Monday, February 23, 2015

The Jetsons – IoT avant la lettre?

250px-Jetsons The Jetsons live in the year 2062 in a futuristic utopia (100 years in the future at the time of the show's debut in 1962) of robotic contraptions, aliens, holograms, and whimsical inventions. One of the characters is Rosie the house robot, Rosie engages in the household and some of the parenting, she’s in control of all the appliances in the house.

Well it seems to me that the robotic contraptions, holograms and whimsical inventions are closer than they have ever been. Our electronic devices are getting smarter - many can now "talk" to each other and connect to the web. All kinds of gadgets, from toasters to sprinklers, fridges to domestic heating systems, are now boasting sensors and low-powered embedded chips. Whirlpool, Samsung, and LG have all announced wi-fi enabled washing machines in the last month. Nest's smart thermostats can communicate with your GPS-enabled phone or tablet and activate your heater when you're on your way home. All the “major” brands are investing in it, teleporting this “technology” into a mainstream business.

This is the so-called "Internet of Things" (IoT) or “Internet of Everything" (IoE). A network of physical objects accessed through the Internet that contain embedded technology to sense or interact with their internal states or the external environment. These billions of objects can be connected, know their location or status, and communicate with another object, system or a person.

Besides the fact that I can definitely appreciate this kind of evolution - pardon my techie background 34183_Smiley-robot - I’m also worried because I believe we must proceed with caution in enforcing and developing it.
EggPile Pile of eggs
“There's even a clever egg tray that sends you a remote warning when you're running low on eggs or when they're getting old.“
Well … I wouldn’t mind my fridge automatically ordering groceries, but what if it got hacked or there’s a bug in the software and my fridge would go bananas and started ordering stuff I don’t want or maybe a million eggs.

Security is an issue – Folks we are entering the era of ‘ThingBots’
In December 2013 a researcher at Proofpoint, an enterprise security firm, discovered that hundreds of thousands of spam emails were being logged through a security gateway. The global attack campaign involved more than 750.000 malicious email communications coming from more than 100.000 everyday consumer gadgets such as home-networking routers, connected multi-media centres, televisions and at least one refrigerator that had been compromised and used as a platform to launch attacks, the hackers had in fact created a botnet. The compromised machines are called “ThingBots,” and they can be a spammer’s best friend.

Internet-of-things "devices are typically not protected by the anti-spam and/or anti-virus available to individual consumers, nor are they routinely monitored by alerting software to receive patches to address new security issues as they arise. “Internet-enabled devices represent an enormous threat because they are easy to penetrate, consumers have little incentive to make them more secure, the rapidly growing number of devices can send malicious content almost undetected, few vendors are taking steps to protect against this threat, and the existing security model simply won’t work to solve the problem”, said David Knight, General Manager of Proofpoint’s Information Security division. “Many of these devices are poorly protected at best and consumers have virtually no way to detect or fix infections when they do occur.”  

IAM for the household
, #SoT – Security of Things
One of the concepts of IoT are “relationships between businesses, people and things”. But how do we define those relationships to ensure that policy and process can be articulated properly, and that the technology of things can be configured to reflect those relationships and at the same time making this accessible for the unknowledgeable consumer.

Now, imagine that you work within a universe of entities (businesses, people and things) in countless combinations of relationships. At some point we will be faced with the task of determining just how we will identify those entities just enough to be able to articulate those relationships effectively for transacting business. We must ask ourselves whether our existing technology such as IAM and asset management can be combined and/or extended to accommodate such an effort. The challenge is that while the device will have an identity (IP-address, or MAC , serial number, device certificate, RFID, etc.), who controls the access to that device, or to the information the device sends out?

We will also need to determine how much information is enough information for executing on the relationships, how dynamic will they be, how we might ‘log’ the relationship. IAM can be extended to include also connected devices. Traditional IAM concentrates on people, and managing their access privileges and attributes associated to the users. In principle these functions work well also with identifiable devices. The IoT though goes further, due to the nature of the devices. Normal IAM focuses mostly in unidirectional control - user / person is accessing something, when IoT by nature is bidirectional. A connected device sends information out, but also accepts commands, information requests etc.

One gateway to rule them all
So maybe having that “one regulator” that controls all of your appliances is not such a bad idea after all, stuff to think about … thank you Jetsons! (The Jetsons theme song)  And I’m in favour of calling it Rosie 34183_Smiley-robot

No comments: