Here's how I defined, to myself, the methodology:
* google "IoT challenges" and skim through results for exactly 10 minutes
* get a pint and brainstorm with myself
* let thoughts freely flow for exactly 45 minutes
* 5 minutes to fix sentences and typos
Here's the result.
What are the chief obstacles and Challenges to IoT adoption?
§ Lack of overall security frameworks.
This is not an issue of IoT per se, but how everything is managed. For
example, the SDLC is typically not secure, if any maintenance exists at all.
There are two problems here: the actual hardware (updating the firmware) and
the cloud supporting service. Please note the recent US IoT Security Act
(draft).
§ Secure technologies
The building blocks of IoT, at the thing level, such as network
protocols, micro-storage, IoT OSes, etc, are not secure enough. This is to be
combined with a lack of security wrappers, that could mitigate the intrinsic
lack of security.
§ Security complexity
Considering the many building blocks of a IoT products (hardware,
network, servers, cloud, web, mobile app, etc.), it is virtually under all
threats known to man. If a service is only a website, or a car, at least the
security vectors are confined to that particular technology and implementation.
Quite ironic, Things are small but they sit in a very large area.
§ Physical security
Physically securing a device is really hard and expensive. There are no
off-the-shelf, cheap, readily available, solutions for that. Once it is
physically breached, trust in the user breaks and trust in the Thing itself
also breaks.
§ Security of software management
This is a special case but one of the biggest problems. It only becomes
apparent with scale. On one hand, patching devices is not straightforward. On
the other hand, installed software will take up more space every time. Space is
however limited because updating the hardware will often be impossible or
impractical. What will people do with legacy devices? Just like phones, they
will keep using them, even those aware they are vulnerable to even “script
kiddies”. Some 50% of all the phones in the world are trivially hackable.
§ Liability
If a Thing is compromised it becomes a liability for both the
manufacturer/developer and the user. Today security liability is vastly
undefined (the upcoming NIS directive will partially address this). Most
DDoS-for-hire services use things (like cameras) for that.
§ Liability (2)
There are no robust Insurance products for Security. Fighting liability
easily outweights revenues from the product itself. Preparing for that scenario
(so to limit liability) is still in baby steps before robust compliance
frameworks. From where I stand, it is truly a “do everything you can think of”
because it will sooner than later be used in court. Any little step may be the
difference between going out of business overnight with a penalty and getting a
wrist slap.
§ Liability (3)
If someone's home or car is hacked via the Thing, the company will be
liable up to, as is the case with connected cars, corporate crimes against life.
Today not even medical devices are covered but I expect this to change up to
home surveillance cameras used to watch a baby from a different room in a
house.
§ Corporate Liability/compliance and governance
Security nowadays is based on risk assessments. A Thing made by a
company with no established Security practices will never be able to do
business with established companies (and even less with regulated). When they
accept to manage the risks themselves, they will soon realise the cost of
ownership is too high. There is plenty of lessons from the past.
§ Data Privacy issues
IoT have the potential to collect what seems to be, at first glance,
information that is not problematic. Profiling then becomes an issue (see the
recent Vacuum robot mapping homes and just reselling it - how naive). Things
about the Quantified-Self is a good example. Excellent ideas, excellent
products, (poor business models), but no idea of the ecosystem.
§ Unconvincing business models
The idea that an arduino and a front-end developer is enough. IoT always
comes with the promise of scale but until then the underlying business models
will always seem to me immature. Reason is the actual hardware + software costs
seem to be considered central when they will, necessarily, become marginal. As
an analogy, the cost of producing a car is 10% and 90% is maintaining the
brand, operations, maintenance, parts supply chain, etc.
§ Unconvincing business models (2)
Many still think that collecting Data will, sooner or later, become an
asset. Usually, it comes with little care to Privacy or regulations. Collecting
Data just because it may be monetised in the future will basically become a
liability.
§ Unconvincing business models (3)
The skill set of most IoT companies is ill-incentivised in my opinion.
Hardware and front-end skills are only an enabler. Managing data, the product
lifecycle and the supply chain is the right direction.
§ Lack of killer applications.
Which is surprising. So far, the best is smart meters – do their job,
clear use-case, helpful, fully managed, belonging to the operator and not the
user.
§ Lack of interoperability between IoT
This will be a long lasting one and likely never truly solved. Combined
with interoperability, lack of usability is also a problem once a certain level
is passed. Even today using a printer is a problem and there are countless
academic solutions to autoconfigure a printer. We all get jammed paper and
“cannot find printer” far too often. Further, combining all the data from
several things in order to deliver value is, and always will be, a hard problem
(no shortage of academic papers on it).
§ Things are physically clumsy
Cables and chargers…
No comments:
Post a Comment