Before we begin, we need to understand what is the Internet of Things (IoT)? IoT is any device with an On and Off switch which is connected to the internet and/or connected to each other. The IoT devices include mobile phones, coffee makers, washing machines, headphones, lamps, etc. According to Bernard Marr in “17 Internet of Things Facts Everyone Should Read”, Automated Teller Machines (ATMs) were the first IoT as far as the year 1974. IoT is also defined as the device that collects and transmits data via the internet.
Previously, I wrote about Top 3 Technologies that in my view would become more relevant in 2022 and IoT was one of the technologies mentioned. Hence, today I would like to focus on the challenges of implementing IoT and how companies are maximising the use of IoT. Every technology has its challenges and by knowing what to anticipate would better prepare us in making the right decision with calculated risks.
Dependency On the 3rd Party Vendor
The IoT device is a hardware or appliance, and we are depending on the Manufacturer to make sure the IoT device is secure and sturdy. The device should not include embedded password at the firmware level which any default password would compromise the whole hardware. The Manufacturer should address weak passwords, patching mechanisms and mitigate any insecure data storage.
To achieve this, we should have a more stringent SLA and standards agreement with the Manufacturer for them to comply in their production. A secure engineering practice should be applied and integrated into the product lifecycle management. The device should be able to operate in a hostile environment and fail safely when compromised.
User Awareness on IoT
I always emphasise the Human Factor or End User when we discuss technology implementation. Our End Users should really understand how the IoT works, and the implication should these IoT devices be compromised. In 2010, the Stuxnet Worm attacked the Iranian nuclear facility and infected the centrifuge controlling software. Modern centrifuge is heavily IT dependent as it is a type of IoT device. The attack was originated by an unscanned USB drive plugged into one of the plant’s computers. Reports estimated that Stuxnet Worm had physically damaged about 1000 centrifuges. Fortunately, it did not end up as a nuclear disaster and all of this because 1 user forgot to scan the USB drive.
It is already a challenge to bring average users to adapt to cyber threats and avoid phishing emails, suspicious attachments and to regularly scan their computer with the antivirus. Our users should be very prudent and aware that IoT devices are even more fragile and susceptible to attacks due to the interconnected nature and build. The more the IoT devices we have, the more probability of attack exposure that we would need to confront.
Difficulty in Hardening and Patching
Updates are needed to keep the IoT devices secure and up to date. This is because new vulnerabilities will inevitably be discovered at some point in the future regardless of how much effort the Manufacturer put into creating a secured hardware and software for the IoT device. How these IoT devices are being updated is another question. Imagine that we need to update the sensors that spread across hundreds of acres of plantation field?
Getting a maintenance window is also a challenge. How about the International Airports operations that are running 24×7? Only a very small window would be given to carry out the system maintenance and change deployment. I guess, the COVID-19 pandemic was also a blessing in disguise where IT has sufficient windows to carry out all these hardening and patching updates to make sure all the IoT devices are secured and intact.
Sufficient Physical Security
The IoT devices are usually scattered, and some are placed in remote locations like the sensors for the weather stations. These IoT devices also run with very little or no human intervention at all. These IoT devices may stay for weeks if not months before any physical checking on them. Therefore, it is prone to theft and vandalism.
Even worse, if the device itself is not stolen but the criminal would induce a malware onsite or tapping for sensitive information. Just imagine the adverse impact should this data fall into the wrong hands. The impact of malware is also serious with all the cost to be spent to recover and repair all these IoT devices. That is why the need for sufficient physical security to protect our IoT investments from loss or tampering.
Maximising the Use of IoT
Now that we are aware of the challenges, we should be able to plan better and maximise the use of IoT in the daily operations. The application of IoT is almost limitless and the following are some of the practical applications:
– Increases the flight safety, by having sensors integrated to every component of an aeroplane. Should any equipment malfunction or the flight is having issues in mid-air, the ground crew will be alerted and ready with the rectification team at the next airport that the aeroplane would land. This is because all the data has been transferred to the ground crew by the IoT sensors.
– Increases passenger experience, by having sensors be put in every part of the airport. When the passenger arrives at the airport, the airport operator would be able to detect their location and push notifications on good places to eat and shop. In Miami International Airport, they can even provide a turn by turn guide for the passengers up to the boarding gates, by leveraging on the sensors available in the airport, similar to Waze.
– Now you can manage your house better while you are away. Switching off the fan or TV, brewing the coffee up front before you reach home, activating the CCTV or alarm remotely for safety or even replenishing your fridge stocks by ordering online whenever there is a shortage.
– If you put a simple sensor in anything, it becomes smart, connects to the network, and operates in the best interests of the urban population. Traffic management, water distribution, waste management, urban security, and environmental monitoring are some of the approaches we can leverage by using IoT.
– This is what they have been implementing in some parts of China, where the customers can enter the Supermarket and take their groceries and exit without the need to queue at the cashier counter. This is because the sensors have been put in every area in the Supermarket to detect the exact groceries items that had been picked by the customers and face recognition at the entrance already detected and identified the customer ID and the account that linked to him/her. Isn’t that what we call a convenient and smart retail?
– The technology has increased the efficiency of modern farming with the crops being monitored by drones, humidity sensors, and growth analysers. It would also be more cost-effective, especially if you are running hundreds of acres of plantation with a limited manpower to support.
– The Smart Grids are about managing energy consumption and similar resources in an effective and traceable way. Not only will it help in analysing consumer trends and behaviour, but it will also contribute to making our daily habits more reasonable and cost-effective.
For more reading on Key Areas IoT Application, you can refer to the article here.
Moving Forward – Executing the Plan
Investing in IoT is only the beginning or part of the whole puzzle. Considerations must be put on planning the architecture that links data, decisions, and actions into a self-driving loop. We must also ensure that no IoT is built in isolation because it would impact the Host being unable to talk to each other and not sharing the same protocol of connectivity. Finally, disjointed IoT initiatives would cause Regulatory compliance issues, with lapses in physical safety, cybersecurity risks, and the deteriorating capabilities of handling large complex sets of data. Good luck!
Catch When Expert Meets Expert by Ts. Saiful Bakhtiar Osman articles every bi-weekly Tuesday. Don’t forget to subscribe to stay connected. You are also encouraged to ask questions and seek advice from him.
Share this post
- 07 Nov 2023
- By:Bernadetta Septarini
- Category: When Experts Meet Experts (WEME)
Discover the connection between cybersecurity and sports with Tony Smith, Regional VP at WithSecure. Let’s achieve the ‘Hole-in-One’ of Digital Defense.
- 07 Nov 2022
- By:Eugene Chung
- Category: When Experts Meet Experts (WEME)
How do Cybersecurity sales convince prospects to trust their services and/or products? Learn more about it from ArmourZero’s mentor and expert Eugene Chung.