IoT, or Internet of Things, devices can generate up to trillions of data points per second depending on the ecosphere in which they inhabit. These devices are not necessarily stationary either. Some may move within a designated geography, while others roam as free in and out of an area as one could imagine simply by being attached to a person rather than a thing. Each of these devices is created by a host of manufacturers over potential several generations with varying degrees of interoperability, security, efficiency, and effectiveness. With over 31 billion, and growing, IoT devices deployed they permeate almost every facet of our lives. It is anticipated that by 2025 over 75 billion devices will be generating petabytes of data per second. Impressive as this sounds, it still is less than .006% of “things” that can be connected and the race to fill that void is staggering.
First coined in 1999 by Kevin Ashton, IoT did not really start its meteoric rise until just over a decade later when a Garner report (2011) listed it as a new and rising technology. Since then, the AEC (Architecture/Engineering/ Construction) industry embraced the possibilities of smart building technology in creating more efficient buildings that worked within parameters set by its occupants to accomplish many desired outcomes – sustainability being a leading one.
As networks, storage, and IoT devices have improved, we have moved from an Internet where people were the primary client/customer, and the data generated by them and was analyzed after the fact. We have now moved to one where things reign supreme and the data is generated first and we need to sift through it to analyze it and decide what is useful and relevant. Out of this massive data cache, we have seen a division of IoT into five basic branches that each form their own unique universes, but as some suggest with our own Universe, cross over each other and can help or hinder. These include Consumer, Commercial, Industrial, Infrastructure, and Military.
Within each of these applications, the technology deployed and the data collected generated several dilemmas. The largest of these is who owns the data and who determines what is collected and how it is to be used. The best example of this is within our tech companies such as Google, Facebook, Apple, and others who target trillions of points of data of its users through the use of their services – passive or otherwise – that can then be parsed, analyzed, and monetized and has often been the target of privacy rights groups, yet we benefit from that data.
We also have seen how that data can be used for nefarious intentions as well with the recent political unrest surrounding the Presidential Election in the US where data was used to monetize and organize, and not always for altruistic purposes. A building owner may think they own their data but that may not be the case. Another significant issue is the security of these devices. While we may be in an age of IoT where there are many mature players who have developed, often through trial and error, robust IoT devices that can be effectively placed in a built environment, there are still many newcomers rushing to market, lacking in experience, or with not-so-great intentions producing IoT products that open vulnerabilities to the bad actors or self-induced catastrophes. These can include weak, bad, or hardcoded passwords; insecure or unneeded network services; insecure edge devices; outdated firmware, hardware, or software, and many other security holes.
Smart solutions with an intelligent building or complex being designed and built must take into account not just these vulnerabilities within the systems designed into the buildings, but also must look at the transient devices that are IoT connected to protect from failure points. This is often one of the biggest tasks overlooked by owners, occupants, and the design and construction teams where blinders are worn to anything that isn’t attached to the building. This opens up the project for failure points and security vulnerabilities.
Current generations of devices have limited intelligence at the edge mainly due to lack of computing power and storage, however, that continues to change at an exponential pace. This is mainly a factor that on-demand information requirements are changing and latency of processing in the cloud slows things down. So as these edge devices improve, vulnerabilities could increase more than there are today and transient devices that may connect to a building’s edge topography will cause headaches down the line.
Blockchain technology, as is used in Bitcoin transactions, has been continuing to make inroads in the IoT world and has the promise to advance security but this needs to be coupled with a thorough threat assessment beyond the boundaries of the project in addition to the actual architecture of a projects IoT solution. Other security features continue to be developed and integrated but until the IoT industry truly aligns and overseeing authorities place limits on what is acceptable IoT will continue to be a wild west.