Something Scary Happened on the Way to the Internet of Things
By By Casimer DeCusatis, Ph.D. | Posted: 27 April 2015 10:29:59 AM
Twitter | LinkedIn | Facebook | Reddit
There was a lot of discussion at OFC last month about enabling the Internet of Things (IoT), a next generation interconnect technology that could profoundly change almost every aspect of our daily lives. Although the IoT is almost certainly over-hyped right now, at least according to a recent Gartner Group report, there’s a clear trend in the industry towards interconnecting massive numbers of devices on pervasive, wireless networks. I’ve always been an advocate for new technologies, and usually I can’t wait to try out “the next big thing”, but while I can’t wait for some of the new features promised by the IoT, I’m also starting to lose sleep thinking about how to manage and provide security for all those new networked devices.
There are a lot of very cool applications being prototyped for the IoT.
For now most of them are either using existing mobile devices (like smart phones and tablets) or adding wireless capability to existing devices (like thermostats or air conditions systems in so-called “smart buildings”). And there are a lot of innovative applications, such as crowdsourcing data from smart phones to map road conditions in real time, to help identify potholes that need to be fixed or support long-term municipal planning projects. There are also some very encouraging early success stories from smart cities, such as the use of embedded remote sensors in Barcelona, Spain to reduce water consumption, create more parking spaces, and generate new jobs. I tend to agree with the comments made at the OFC 2015 rump session, when an audience member mentioned that smart cities will be the next hot topic at OFC in a few years. I could probably cite a dozen more examples of how IoT is poised to make our lives better, but before we get too carried away I’d also like to pose a few concerns that might limit adoption of these new technologies.
Challenges to Adoption of New Technologies
First, considering the sheer scale and growth rates of many IoT proposals, we’ll need a huge surge in skilled network architects and practitioners to keep pace with network architecture, management, and administration. Depending on which projection you read, the number of devices connected to the Internet is expected to exceed 50 billion by the year 2020. Most people see this as a huge economic opportunity, driving on the order of a $20 Trillion market. But where will we get the skilled people to build and run the IoT ? At a conference for the Association of Technology, Management, and Engineering (ATMAE) last fall a presentation from Cisco noted that the industry currently has around 5 million Cisco-certified networking professionals. If this number were to double in the next five years (which is very aggressive), and assuming a reasonable number of devices per network administrator, we still fall far short of the number of certified network professionals needed to support the IoT. No doubt some of this skill gap can be addressed by broader, more innovative education programs, or by automating administrative functions that are done manually today, but it still presents a formidable challenge. Recent efforts by the International Society of Service Industry Professionals (ISSIP) to promote both education and network automation are trying to address this issue, but we’re not just talking about creating more network admins. We need a new generation of admins with different skill sets, including a greater focus on writing scripts and using APIs instead of CLIs, creating new networked applications with a DevOps approach, and implementing software administration, policy management, and analytics. Existing network practitioners will need continuing education at the same time that we develop new programs to train future network admins to cope with emerging technologies widely discussed at OFC, including NFV and SDN.
Second, there are a host of new security issues associated with the IoT. In the short term, with IoT devices based on mobile phones and smart buildings running operating systems like Linux or Windows, security issues can probably be managed using traditional methods. Of course, I don’t mean to minimize the risks of an attack on a large system with many interdependencies; security professionals are familiar with the widely publicized attack on Target stores, which originated from a phishing attack on their heating & air conditioning contractor. But what about when people start to wireless enable everything from kitchen appliances to clothing? In the long term, IoT connected devices will be disposable, single-use items, like promotional giveaways at theme parks or concerts. Imagine tens of billions of devices popping up on the network, perhaps for only a few minutes or hours, all of them looking like a stripped-down web browser. I suspect many of these devices won’t have built-in security, and won’t be running a hardened operating system like Windows Mobile. In a world where security relies on separating valid users from malicious hackers, it’s a significant challenge to authenticate, identify, and monitor everything that’s going to be connected to the wireless network. Furthermore, all these devices will be generating exabytes of data such as GPS location data. We already generate tons of data for temporary use that isn’t secured (did you ever wonder what happens to all those voice clips that are generated when you ask your smart phone for directions to the nearest coffee shop?) Compounding the problem, the industry is also facing a shortfall of about a million skilled cybersecurity practitioners.
It seems that the OFC professional community has no shortage of challenges to overcome in making the IoT a reality.
There are opportunities for advanced management and security software, as well as high speed optical interconnects for wireless backbone routers, encryption features for high speed fiber optic links, and much more. I’m still cautiously optimistic that we’ll find solutions to these problems (at least until somebody steals my identity after hacking into my heating system next winter). What do you think? Drop me a line on Twitter (@Dr_Casimer), and let me know your biggest concerns about the IoT.
Posted: 27 April 2015 by
By Casimer DeCusatis, Ph.D.
| with 0 comments