The Internet of Things (IoT) is a hot, hot topic today, not only because it’s something new and interesting, but because it has the potential to change how businesses are run. And businesses are starting to figure that out.
The trouble is, new fields lack standards and best practices, and, for that matter, knowledge coming from experience. That’s why the IoT Coalition Canada (IoTCC), a community group managed by InsightaaS, is uniting buy-side executives, vendors of many different types of products and services, leading academics and other experts to work on the co-creation of Canadian-based IoT Best Practices.
In collaboration with Datacenter Dynamics, this month the IoTCC staged an IoT Bootcamp in Toronto to help businesses work through some of the issues. Experts including Rick Huijbregts, Cisco Canada’s VP, digital transformation and innovation, Savio Lee, IoT practice lead at Ingram Micro, InsightaaS analysts Mary Allen and Michael O’Neil, Faud Khan, CEO of Twelvedot, and Shawn Slack, CIO of the City of Mississauga led discussions on three aspects of IoT: intelligence in community ecosystems, building the IoT stack, and privacy and security. Then all participants worked through case studies focusing on these areas.
The first panel focused on intelligent communities, although Campbell Patterson of the Intelligent Communities Forum noted that this concept can encompass anything from city government to a farm or private sector innovation. While geographical boundaries are elastic, users, providers, and suppliers all have a stake in IoT; it’s not just government.
But it takes more than technology, Huijbregts said. We need to create a national dialogue to solve the greater challenge: leadership. Someone has to mobilize the community, but no-one can do it alone. It will take public and private partnerships, rolling in builders of roads and electrical systems and other infrastructure components, with technology as the enabler.
“We need to agree on standards,” he said, adding that, for connectivity, Internet Protocol (IP) is already the defacto standard.
“It’s a collaboration,” Slack agreed. “But we have to keep in mind that we’re building cities for people, and for the economy. In our strategic plan, we talk about outcomes, not technology.” He said that Mississauga has over 50 construction projects underway, connecting traffic, pylons, sensors, and more. Once IoT is deployed, a city has much more data to work with. Then, he said, “We need to decide what problem we’re solving.”
Patterson agreed – cities need a strategy for why they’re doing anything before looking at technology. But, he added, “If we don’t have the underlying technology, it won’t happen.”
There’s a considerable amount of IoT technology in the world today, he said, in power systems, sewage and water treatment, and in transportation.
“Part of the challenge is that those who pay may not be those who benefit,” Huijbregts noted. “We need to elevate to a city value conversation, align to the city business strategy, and map use cases against the strategy.”
Another issue is that departments tend to build single use systems, Slack noted. For example, in Mississauga the traffic department wanted to run copper cabling to run the traffic lights and sensors, rather than use the city’s fibre network. “It’s a matter of trust,” he said. But council saw the benefit of shared usage, and pressed the issue. “Funding will come because it will improve traffic or transit.”
“It’s about creating a collaborative ecosystem,” Huijbregts added. “Bring citizens into the dialogue.”
The gap is in the way governments connect the dots between policy and people, Patterson said. The federal government is still not making connections between departments.
Slack agreed. “Other federal governments are funding and planning,” he said. “The policy framework piece is missing in Canada.”
The group then moved on to the issue of building the IoT stack, with Ingram Micro’s Lee and Michael Cardy, chief strategist at Red Hat, picking up the discussion.
“The IoT is ecosystem driven,” said Cardy. “It forces us to integrate several companies’ products together to assemble IoT solutions.” Standards, however, are an issue, with what he called “diversions” hampering integration. “It’s important as we build out the ecosystem to come together on standards.”
Skills, too, are a challenge. Lee pointed out that we need people with networking, development, security, and hardware skills, plus IoT architects, to pull things together. “IoT is disruptive,” he added, “so we need people to talk to stakeholders and decision makers.”
Privacy and security was top priority for all presenters. Security expert Faud Khan, CEO of Twelvedot, Matthew Swarney, director of government affairs at Motorola Solutions, and independent consultant Peter Maddison picked up the discussion on this critical topic, with Khan introducing a new concept: cyber-physical, which he defined as a system consisting of a collection of computing devices communicating with one another and interacting with the physical world via sensors and actuators in a feedback loop. He explained that it’s a game-changer; IoT devices have been around for many years, but their connectivity is new, and this has enabled things like the recent denial of service attack on the krebsonsecurity website, which was conducted through hijacked IoT devices. It is, he said, a threat to personal safety.
It also has privacy impacts, added Swarney, who said, “It’s less about machines and more about people.” We have to be careful what information is gathered, and how it’s used, because uncontrolled collection and usage can lead to poor policy decisions. For example, the results of genetic analysis can be used to deny insurance coverage. “We have to be careful about what the data is telling us,” he said. “We have to use it to benefit people.”
We also need to prioritize security from the inception of a project. “Security and privacy can’t be bolted on,” said Maddison. “It must be by design. We must bake in security and governance controls.” That means we have to understand what data is being collected, how it will be used, and who will access it, as well as determining what can be shared, and with whom.
Without these controls, there can be trouble, and, Khan pointed out, “Lawyers always cost more than engineers.” Companies can save tens of millions of dollars by designing security into their products and processes, even in unexpected areas. For example, people don’t think about supply chain security, Khan said, yet he has even seen phone systems compromised during shipment so their purchasers can be spied upon.
Companies also need to keep abreast of legislation and standards. “Changes in law are often driven by headlines,” noted Swarney. “They codify public sentiment.” He believes that the more industry and governments take human and technology factors into account, the less prescriptive laws will be, and that’s good. Prescriptive laws, he said, can hinder innovation. “I think people should look at what they can do without legislative change.”
But, as Maddison explained, with data spread across more and more devices, the privacy and security team needs to be able to work in multiple areas, managing security across departments and even cross company barriers to deal with partners.
“It comes down to process,” said Khan. “You have to understand the data lifecycle.” He advocates looking at all components, including any third parties involved, and creating auditable outputs that can be used should a breach occur. And, he said, in that eventuality, make sure everyone knows what to do, adding, “Your first call should be to your lawyer.”
Companies have to understand the risks of collecting data, Swarney said, and balance them against the benefits. And the longer the data is to be kept, the more robust the business case should be. Data security should not be in a silo, it should be part of the company culture.
Khan noted that one big flaw with IoT devices is that many are not field upgradeable. That means if an issue is detected with a device, it can’t be corrected, and that puts the users at risk. “If it’s not upgradeable, you’re a sitting duck,” he cautioned.
The IoT Coalition Canada currently runs six working groups aimed at accelerating adoption of IoT solutions, including IoValue: Intelligence in Community Ecosystems; IoValue: Intelligent Industry; IoValue: Intelligent Customer Experience; Backing the Winners in Building the IoT Stack; Privacy and Security; and The IoT Ecosystem: Definition and Development. IoTCC recruits new members on an ongoing basis. For more information, contact Mary Allen firstname.lastname@example.org