The paper analyzes the various security and regulatory frameworks around "Internet of Things" put in place by prominent organizations and bodies across the globe and proposes a consolidated model for IoT ecosystem governance.
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
Brief introduction to the security threats relating to Internet of Things (IOT) and some techniques pot protect against them.
Presented at SetSquared event: The Internet of Threats: start-up opportunities in IoT security 7/10/2015
Internet of Things (IoT) devices are everywhere, and they're not going away any time soon.Here are some Security Challenges of IoT. #ChromeInfotech
1. How does IoT works?
2. What are the top security challenges that a mobile application developers face?
3. What are the challenges that IoT brings to mobile developers?
Internet of Things means every household or handy device which is used to make our world easy and better and connected with IP which transmit some data.
This slide covers IOT description, OWASP Top 10 2014 & its recommendations.
IoT Security Middleware: evaluating the threats and protecting against themNick Allott
Brief introduction to the security threats relating to Internet of Things (IOT) and some techniques pot protect against them.
Presented at SetSquared event: The Internet of Threats: start-up opportunities in IoT security 7/10/2015
Internet of Things (IoT) devices are everywhere, and they're not going away any time soon.Here are some Security Challenges of IoT. #ChromeInfotech
1. How does IoT works?
2. What are the top security challenges that a mobile application developers face?
3. What are the challenges that IoT brings to mobile developers?
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
We are in the age of Cybercrimes and just getting started with Internet of Things. There will be a huge demand for IoT as 50 billion connected devices will be deployed across the globe by 2020. These devices will communicate with each other where the web and the physical world will meet with different set of internet infrastructure and protocols. This in turn, will not only help us in saving money, but also provide us with more options.
Discussion Topics:
• The importance of IoT
• How will they impact in our everyday lives?
• Is Internet of Things Secure?
• Securing Internet of Things
But, the Tech buzz is all about: Security of Things (Security in the Internet of Things). How far these Internet of Things can be trusted? Can these IoT devices be hacked? How they have become the Next Cyber Security Target for hackers? How can we secure Internet of Things?
For more details, please visit www.clictest.com or drop us an email to info@clictest.com
Approaches to Security and Privacy when developing new Internet of Things (IoT) and Big Data Analytics products presented at WaveFront Summits, Ottawa, 2015
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
Security in the Internet Of Things.
Every IoT project must be designed with security in mind. Identity Relationship Management is a must for a successful IoT implementation.
Internet of Things (IoT) is an emerging platform for human interaction. As such it needs enough security and privacy guarantees to make it an attractive platform for people to come onboard.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Lead Security Architect At Lloyds Bank Group
Watch more from Data Natives Berlin 2016 here: http://bit.ly/2fE1sEo
Visit the conference website to learn more: www.datanatives.io
Follow Data Natives:
https://www.facebook.com/DataNatives
https://twitter.com/DataNativesConf
Stay Connected to Data Natives by Email: Subscribe to our newsletter to get the news first about Data Natives 2017: http://bit.ly/1WMJAqS
About the Author:
Anish has been working in the security and cryptography area for the past 15 years, as a researcher and as a consultant. His first brush with payments systems was 15 years ago when he was involved in building a micropayments system for Ericsson. He has spent half his career researching cryptographic algorithms and protocols at three different research groups including Microsoft Research. He also has published multiple papers in the area of security and cryptography and contributed to thought leadership in security space, through guides, POV, white papers and talks. He has also worked as a strategy consultant for Accenture and Capgemini. Most recently he has been involved in the Blockchain ecosystem as one of the founding members of UKDCA . He is also on the advisory board for Ripple Labs, IEET, EA ventures, Adjoint and Chain of Things. These days he works for large UK bank where he is lead security architect.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
IEEE CS Keynote at 20th Annual Conference on Advanced Computing and Communications (ADCOM 2014), Bangaluru, India, September 19, 2014 by Prof. Raj Jain. The talk covers What are Things?, Internet of Things, Sample IoT Applications, What’s Smart?, 4 Levels of Smartness, Internet of Brains, Why IoT Now?, Funding, Google Trends, Research Funding for IoT, Business Opportunities, Venture Activities in IoT, Recent IoT Products, IoT Research Challenges, Internet of Harmful Things, Beacons, Power per MB, Datalink Issues, Ant-Sized IoT Passive Radios, Networking Issues, Last 100m Protocols, Recent Protocols for IoT, Legacy IoT Protocols, Standardization, Fog Computing, Micro-Clouds on Cell-Towers, The Problem Statement, Services in a Cloud of Clouds.
