you're reading...
Application Security, Change Management, Cloud Security, Future Internet, Future Tecnology, General, Information Security Governance, Information Technology, Internet of Things, Mobile Technology, Organization Change, Privacy Law Compliance, Risk Management, Risks, SDLC Security, Security, Security Risk, Threats, Transformation

The Future of Technology, Privacy, Security and Risks (part 5 of 5)

Internet of Things (IoT) is real and it’s here.

IoT-Cover2Funny thing about when people talk about “the next big thing,” or the “new hype”,  some get the big picture but some never thinking big enough and the worse, some prevent that they get it — actually it’s not a lack of imagination; it’s a lack of exposure and observations. I’ve always maintained that the future is always within reach, and you don’t need to imagine what’s already here —  yes, IoT is real, it’s happening now and the IoT implementations will expand significantly in the future. The business benefits of IoT are significant— lives saved, money saved, performance and productivity increased—and the pathway to realizing these benefits is clearing as costs decrease, technologies expand, and people expect new experiences. As with any new capability or technology, though, it will take time for most people and organizations to get used to IoT, familiarize themselves with it, and start investing and participating in it.

IoT MedicalIn Part 2 of The Future of Technology, Privacy, Security and Risks have shown us, and with IoT devices and advanced data analytics are revolutionizing how medical practitioners connect with and care for patients—at home, in a hospital room, or through remote virtual meetings elsewhere. More and more every day, people are wearing wide range of  smart devices like wristbands to record activities that inform their insurance policies and care instructions or their doctor about health status. This data, in turn, can inform insurance companies setting health care costs, and help doctors personalize care instructions and medication prescription. Imagine an emergency room visit, where seconds can save lives. EMT staff use IoT devices to access real-time patient data to deliver immediate care, while patient sensors automatically consent to share that data securely. In hospitals, smart IoT-connected kiosks provide real-time data about a patient’s medical history, as well as show key information about the room’s environment. Doctors no longer need to bring laptops—and the countless contaminants they contain—into hospital rooms to access patient records and make diagnoses. Equipped with smart devices installed in rooms, doctors can visualize patient data that is secured, aggregated, and normalized through advanced analytic algorithms. With the voice command to the kiosk, a doctor can receive real-time vital information, connect with other doctors in the hospital (or wherever they may be), and send blood test orders to labs and prescription orders to pharmacies—all while staying by a patient’s bedside. IoT technology is reducing inefficient paper pushing, improving communications, and ultimately increasing time spent with patients.

IoT AutomotiveIn Part 3 of The Future of Technology, Privacy, Security and Risks have shown us that there have been exciting recent developments around IoT in the automotive industry. Automakers, telecommunication service providers and leading technology companies are coming together to build the Smart Vehicle (Smart Car). Imagine your vehicle transmitting data every millisecond (or faster), talking to another vehicles, weather sensors, and traffic lights. Imagine your vehicle driving autonomously and keeping you safe from all sorts road hazards. With IoT, where interconnected devices share critical data, this is all possible. This is possible through Vehicle-to-Vehicle (V2V) communication, i.e. wireless exchange of the position, speed and location data between near-by vehicles can help to sense impending threat and offer the opportunity to improve the safety of commuters significantly. Each vehicle will continuously broadcast an ‘I Am Here’ message along with the speed and position from its computer.

While “Vehicle-to-Infrastructure” (V2X) communication is the wireless exchange of information between vehicles and roadside infrastructure (e.g. Smart Traffic, Smart Road and etc — see below). The vehicles in transit will communicate with the roads, digital signage, traffic lights, safety and control systems. With this basically reduce if not eliminate vehicular accidents and solve traffic congestion through intelligent safety applications. With this advancement, imagine before you leave for work, your smart phone displays your car’s condition—fuel, tire pressure, and brake pads levels. Weather conditions and traffic patterns, and offered alternate routes as your vehicle reads weather sensors and smart infrastructure. Vehicles talk to one another, sharing data through secure, dedicated frequencies, while biometric sensors measure your cognitive abilities behind the wheel. Micro-level, time-specific, highly personalized information that helps you navigate safely.

We all know that IoT is not limited to Medical and Automotive industry, but believe it or not some IoT devices already exist today and available in the market.

Industries Projects Descriptions
Smart Cities Smart Parking Monitoring of parking spaces availability in the city.
Structural health Monitoring of vibrations and material conditions in buildings, bridges and historical monuments.
Smartphone Detection Detect iPhone and Android devices and in general any device which works with WiFi or Bluetooth interfaces.
 Traffic Congestion Monitoring of vehicles and pedestrian levels to optimize driving and walking routes.
Smart Lighting Intelligent and weather adaptive lighting in street lights.
Waste Management Detection of rubbish levels in containers to optimize the trash collection routes.
Smart Roads Intelligent Highways with warning messages and diversions according to climate conditions and unexpected events like accidents or traffic jams.
Smart Environment Forest Fire Detection Monitoring of combustion gases and preemptive fire conditions to define alert zones.
Air Pollution Control of CO2 emissions of factories, pollution emitted by cars and toxic gases generated in farms.
Landslide and Avalanche Prevention Monitoring of soil moisture, vibrations and earth density to detect dangerous patterns in land conditions.
Earthquake Early Detection Distributed control in specific places of tremors.
Smart Water Potable water monitoring Monitor the quality of tap water in cities.
Chemical leakage detection in rivers Detect leakages and wastes of factories in rivers.
Swimming pool remote measurement Control remotely the swimming pool conditions.
Pollution levels in the sea Control real-time leakages and wastes in the sea.
Water Leakages Detection of liquid presence outside tanks and pressure variations along pipes.
Smart Metering Smart Grid Energy consumption monitoring and management.
Tank level Monitoring of water, oil and gas levels in storage tanks and cisterns.
Photo-voltaic Installations Monitoring and optimization of performance in solar energy plants.
Silos Stock Calculation Measurement of emptiness level and weight of the goods.
Security and Emergencies Perimeter Access Control Access control to restricted areas and detection of people in non-authorized areas.
Liquid Presence Liquid detection in data centers, warehouses and sensitive building grounds to prevent break downs and corrosion.
Radiation Levels Distributed measurement of radiation levels in nuclear power stations surroundings to generate leakage alerts.
Explosive and Hazardous Gases Detection of gas levels and leakages in industrial environments, surroundings of chemical factories and inside mines.
Retail Supply Chain Control Monitoring of storage conditions along the supply chain and product tracking for traceability purposes.
Intelligent Shopping Applications Getting advises in the point of sale according to customer habits, preferences, presence of allergic components for them or expiring dates.
Smart Product Management Control of rotation of products in shelves and warehouses to automate restocking processes.
Logistics Quality of Shipment Conditions Monitoring of vibrations, strokes, container openings or cold chain maintenance for insurance purposes.
Item Location Search of individual items in big surfaces like warehouses or harbours.
Storage Incompatibility Detection Warning emission on containers storing inflammable goods closed to others containing explosive material.
Fleet Tracking Control of routes followed for delicate goods like medical drugs, jewels or dangerous merchandises.
Industrial Control M2M Applications Machine auto-diagnosis and assets control.
Indoor Air Quality Monitoring of toxic gas and oxygen levels inside chemical plants to ensure workers and goods safety.
Temperature Monitoring Control of temperature inside industrial and medical fridges with sensitive merchandise.
Indoor Location Asset indoor location by using active and passive tags (RFID/NFC).
Vehicle Auto-diagnosis Information collection from CanBus to send real time alarms to emergencies or provide advice to drivers.
Smart Agriculture Green Houses Control micro-climate conditions to maximize the production of fruits and vegetables and its quality.
Domestic and  Home Automation Remote Control Appliances Switching on and off remotely appliances to avoid accidents and save energy.
Health Medical Fridges Control of conditions inside freezers storing vaccines, medicines and organic elements.
Patients Surveillance Monitoring of conditions of patients inside hospitals and in old people’s home.

Lists above are just few of the example of current and available “smart” devices that are considered internet ready.

