serve as a meeting point for the development of new data utilizing, cognitive as well as applications and solutions involving artificial intelligence. They are needed because health data, the number is expected to double every 73 days until 2020.
Finland is to provide health care package, which includes electronic medical records and all achievable health services.
Source: http://www.uusiteknologia.fi/2017/04/04/ibmn-watson-keskus-aloitti-helsingissa/
Tomi Engdahl says:
IoT Garage Door Opener Maker Bricks Customer’s Product After Bad Review
https://hardware.slashdot.org/story/17/04/04/200223/iot-garage-door-opener-maker-bricks-customers-product-after-bad-review
Denis Grisak, the man behind the Internet-connected garage opener Garadget, is having a very bad week. Grisak and his Colorado-based company SoftComplex launched Garadget, a device built using Wi-Fi-based cloud connectivity from Particle, on Indiegogo earlier this year, hitting 209 percent of his launch goal in February. But this week, his response to an unhappy customer has gotten Garadget a totally different sort of attention. On April 1, a customer who purchased Garadget on Amazon using the name R. Martin reported problems with the iPhone application that controls Garadget. He left an angry comment on the Garadget community board
Martin left a 1-star review of Garadget on Amazon: “Junk – DO NOT WASTE YOUR MONEY – iPhone app is a piece of junk, crashes constantly, start-up company that obviously has not performed proper quality assurance tests on their products.”
IoT garage door opener maker bricks customer’s product after bad review
Startup tells customer “Your unit will be denied server connection.”
https://arstechnica.com/information-technology/2017/04/iot-garage-door-opener-maker-bricks-customers-product-after-bad-review/
Tomi Engdahl says:
People Think Smart Home Tech is Too Expensive
https://tech.slashdot.org/story/17/04/04/2014231/people-think-smart-home-tech-is-too-expensive
According to new research commissioned by smart home software and hardware brand Wink, 34 percent of Americans believe it would cost $5,000 or more to turn their home into a smart home.
It’s a stark contrast from Wink’s real world user data: Of the company’s 2.7 million users, the average person starts with just 4 smart devices, and spends about $200. The information comes from a report Wink has dubbed their Smart Home Index, released today
Of those that did purchase a smart home device, energy savings was the most frequently cited reason for doing so, followed by security. Only 33 percent of buyers expressed a desire to monitor or control their homes while away.
People think smart home tech is too expensive—here’s what it really costs
https://www.usatoday.com/story/tech/reviewedcom/2017/04/04/people-think-smart-home-tech-costs-way-more-than-it-really-does/100023362/
For example, the adoption rate disparities across gender lines and income lines have almost disappeared. 43% of connected device buyers are now women, and 20% of all households with income under $50,000 per year have purchased a connected product.
Of those that did purchase a smart home device, energy savings was the most frequently cited reason for doing so, followed by security. Only 33% of buyers expressed a desire to monitor or control their homes while away.
Finally, Harris surveyed renters and found that 36% of them would pay an average of 5% more in rent each month for an apartment with smart home features. In cities like New York and San Francisco, that could add up to thousands of extra dollars annually.