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Rob Alderfer, Moderator
Vice President Technology Policy, CableLabs
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
Chaz Lever
Lead Reseacher, Georgia Tech
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
Thought Leadership Webinar - Internet of things (IoT): The Next Cyber Securit...ClicTest
We are in the age of Cybercrimes and just getting started with Internet of Things. There will be a huge demand for IoT as 50 billion connected devices will be deployed across the globe by 2020. These devices will communicate with each other where the web and the physical world will meet with different set of internet infrastructure and protocols. This in turn, will not only help us in saving money, but also provide us with more options.
Discussion Topics:
• The importance of IoT
• How will they impact in our everyday lives?
• Is Internet of Things Secure?
• Securing Internet of Things
But, the Tech buzz is all about: Security of Things (Security in the Internet of Things). How far these Internet of Things can be trusted? Can these IoT devices be hacked? How they have become the Next Cyber Security Target for hackers? How can we secure Internet of Things?
For more details, please visit www.clictest.com or drop us an email to info@clictest.com
Approaches to Security and Privacy when developing new Internet of Things (IoT) and Big Data Analytics products presented at WaveFront Summits, Ottawa, 2015
An overview of security and privacy challenges that must be faced and solved when creating new Things for the Internet of Things. We discussed why are Things inherently insecure together with examples of attack vectors and learned some risk mitigation strategies. We realized why should users be wary of Things violating their privacy and gained awareness of upcoming EU privacy legislation that affects providers of IoT-based solutions. Talk given at Pixels Camp 2017, Lisbon.
The IoT Era Begins
Components of IoT-Enabled Things
IoT Reference model
IoT Security
IoT Security & Privacy Req. defined by ITU-T
An IoT Security Framework
IoT Security Challenges
Internet of Things - Liability
IoT security tools
Security in the Internet Of Things.
Every IoT project must be designed with security in mind. Identity Relationship Management is a must for a successful IoT implementation.
Internet of Things (IoT) is an emerging platform for human interaction. As such it needs enough security and privacy guarantees to make it an attractive platform for people to come onboard.
Understanding what is IoT security
What is the scope of IoT security
Uses of IoT and where do we see it in our daily life
Possible attack surface and likelihood of IoT-related attacks
IoT specific security assessment (understanding approach, IoT protocols, how it is a combination of different type assessments)
The myths of IoT security and the way it has progressed in past few years and how far fetched it can be.
Available Resources and Tools
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Le...Dataconomy Media
"Cybersecurity - Current Landscape and Future Challenges", Anish Mohammed, Lead Security Architect At Lloyds Bank Group
Watch more from Data Natives Berlin 2016 here: http://bit.ly/2fE1sEo
Visit the conference website to learn more: www.datanatives.io
Follow Data Natives:
https://www.facebook.com/DataNatives
https://twitter.com/DataNativesConf
Stay Connected to Data Natives by Email: Subscribe to our newsletter to get the news first about Data Natives 2017: http://bit.ly/1WMJAqS
About the Author:
Anish has been working in the security and cryptography area for the past 15 years, as a researcher and as a consultant. His first brush with payments systems was 15 years ago when he was involved in building a micropayments system for Ericsson. He has spent half his career researching cryptographic algorithms and protocols at three different research groups including Microsoft Research. He also has published multiple papers in the area of security and cryptography and contributed to thought leadership in security space, through guides, POV, white papers and talks. He has also worked as a strategy consultant for Accenture and Capgemini. Most recently he has been involved in the Blockchain ecosystem as one of the founding members of UKDCA . He is also on the advisory board for Ripple Labs, IEET, EA ventures, Adjoint and Chain of Things. These days he works for large UK bank where he is lead security architect.
IoT Security – Executing an Effective Security Testing Process EC-Council
Deral Heiland CISSP, serves as a the Research Lead (IoT) for Rapid7. Deral has over 20 years of experience in the Information Technology field, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 10+ years Deral’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Deral also has conducted security research on a numerous technical subjects, releasing white papers, security advisories, and has presented the information at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, RSAC, Hack In Paris. Deral has been interviewed by and quoted by several media outlets and publications including ABC World News Tonight, BBC, Consumer Reports, MIT Technical Review, SC Magazine, Threat Post and The Register.
IEEE CS Keynote at 20th Annual Conference on Advanced Computing and Communications (ADCOM 2014), Bangaluru, India, September 19, 2014 by Prof. Raj Jain. The talk covers What are Things?, Internet of Things, Sample IoT Applications, What’s Smart?, 4 Levels of Smartness, Internet of Brains, Why IoT Now?, Funding, Google Trends, Research Funding for IoT, Business Opportunities, Venture Activities in IoT, Recent IoT Products, IoT Research Challenges, Internet of Harmful Things, Beacons, Power per MB, Datalink Issues, Ant-Sized IoT Passive Radios, Networking Issues, Last 100m Protocols, Recent Protocols for IoT, Legacy IoT Protocols, Standardization, Fog Computing, Micro-Clouds on Cell-Towers, The Problem Statement, Services in a Cloud of Clouds.
Technology & Policy Interaction Panel at Inform[ED] IoT SecurityCableLabs
As IoT insecurity creates vulnerabilities, policymakers become concerned about the health of the Internet. How can public policy address these concerns in a smart way, targeting their efforts to improve IoT security without imposing unnecessary costs across the Internet ecosystem or creating unintended effects? What is the role of government versus industry?
Rob Alderfer, Moderator
Vice President Technology Policy, CableLabs
Gerald Faulhaber
Professor Emeritus, Business Economics & Public Policy, Wharton School
Chaz Lever
Lead Reseacher, Georgia Tech
Jason Livingood
Vice President, Technology Policy & Standards, Comcast
Security has been low on the agenda for many companies (hopefully, unintentionally), and as we enter the age of the Internet of Things (IoT) or Internet of Everything (IoE), security should be flawless.
Thom Poole delivered a presentation on the issues and thinking around security for this new sector.
Security Fundamental for IoT Devices; Creating the Internet of Secure ThingsDesign World
In this webinar we will discuss the state of security for IoT devices, the threats that exists for IoT devices and the challenges for building secure IoT devices. We will also discuss the technologies available to ensure your IoT device is secure.
Presented at Internet of Things Stream Conference 2015 in San Francisco by Mark Benson on April 2nd, 2015.
ABSTRACT: The growth of IoT is occurring at an incredible rate, justly raising alarms about security and privacy issues as we become increasingly reliant on these intelligent, interconnected devices in our lives and businesses. How are we to protect billions of devices from attacks and intrusions that could compromise our personal privacy, public safety, or business viability? Building an IoT solution involves securing sensors, devices, networks, cloud platforms, web applications, and mobile applications for diverse industries. This presentation examines the landscape of emerging security challenges posed by connected devices and offers a catalog of security deployment patterns that have been successfully used by some of the world’s most well known OEMs to deploy connected product fleets.
Hoy en día las organizaciones están en el proceso de mover su infraestructura tecnológica o sus servicios a la nube. Ya sea por razones de facilidad de crecimiento, de carácter financiero o de foco de negocio. Estos cambios imponen unos retos importantes cuando se involucra el tema de seguridad de la información.
En esta presentación se hace un recorrido de los aspectos más relevantes a tener en cuenta antes de llevar a cabo una migración de este tipo manteniendo o consiguiendo el cumplimiento del estándar de seguridad PCI DSS.
Enabling embedded security for the Internet of Thingsteam-WIBU
Innovators, manufacturers, and economists agree on one crucial vision for our future: Industry 4.0 is a huge potential for value creation waiting to be tapped. The payoff is enormous: third party sources predict that global investment in the industrial Internet of Things will reach USD 500 billion by 2020, a 2,500 percent increase from the USD 20 billion spent in 2012.
The pervasive connectivity of the Internet of Things (IoT) exposes embedded devices to more security risks than ever before. As a result, safeguarding devices, data, and intellectual property becomes a key requirement embedded device manufacturers must meet to succeed in IoT.
The strategic partnership between Wind River® and Wibu-Systems aims at offering modern techniques to tackle the security risks associated with vulnerabilities of interconnected cyber-physical systems. Together, we have developed a scalable protection and licensing system for VxWorks-based applications that grows along with your needs.
Learn:
• Ways to protect connected embedded devices, data, and intellectual property in the Internet of Things
• Software-based security features delivered by the VxWorks® 7 Real-Time Operating System together with Security Profile for VxWorks
• Complementary hardware-based CodeMeter® Security solution by Wibu-Systems
• Benefits of a joint integrated solution featuring software- and hardware-based security for security-sensitive applications.
Watch the webinar: https://youtu.be/NrZrAs9uOEQ
********************************
Request CodeMeter SDK and try out Wibu-Systems' premier technology for yourself
http://www.wibu.com/cm
********************************
Helpful survey for researchers and students who are intended to investigate in the Internet of things field in term of security and privacy side. This survey has general overview in security issues with the solutions addressed these issues.
En la presentación expuesta se puede apreciar los resultados de las auditorias efectuadas a los dispositivos Smart TV (LG 43uf6407, SAMSUNG UE32F5500AW, Panasonic TX-40CX680E) y la Barra de sonido OKI SB Media Player 1g. Durante el workshop se pudieron apreciar fugas de información en las cabeceras de respuesta, servicios expuestos y componentes desactualizados. En el caso de la Barra de sonido OKI y en todos los mediacenter InOut TV las carencias en seguridad son acentuadas, ya que disponen de servicios como XAMPP, con credenciales por defecto, esto sumado la falta de actualizaciones supone un potencial riesgo que ello conlleva. Durante la auditoría también se efectuó una captura del tráfico, llegando en algunos casos a enviar la lista total de canales sintonizados y el orden en que están ordenados en el Smart TV.
The Internet of Things (IoT) offers many industries significant new opportunities, but it also exposes them and their customers to a host of security issues. Securing the IoT requires new ways of thinking that can defend the enterprise and its customers against attackers and privacy abuses.
Internet of Things Insights of Applications in Research and Innovation to Int...ijtsrd
In existing world IOT find a great attention from researchers, it becomes an vital technology that offers a well defined communications between objects and machines. That will offer immediate access to information about the real world and objects in it leading to innovative facilities and increase in effectiveness and output. The IoT developments address the whole IoT spectrum form the devices at the edge to cloud and data centres on the backend and everything in between through ecosystems are generated by industry, research and application stakeholders that enable real world use cases to quicken the in IoT and establish open interoperability standards and common architectures for IoT solutions. This paper studies the perception of many IoT applications and innovation of original connected technologies to the challenges that in front of the execution of the IoT. Deepika Bairagee | Aditya Sharma "Internet of Things: Insights of Applications in Research and Innovation to Integrated Ecosystem" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31213.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/31213/internet-of-things-insights-of-applications-in-research-and-innovation-to-integrated-ecosystem/deepika-bairagee
Comparative Study of Security Issue and Challenges in IoTijtsrd
In the past few years, Internet of things IoT has been a focal point of research. The Internet of Things IoT hold up an expansive scope of uses including keen urban areas, waste management, auxiliary wellbeing, security, crisis administrations, coordinations, retails, mechanical control, and wellbeing care. Privacy and Security are the key issues for IoT applications, and still face some colossal challenges. In late years, the Internet of Things IoT has increased calculable research consideration. Now days, the IoT is considered as eventual fate of the web. In future, IoT will assume a significant job and will change our gauges, plan of action just as living styles. Right now give a similar report on security issue and difficulties in iot just as a short depiction on utilizations of iot. Sayali Vishwanath Pawar "Comparative Study of Security Issue and Challenges in IoT" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-3 , April 2020, URL: https://www.ijtsrd.com/papers/ijtsrd30653.pdf Paper Url :https://www.ijtsrd.com/computer-science/other/30653/comparative-study-of-security-issue-and-challenges-in-iot/sayali-vishwanath-pawar
Application and Usefulness of Internet of Things in Information TechnologyDr. Amarjeet Singh
The Internet of Things (IoT) is a system of
interrelated computing devices, mechanical and digital
machines, objects, animals or people that are provided with
unique identifiers and the ability to transfer data over a
network without requiring human-to-human or human-tocomputer interaction. It is an ambiguous term, but it is fast
becoming a tangible technology that can be applied in data
centers to collect information on just about anything that
IT wants to control. IoT has evolved from the convergence
of wireless technologies, micro-electromechanical systems
(MEMS), microservices and the internet. The convergence
has helped tear down the silo walls between operational
technology (OT) and information technology (IT), allowing
unstructured machine-generated data to be analyzed for
insights that will drive improvements. The Internet of
Things (IoT) is essentially a system of machines or objects
outfitted with data-collecting technologies so that those
objects can communicate with one another. The machineto-machine (M2M) data that is generated has a wide range
of uses, but is commonly seen as a way to determine the
health and status of things -- inanimate or living.
The Internet of Things (IoT) brings tremendous new capabilities .docxjmindy
The Internet of Things (IoT) brings tremendous new capabilities to the net -- but it also brings many new security issues. Watch the following video on securing the Internet of Things:
https://www.youtube.com/watch?v=rZ6xoAtdF3o
Discuss the challenges of securing the IoT. Then, list five or more best practices you would recommend.
Make sure you respond to at least two other learners.
Response#1(Leburu)
Internet of Things (IoT):
The digital space has undergone major changes over the past two years and will continue to evolve, according to industry experts. The last entry in digital space is the Internet of Things (IoT). IoT can also be defined as an interaction between the software, telecommunications and electronic devices industries and promises to offer enormous opportunities for many sectors. With the advent of the Internet of Things (IoT), powered by sensors that will soon be available for billions of dollars, that will work with billions of intelligent systems and cover millions of applications, the Internet of Things will ignite a spark. Launch new consumer and business behaviors requiring increasingly intelligent industrial solutions, which in turn create billions of dollars of opportunities for the IT industry and even more for companies that benefit from the Internet of Things. (Shackelford, S. 2020).
The Internet of Things has three distinct parts: Sensors that collect data (including sensor / device identifier and address), Decision-making and data transfer to decision servers, An application that collects and analyzes this data for greater integration.
Big data analytics and mechanisms can be used to make decisions. Several countries, such as the United States, South Korea and China, have taken the will to exploit the Internet. The main players in IoT initiatives are citizens, governments, and industry. Participation and cooperation of all interested parties at an appropriate time. At this point, we require instructions to link and select key areas, then emphasize the answers to the accumulation, The Internet of Things needs to have a clear strategy and follow a simple goal with the Value-Added and Reduce-cost models. With industry associations, experience in global forums, knowledge of other major IoT countries, and the active participation of global partners, we can promote an approach. More creative based on innovation. The key to the success of the Internet lies in the development of open platforms for scalable, easy-to-use and inexpensive models and citizens, such as sensors. Data should be clearly collected and shared between functions to maximize benefits.
Lack Of Compliance On The Part Of IoT Manufacturers:
New IoT devices come out almost daily, all with undiscovered vulnerabilities. The primary source of most IoT security issues is that manufacturers do not spend enough time and resources on security.
For example, most fitness trackers with Bluetooth remain visible after the first pairing, a smart ref.
With rapid growth of science and information technology, Internet of things (IoT) becomes as an integral part of daily life. The applications of IoT are expanded starting from connected cars, wearables, connected health, smart retail and healthcare. However, security issues are increasing with the increase of its use. Lack of compliances on the part of IoT manufacturers, lack of user knowledge and awareness, device update and management, lack of physical hardening and botnet attacks are considered as the major reasons for security issues in IoT based applications. In this aspect, it becomes important to analyze security issues involved with IoT and its impact on the users that has been performed in the present study
The Internet of things IoT is a relatively new concept. It presents numerous benefits to consumers and proves a financial boon for businesses. Pervasive introduction of sensors and devices into currently intimate spaces, such as homes, cars, and wearables, poses some challenges. There are also challenges in deploying IoT by government agencies and private industries. This paper attempts to address these challenges and offers solutions. Matthew N. O. Sadiku | Adedamola Omotoso | Shuza Binzaid | Sarhan M. Musa "Internet of Things: Challenges and Solutions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-6 , October 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29302.pdf Paper URL: https://www.ijtsrd.com/engineering/electrical-engineering/29302/internet-of-things-challenges-and-solutions/matthew-n-o-sadiku
Internet of things iot based real time gas leakage monitoring and controllingIAEME Publication
As the majority of the people in India uses Liquefied Petroleum Gas (LPG) as a fuel for
cooking, but in India the technology applied in this field (security) is very less. Liquefied petroleum
gas is a flammable gas, which has the potential to create a hazard. Therefore it is important that the
properties and safe handling of LPG are understood and applied in the domestic and
commercial/industrial situations.
The proposed paper is aimed at developing a prototype that constantly monitors the gas leak
with the help of the electronic sensors. This data is made available real time through real time feeds
over the internet. We intend to use Xively (new platform) to feed real time sensor data over the
internet. The sensor monitors, detects and raises an alarm whenever a gas leak or fire broke out
condition is detected. Then it raised an emergency alarm. The emergency alarm condition can be
handled through proper arrangement and alert message to rescue team, which could be an in house
rescue team. Based on the real time data feed connected to Xively, user can easily look at the history
of data and accurately determine the time and date at which emergency condition occurred. This data
helps in easily locating the root cause of the emergency condition occurred. This data helps in easily
locating the root cause of the emergency condition. So that one can know the complete detail of the
hazard.
In this presentation, Chittrieta introduces the topic of IoT, current applications of IoT and associated trends. Chittrieta's interest lies in application of IoT on the shop floor in the manufacturing vertical.
A SOLUTION FRAMEWORK FOR MANAGING INTERNET OF THINGS (IOT)IJCNCJournal
Internet of Things (IoT) refers to heterogeneous systems and devices (often referred to as smart objects) that connect to the internet, and is an emerging and active area of research with tremendous technological,
social, and economical value for a hyper-connected world. In this paper, we will discuss how billions of these internet connected devices and machines will change the future in which we shall live, communicate and do the business. The devices, which would be connected to the internet, could vary from simple systems on chip (SOC) without any Operating System (OS) to highly powerful processor with intelligent OS with widely varying processing capability and diverse protocol support. Many of these devices can also communicate with each other directly in a dynamic manner. A key challenge is: how to manage such a diverse set of devices of such massive scale in a secured and effective manner without breaching privacy. In this paper, we will discuss various management issues and challenges related to different communication
protocol support and models, device management, security, privacy, scalability, availability and analytic support, etc., in managing IoT. The key contribution of this paper is proposal of a reference management system architecture based on cloud technology in addressing various issues related to anagement of IoThaving billions of smart objects.
As objects become embedded with sensors and gain the ability to communicate,
the new information networks promise to create new business models, improve
business processes, and reduce costs and risks. One such Model is the internet of
things. Sensors and actuators are embedded in physical objects from roadways to
pacemakers are linked through wired and wireless networks, often using the same Internet
Protocol (IP) that connects the Internet. Internet of Things has great potential to support
society, to improve energy efficiency and to optimize various kinds of mobility and
transport at the same time. However, the Internet of Things raises significant
challenges that could stand in the way of reaping its potential benefits. Pitfalls
concerning cyber security, theft and hacking of personal and financial data are the
ones that are making people agitated.
Electronic devices used at home, workplaces, in a neighbourhood or in a large
urban landscape are connected and provide data which is accumulated and analyzed
for the benefit of its users. The ability of a simple cell phone connecting to other
devices, sensors in public, to regulate traffic and other civic institutions, shows how
IoT has merged with data and analytics of data plays a key role and will continue to
do so in the future.
As objects become embedded with sensors and gain the ability to communicate,
the new information networks promise to create new business models, improve
business processes, and reduce costs and risks. One such Model is the internet of
things. Sensors and actuators are embedded in physical objects from roadways to
pacemakers are linked through wired and wireless networks, often using the same Internet
Protocol (IP) that connects the Internet. Internet of Things has great potential to support
society, to improve energy efficiency and to optimize various kinds of mobility and
transport at the same time. However, the Internet of Things raises significant
challenges that could stand in the way of reaping its potential benefits. Pitfalls
concerning cyber security, theft and hacking of personal and financial data are the
ones that are making people agitated.
Electronic devices used at home, workplaces, in a neighbourhood or in a large
urban landscape are connected and provide data which is accumulated and analyzed
for the benefit of its users. The ability of a simple cell phone connecting to other
devices, sensors in public, to regulate traffic and other civic institutions, shows how
IoT has merged with data and analytics of data plays a key role and will continue to
do so in the future.
IIoT Framework for SME level Injection Molding Industry in the Context of Ind...Dr. Amarjeet Singh
The Internet of Things (IoT) is a hype topic for nearly a decade now. Broadly growing, millions of devices get direct access to the Internet provides plenty of applications such as smart homes or mobile health management. This trend can also be found in the industry where IoT components hardened for these environments are introduced, called Industrial IoT (IIoT) devices which can be either sensors or actors, as well as mobile equipment such as smartphones, tablets, and smart glasses. Consequently, mobile communication becomes universal in smart factories. IIoT devices provide massive data on temperature, pressure, machine states, etc. But still, most of the SME level industries in the Asian region are new to these technological advancements. They still operate their facilities ith conventional setups without absorbing the new opportunities which are presented by IoT.
In the plastic injection molding industry, process parameters perform a significant role in the quality of the output product. During the manufacturing process, these process parameters have to deal with various factors such as quality and type of materials, requirement tolerance levels of the output product, Environmental conditions like temperature and humidity, etc. Injection molding has been a challenging process for many SME level manufacturers to produce products while meeting the quality requirements at the lowest cost. Most of them are unable to reach the global market in the injection molding industry due to the non-availability of the proper methods to determine the process parameters for injection molding. During production, quality characteristics may differ due to drifting or shifting of processing conditions caused by machine wear, environmental change, or operator fatigue. By determining the optimal process parameter settings productivity and quality will increase while reducing the cost of production.
In this paper, we suggest an Industrial IoT framework that can develop for small- and medium-sized enterprises (SMEs) level industries to optimize their production facility. With the presented framework SME level industries can start to inherit IoT devices into their production floor to manage and monitor production parameters in real-time while improving the quality of the production.
Similar to Security in Internet of Things(IoT) Ecosystem (20)
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Security in Internet of Things(IoT) Ecosystem
1. Security in IoT Ecosystem
Need for an International Policy Framework
This paper explores the importance of a holistic policy framework for governance in the new
world of the Internet of Things (IoT) by putting into perspective the need for such a
framework while citing the recent incidents that have taken place in this domain. The paper
goes on to evaluate the policies and frameworks put into place by international
organizations such as the European Union, Federal Trade Commission and ITU-T. The paper
concludes by proposing a single framework for policy development in an IoT ecosystem.
PREPARED BY
Mansi Bhargava Rahul Bindra
PGP-12-122 PGP-12-137
UNDER THE GUIDANCE OF
Dr. Anil Vaidya
Head of Department, Information Management
S.P. Jain Institute of Management & Research
2. P a g e | 2
Table of Contents
Executive Summary.................................................................................................................................3
Introduction ............................................................................................................................................4
Secondary Research................................................................................................................................6
Legal Framework: Models...................................................................................................................6
Self-Regulation................................................................................................................................6
International Agreements...............................................................................................................7
Global..........................................................................................................................................7
Regional.......................................................................................................................................7
Evaluation of International Policy Framework Approaches ...............................................................7
European Union Commission Approach.........................................................................................7
European Union Legislation........................................................................................................8
Legal scenarios and specific implementation.............................................................................9
Evaluation of European Union Legislations ................................................................................9
ITU Telecommunication Standardization (ITU-T) Approach...........................................................9
Legal Barriers: ITU.....................................................................................................................10
United States Federal Trade Commission on IoT..........................................................................10
Research Findings .................................................................................................................................12
Challenges posed by growing IoT Ecosystem ...................................................................................12
Need for a global policy framework for IoT......................................................................................13
Reconfirmation by Primary Research ...................................................................................................14
Approach to a Policy Framework......................................................................................................15
Globality........................................................................................................................................15
Ubiquity.........................................................................................................................................16
Verticality......................................................................................................................................16
Technicity......................................................................................................................................16
IBTCa Policy Framework for IoT............................................................................................................17
Information.......................................................................................................................................17
Business.............................................................................................................................................17
Trust..................................................................................................................................................18
Contextual abstraction......................................................................................................................18
Way Forward.........................................................................................................................................20
References ............................................................................................................................................21
3. P a g e | 3
Executive Summary
The Internet of Things (IoT) has grown from an interesting technology that offered to help
machines interact with each other to a phenomenon that has deeply pervaded into the daily
life of every human being. This transience in the ambit of IoT linking the digital or virtual
world with the real or physical world puts forth an equal number of questions as the ones it
answers. An ecosystem that already is thrice the size of human population on earth is big
enough to leave a lasting imprint on the face of human innovation and evolution.
However, with the opportunity of the large scale benefits is also associated the lingering
possibility of large scale exploitation of the system leading to potential economic,
technological, and societal damage. With news of refrigerators and personal devices being
used in massive attacks to the tune of hundreds of thousands of terminals in a system, the
need of having a security and privacy framework around the IoT ecosystem is gaining
prominence on the digital forums and conferences.
Such a policy framework has the unenviable objectives of not only placing an internationally
accepted framework of regulations and policies around the ever expansive system of Internet
of Things but also ensuring that the regulations provide the necessary innovative space and
protection to the scientific community and the industry from “speculative consumer harm” at
the same time maintaining the accountability and compliance parameters.
In effect, the framework must ensure support to the IoT ecosystem through trust building in
three important areas of Industry, System and User. While System Trust may be related
largely with technological advancements and the implementation of the “privacy enhancing
techniques”, the Industry and User Trust can only be cultivated by the right mix of
involvement of the consumer, private and regulatory bodies in the overall development of the
global policy framework for the governance of IoT ecosystem.
While the development of a single policy framework acceptable to and inclusive of cross-
boundary and function players would be an important step in the direction of governing the
IoT ecosystem, further research needs to be undertaken in the space of enhancing user
involvement, creating contextual abstraction and development of data privacy and security
for personal devices.
4. P a g e | 4
Introduction
Imagine walking into your home with your smartphone in your pocket on a hot summer
afternoon. As you step into the drawing room, you notice that the air conditioner has
switched on 5 minutes ago and the room is now at the right coolness according to your
preferences. The television in your room is switched on automatically with your favorite
show for the time pre-selected and you don‟t have to wait for cooking the food because the
microwave already started pre-heating the food the minute you walked into the house.
Welcome to the world of Internet of Things (IoT). With a projected 50 billion devices1
to be
connected and speaking to each other by 2020 and an ecosystem worth slated to touch $14
trillion2
by the same time, Internet of Things (IoT) is the next big thing in the evolution of
technology.
