Is your refrigerator watching you?
Devices — from toasters to turbines — are getting smarter as a wealth of sensors and software give them the capability to monitor their own performance and share data about their use.
Whether it’s a soda machine telling a remote vending company it’s running low on lemon-lime or a faulty light bulb warning a home owner it needs changing, this Internet of Things is introducing myriad new gadgets to network environments.
Coupled with the speedy adoption of smartphones and other mobile devices, the IoT is radically ramping up the number of small but clever nodes communicating over the Internet. Alex Bazin, vice president of emerging technologies and solutions with Fujitsu, cited numbers that predict there will be 50 billion smart devices connected to the Internet by 2020, up from an estimated 10 billion today.
Introducing all those clever devices — capable of gathering information and sharing it — poses two high-level and overlapping challenges: how to structure networks to direct that flow of data and how to secure those networks from security exploits via objects that are minding the store.
Most devices that comprise the Internet of Things are a far cry in sophistication from the intelligent cyborgs that threaten humanity in science-fiction movies. Most perform a few simple functions, including self-diagnosis to identify functional problems and sharing data about use patterns that may be employed for everything from maintenance to marketing.
Nevertheless, all those little communications add up to a significant quantity of compressed data moving across networks in different formats. It’s up to smart administrators to partition them and in a way that ensures the integrity of the system.
One of the key considerations in that role is to separate different types of data and control from each other. For example, administrators will want to separate the telemetry data monitoring the use of smart devices from control systems that allow users with the proper permissions to adjust the operations of those devices via an administrative local area network (LAN).
That means creating separate networks within an environment, multiplexing common data on the one hand and time-partitioning control systems on the other to ensure the data about devices and the control of those devices don’t overlap.
Coming to grips with IoT also requires a good understanding of how and when these devices function and setting up your network to meet them at least halfway.
While many smart devices function within the physical boundaries of the enterprise, companies are also looking for subsecond processing and analysis of realtime data generated by devices located far offsite. Those devices include cable boxes reporting on customers’ viewing patterns in order to generate recommended programming, medical devices delivering telemetry for medical professionals to process, or temperature gauges that can predict malfunctions in an industrial kitchen. In all these cases, a steady flow of data offers a read on performance in the long run while enabling the system to respond immediately if a device reaches a critical threshold.
Fujitsu’s Bazin pointed out that the boom in chatty smart devices will exert a significant influence not only on the volume but on the nature of information traversing the Internet, “Currently most traffic on the Internet is focused on consumption by users of data coming from a single point,” Bazin said. “You’ve got a few nodes of heavy content production, then 10 billion devices consuming a lot of content.”
By contrast, many IoT devices will comprise sensors — simple devices generating small amounts of data very regularly alongside myriad counterparts.
“You’re going from a lot of fairly high-bandwidth consumers to lots of devices generating small amounts of content in regular way and sending them somewhere,” Bazin said. That effectively switches the direction and nature of data being shared over the Internet.
What’s more, different types of enterprises will experience different types of data consumption from their smart devices, resulting in different types of demands on networks and different questions about the type of information that administrators will want to send across corporate firewalls. “If you’re a big retailer with a lot of users in your store during the holiday season, you may try to generate individualized coupons and send them to those shoppers for user-based marketing.” That requires sending that data over a separate network or an individual node that won’t slow the rest of your operations.
What’s more, the sort of data tuned to customers in a retail operation is “very bursty,” varying with the shopping season: While the third week in January is generally very quiet in terms of data being generated, the last week in November is likely to represent an explosion of data. By contrast, a utility company using IoT to monitor power cables will experience a fairly consistent data load across the year. The ability to throttle network bandwidth up and down will be very different in both situations.
Another consideration: How to parse out large quantities of data generated by myriad smart devices to avoid weighing down your network. “You don’t want to be aggregating petabytes of data, then moving it across firewall, then figuring out what 5GB of useful information is there — especially if you’re doing it on daily basis,” Fujitsu’s Bazin said. He cited a statistic that by 2020, the digital universe will comprise 44 exabytes, or 44 trillion gigabytes, of data. “We need a better way of handling 44 exabytes of data, extracting information from it, then extracting knowledge from that information,” he said. Bazin said the best solution is to aggregate the extraction of information from data as close to smart devices’ sensors as possible, before passing that refined information across the firewall.
Closely intertwined with the structure of networks and decisions about how to isolate IoT devices are pressing concerns about the security of these gadgets.
One key area of concern among security experts is the pedigree of the devices themselves, many of which contain embedded versions of Linux that are not clearly vetted for the security of their data and don’t offer the same sort of automated security updates that are featured in commercial smartphones.
What’s more, the precursors of these networked devices were not designed to speak to the Internet; security concerns were mitigated by their isolation and “security through obscurity.” Now that this hardware is communicating across the Web, its security flaws are potentially exposed to exploitation by hackers who may want to use those sensors to monitor the rest of your network — or, for example, overload all the smart air conditioners in a major city to cause a blackout.
Indeed, some devices may come with malign intent baked right in. As far back as 2007, external hard drives were found to have shipped with malware baked in — raising questions about whether foreign manufacturers were attempting to seed the components as part of an effort to pull data from foreign corporate and government sites.
While a direct connection to political espionage has never been established, the IoT can put devices with murky agendas in homes and offices. “Even when you buy a computer, it’s not like you’ve scrutinized every component in there,” said Larry Seltzer, a security consultant who has written for ZDNet and major corporate clients. “Usually it means people learn to trust certain brands. If you buy a back-alley device, you’re opening yourself up to security breaches.”
Nevertheless, the growing number of countries and companies that create components for smart devices means that even with name brands, caution is of the essence. The IEEE has been trying to unite hardware manufacturers behind a single security specification, but so far they have only agreed on rules for communications, not security or interoperability.
So what’s a network to do? From an enterprise perspective, it’s essential to use multiple layers of defense, specifically to isolate devices with unknown security features behind a corporate firewall that adds multiple layers of protection. And onsite, these devices should also be segregated from the rest of the network — to prevent, say, a microwave with bad intentions from tapping into your corporate network to access the data on your company’s computers.
“There’s an argument that you could keep them all on your own subnet,” Seltzer said. “Since these devices tend to be wireless, that makes it easier to tend and monitor them.
“You could carve out a small percentage of your bandwidth for these devices; if something untoward happens, at least you can protect your more general network.”
In addition, Seltzer said, both home and enterprise users should secure smart devices in just the same way that they do any other electronics they bring on site. “All the usual security rules apply: Don’t leave these things with default passwords and user names, use strong passwords, don’t use the same password on all of them. Give each of them different passwords, then write it all down on a piece of paper” or put it into a spreadsheet. As far as that physical record of the different passwords, Seltzer observed: “If someone’s already in your house, you’re compromised.”
The Internet of Things is not a whole new game when it comes to safe and efficient networking, but it vastly accelerates the boom of intelligent devices communicating with users and other hardware.
By the same token, considering each device — no matter how small — a discrete piece of engineering means administrators can give serious thought to the implication of smart objects with unknown capabilities.