Risks and Business Benefits

IoT-Risk and RewardsUndoubtedly, that there are hug potential business benefits from the IoT but also potential data security and privacy risks. In part 1 of The Future of Technology, Privacy, Security and Risks,  U.S. President Obama said “If We’re Going To Be Connected, Then We Need To Be Protected”. Having said this, U.S. government acknowledge that the future is now, and have outline series of proposal and steps to mitigate risks of data privacy and security. In same light, The FTC Chair Edith Ramirez (D), have presented a case to Consumer Electronics Show on January 6 in Las Vegas – IoTs Risks and Rewards: Privacy and security risks could undermine widespread consumer adoption of connected devices. She commented “Whether it is a remote valet parking assistant, which allows drivers to get out of their cars and remotely guide their empty car to a parking spot; a new fashionable bracelet that allows consumers to check their texts and see reviews of nearby restaurants; or smart glucose meters, which make glucose readings accessible both to those afflicted with diabetes and their doctors, the IoT has the potential to transform our daily lives.”

She also added “the year we start hearing about smart-home hacking.” The same “connected devices that provide increased convenience and improve health services are also collecting, transmitting, storing, and often sharing vast amounts of consumer data, some of it highly personal.”

Most of us, if not all, will agree, that IoT poses three key challenges to consumer privacy and security and these are:

  1. Ubiquitous data collection;
  2. Potential for unexpected uses of consumer data that could have adverse consequences; and
  3. Heightened security risks.”

All of these, feeding the threats of data brokers and Big Data analysis could “undermine consumer trust,” which she believes “is as important to the widespread consumer adoption of new IoT products and services as a network connection is to the functionality of an IoT device.” The IoT adoption is no joke, typically involve large amount of money: the estimated number of networked devices in use by the year 2020 (30 billion), connected vehicles projected to reach roadways in the next few years (one in five cars), and the potential global economic impact the IoT could create by 2025 (up to US $11 trillion). These totals are indeed remarkable, and they offer consumers and organizations a sense of the tremendous scale at which connected devices are operating and growing.

In the next 10 to 15 years more and more organization will have cyber security services devoted to protecting business initiatives using devices and services in the IoT, cyber security as the risk-driven expansion and extension of current security risk practices that protect organization assets of all forms in the cyber business and ensures that relationships among those assets can be trusted. The IoT is redrawing the lines of IT accountabilities for the organizations.  IT Governance, management and operations of security functions will need to be significant to accommodate expanded accountabilities, similar to the ways that bring your own device (BYOD), mobile devices and cloud computing delivery have required changes – but on a much larger scale and in greater breadth.

What are the risks?

With the potential connection in billions of these smart devices, the number and type of attack vectors will definitely increase, as will the amount of data collected, it present new daunting challenge for organization and IT or Information Security professional. It’s not a question if attacks will happen, but when. There’s huge opportunity for the attackers financially if not terrorism, and all organizations must understand how attackers pursue valuable. As we learned from previous blogs, IoT has hug impact on financial, healthcare, safety, and quality of life, and it’s indisputable that security risks are growing and becoming more complicated.

When it comes to IoT, and its ability to firewalled itself from all attack is very limited.  IoT devices could be used as infection vectors to spread malware across organizations, or become the source of denial-of-service attacks which could in turn cause damage or in some instances, loss of life.

“The small size and limited processing power of many connected devices could inhibit encryption and other robust security measures,” said Edith Ramirez, Chairwoman, US Federal Trade Commission, in an address to the 2015 International Consumer Electronics Show in Las Vegas. “Moreover, some connected devices are low-cost and essentially disposable. If a vulnerability is discovered on that type of device, it may be difficult to update the software or apply a patch – or even to get news of a fix to consumers.”

As we coming closer of realizing IoT benefits, a growing requirement for better security and privacy protection systems and processes is evident in new market sectors such as smart car, medical, smart cities and etc. But sensitivities and priorities vary across sectors. While physical and cyber security is vital in energy generation and distribution, for example, patient confidentiality and privacy is a bigger concern in digital health systems.

Aside from security risk, we have to deal with privacy as well. When attacker have collected enough information which reach a point where they can begin correlating information from different sources (devices)—a car, a smartphone, a home automation system— attacker will gain a much information about the user than if they were looking at information from only one device, system, or application. These details about users, from their shopping habits to their physical location, will allow actors to launch well-crafted, highly targeted campaigns at a level of sophistication never before seen.

Cover TitleCompliance requirements and frameworks also vary across geographic regions. According to the charity Privacy International, although more than 100 countries around the world had enacted comprehensive data protection legislation by August 2014, many others had partial privacy laws applying solely to children or financial records, for example. It’s already apparent that networks are only as secure as their weakest link, and security in a hyper-connected world has to be a collaborative effort. “There’s little value in being super-secure in your own right if you’re not sharing that level of security with those you are connected to,” Stock says. “Security should not really be a differentiator in the IoT. You want to be looking at a collaborative approach to security and privacy and trying to raise the collective bar.”

To assess risk holistically, numerous organization, operational, and technical risk areas must be considered to balance such business benefits. According to ISACA – Internet of Things: Risk and Values Considerations, An ISACA Intermet of Things Series of White Paper – specific risks depend on usage, some of the IoT-usage risks areas that practitioners should consider to follow:

Business Risk:

  • Health and Safety
  • Regulatory Compliance
  • User Privacy
  • Unexpected costs

Operational risk:

  • Inappropriate access to functionality
  • shadow usage
  • performance

Technical risk:

  • device vulnerabilities
  • device updates
  • device management

Conclusion: IoT Governance

Enterprise Governance Framework

Enterprise Governance Framework

IT Governance creates clarity between business goals and IoT projects. IT Governance can:

  • Provide clarity around the organizations business strategy and successfully aligning the (IoT) technology strategy to the business strategy;
  • Able to clearly show alignment between the business strategy and the IT initiatives – by mapping the links between business objectives and project objectives;
  • Facilitate best practice for each initiative by using a business case to show a project will improve business capability;
  • Facilitate agreement on priorities for the business or organisation – as a group looking at the entire enterprise;
  • Attain agreement on which priorities should finish first; and
  • Effective resource management – by understanding the resources necessary to accomplish the initiatives – good governance establishes priorities on resources – both human and financial. Having capital funds is not enough, having the people is usually more difficult.

Having a IoT governance is a remaining key challenges and by adapting and implementing the right governance framework (as shown above – IT Governance Framework) is critical to IoT’s success across all aspects from architecture, through standards to implementation.

IoT embraces a breadth of established, emerging and evolving technologies across a variety of vertical domains that to achieve open inter-operability and an environment for market driven application innovation IoT requires an inclusive governance framework which is as yet inexistent. The value of independent leadership, the development of multi-stakeholder supported criteria and backed by the regulatory/laws would be in providing a suitable adequately resource backed initiative to establish a trusted environment for multi-stakeholder participation and support. This offers the best opportunity to minimize the persistent risk of IoT fragmentation between ISPs, logistics, supply chain, Smart Cards/Embedded, ITS, Banking/payment, etc. each with their own preferred agenda backed by their particular sector governance body.

Trust and usability are critical success factors for much of ICT, IoT included. IoT security and privacy features addressing today’s needs and those that provisions for the requirements of tomorrow need to be sympathetic to the end user while accommodating an anticipated increasing complexity of requirements from the expansion of cross domain applications. Performance, complexity, costs are all factors which influence adoption in addition to those that engender trust. While there have been important progress made and actions planned to address usability there are nevertheless remaining a number of potential gaps in the overall ‘trust’ framework where further research would be potentially beneficial.

Relevant links:

  1. US Federal Trade Commission workshop on “Privacy and Security Implications of the Internet of Things” 
  2. Kantara Initiative and its User Managed Access work group.
  3. The Internet Governance Forum.
  4. Internet Corporation for Assigned Names and Numbers.
  5. World Privacy Forum.
  6. Future of Privacy.
  7. IoT Forum
  8. IoT List
  9. Cisco IoT
  10. Intel
  11. IBM
  12. ISACA IT Governance



  1. Pingback: What are the challenges we faced to today? | Daniel Vizcayno's Insights - 02/07/2016

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s



Blog Stats

  • 37,940 hits
October 2015
« Sep   Nov »
Follow Daniel Vizcayno's Insights on WordPress.com

Member of The Internet Defense League

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,148 other followers

%d bloggers like this: