Despite the eye rolls sometimes given to the name “Internet of Things” or IoT for short, no one is arguing that the future isn’t connected. Market soothsayers such as Business Insider recently release their revised 2018 IoT market predictions. Some highlights include 1 billion installed IoT devices in just U.S. homes will occur by 2023. 40 billion devices worldwide in the same timeframe. In terms of dollars and cents, in the next two years the Industrial Internet of Things is expected to achieve a market size of $123B with transportation, utilities, and discrete manufacturing leading the way in terms of investment in IoT products and services.
This demand is occurring even as the news is filled with headlines showing the inherent risk of a connected world. Just in the last few weeks these stories have hit the web:
- BBC published “Russian Hackers Penetrate Power Stations”
- Wired published “The Sensors That Power Smart Cities Are a Hacker’s Dream” and “Hackers Found a (Not-So-Easy) Way to Make the Amazon Echo a Spy Bug“
- Ars Technica published “Hack Causes Pacemakers to Deliver Life-threatening Shocks”
- Engadget published “TSMC Says Virus That Shut Down its Plants is a WannaCry Variant”
So why the increased demand for IoT products and services if these are the risks that are inherited by adopting such technology? Answer: There are not insignificant gains (both in efficiency and actual costs) from having ready access to real-time data to inform better decision making. Harley Davidson, for example, reduced its custom build cycle by 36% while growing profitability by almost 4% by IoT-enabling their production facility. Stanley Black and Decker ran an IoT pilot at one of their production plants. They claim that by getting products and machines connected that the real-time visibility allowed the reduce one of their key manufacturing metrics (first-time pass defects per million opportunities) by 16%.
At the same time as the demand side is ratcheting up for the benefits (and the undesired but inherent risks) that IoT delivers we are seeing a maturing of development platforms that are inherently open. Platforms such as the Arduino and Raspberry Pi had massive impacts to the hobbyist market. Inexpensive hardware, free tool-chains (albeit relatively simplistic tools compared to professional grade tools), huge support communities and their open licensing gave them significant appeal. Before the emails roll in, yes, technically the Raspberry Pi itself is not open source hardware as it incorporates proprietary components. But it is certainly incorporated into products that are themselves open. Case in point, my commercially purchased remote garage door opener is built atop a version 1.1 Raspberry Pi A+ single board computer (SBC).
On the Arduino front, any doubt of the professional use case aspirations of the Arduino company was put to rest this year. The move from AVR microcontrollers to ARM Cortex-based has been occurring for a few years. More recently has seen the addition of cryptographic hardware. Boards are now available that incorporate industrial grade communications protocols such as Narrow Band IoT NB classes, LTE CAT M1 networks, LoRaWAN, and Sigfox. This year Arduino branched out from microcontroller technology and into Field Programmable Gate Array (FPGA) hardware with the MKR Vidor 4000 with shields purpose built for CANbus integrations (useful for automotive and drone projects) and RS485 (useful for working with industrial machinery). Later this year they will release the version 2.0 of their integrated development environment that promises to bring professional grade features such as a built-in debugger.
The intersection of the exploding demand for the IoT products/services and the proliferation of open hardware raises some intriguing questions. Specifically with respect to the benefit versus risk conversation. The Open Web Application Security Project (OWASP) has enumerated a list of IoT Attack Surface Areas. In other words, what are all the ways the IoT can be attacked by ill-intending hackers. Looking at the list you can see many competing requirements between openness and security. Some questions that arise:
- Can we have both security and open?
- Will hobbyist and pro-maker products, with arguably less security designed in, become threat platforms exploited by black hat hackers?
- Will disabling advanced features (SSH, UART, GPIO, JTAG) not used by end users having a chilling on power users or those who like to tinker with their devices?
- Will locking down firmware so as to be not accessible via serial port or potting (applying an epoxy over a chip to make it difficult to get physical access to IC pins) memory and storage microchips have a similarly chilling effect?
- Do proprietary or open IoT communications protocols have a better chance of unifying the market? Which are better at providing security to prevent attack such as Man-In-The-Middle (MiTM) attacks?
No doubt we live in interesting times, especially those of us fortunate enough to be working in the embedded hardware space who are building products, solutions, and systems that will have huge impacts on the future. The interplay between openness and security seems to be diametrically opposed from one another. And yet at the same time both are seemingly needed to foster both the trust and the demand to succeed both technologically and economically. It will be fascinating to see that balance play out in the years ahead.
Looking to reach an an engaged audience of embedded professionals and enthusiasts? Advertise with Gears of Resistance and find your audience.
Michael Parks, P.E. is the owner of Green Shoe Garage, a custom electronics design studio and technology consultancy located in Southern Maryland. He produces the Gears of Resistance podcast to help raise public awareness of technical and scientific matters. Michael is also a licensed Professional Engineer in the state of Maryland and holds a Master’s degree in systems engineering from Johns Hopkins University.