Coined by Kevin Ashton at an MIT lecture in 1999, the concept has come a long way in how
machines and humans interact with each other to share information and perform tasks. There
are various large scale industrial programs taken up by technology giants such as General
Electric, IBM and Cisco that have brought Internet of Things (IoT) to the front of large scale
industrial usage. General Electric defines IoT as a large scale network of machine to machine
and machine to human interactions by leveraging advanced analytics and predictive
algorithms to ensure better service quality. Cisco, on the other hand, views IoT as a network
of functional networks such as home, energy etc. interacting with each other via secure
analytics techniques. The idea is echoed by IBM who views IoT as a large scale network of
interconnected devices.
1
Cisco, http://share.cisco.com/internet-of-things.html
2
Cisco, http://iotevent.eu/cisco-sees-14-trillion-opportunity-in-iot/
Currently there are more devices on
Internet than there are people on
Internet and that‟s Internet of Things
IBM
5. P a g e | 5
3 4
5
However, such an interconnected mesh of fairly autonomous nodes presents an equally
challenging scenario for the entities involved in it. The system raises questions on not only
the security, privacy and identity management aspects but also calls into question the laws or
framework of policies governing the administration of such a network. Such laws are difficult
into manage and envision because not only is there no single body for governing information
communication through IoT networks but also because the pervasion of information
exchange has covered ambit of devices previously un-thought of such as toasters and light
bulbs.
The alarmists cite recent examples of refrigerators being used for comprehensive spam
attacks and call into question the aspects of data ownership, exchange and reuse that take
place in such a network and how it impacts the security and privacy of the real owner of the
data. However, owing to the geographical spread and lack of single point of authority in this
space, there has been little progress in the development of a policy framework for IoT with
industrialists calling into question the need for such a framework with the apprehension of it
stifling the innovative edge that the technology presents with itself.
3
General Electric, Industrial Internet: Pushing the boundaries of minds and people, November 26, 2012
4
Cisco, The Internet of Things: How the next evolution of the internet is changing everything, April 2011
5
IBM, http://www.ibm.com/smarterplanet/us/en/overview/article/iot_video.html
6. P a g e | 6
Secondary Research
Development of an international legal/policy framework for IoT would be a tough take no in
the least because of the straddling with existing laws of data communication as well as the
fact that the technology and the interconnected devices cover international landscape even for
the ambit of a single transaction. In an attempt to realize a single policy framework for
governing IoT network, let us first analyze the individual organizational efforts that have
taken place in this field through independent international bodies such as US Federal Trade
Commission (FTC), European Union Commission and International Telecommunication
Union – Standardization (ITU-T).
However, before delving deep into the study of the above policies, it is important to first
develop a basic grounding on the different types of legal/policy frameworks and models:
Legal Framework: Models
International laws not merely incorporate relation among states but also players like
individual human beings, organizations and various legal entities. A legal framework for
international regulations will need to define structure and principal guidelines for IoT; how
rules are made as well as will be interpreted. The framework should also have the flexibility
for revisions based on context.
Establishment of a legal framework also raises the need for an appropriate legal source.
Various models can be applied to establish a framework. These include no regulation, self-
regulation, government regulation and international agreements. For the governance of a
network as large and expansive as the IoT, self-regulation and international agreements can
be considered important for further analysis.
Self-Regulation
Self-regulation responds to changes in the environment and works independent of
territoriality concept. Self-regulation as a social control model consists of normatively
appropriate rules of human behaviour which are enforced through reputational sanctions,
requiring effective communication channels to inform about the IoT participants behaviour.
Self-regulation tends to induce government not to introduce any formal laws. The rules
formed are more efficient as they respond to real needs and are flexible incentive driven. But
it might turn out to be interest driven as it is not legally binding.
7. P a g e | 7
Even if the legal framework to be established is self-regulated, some pillars need to be set by
the legal sources to be introduced at an international level.
International Agreements
Global
The approach towards establishing an international body as a legislator determines the
establishment of a new body with representatives from government, businesses and others
which poses challenges questioning the legitimacy of such a body. On the other hand
establishing a governing body within existing organizations would need lesser time
investment and requirements to adhere to.
Regional
Issues related to various policies need to raise awareness among all stakeholders, promote
IoT technologies/services and make sure that individuals get fundamental rights to privacy,
personal data and consumer identity protection apart from other information security
instances.
Having understood two of the primary approaches for development of a policy framework,
the different initiative by independent international organizations can now be understood in
greater detail:
Evaluation of International Policy Framework Approaches
Having discussed on the key aspects of a policy framework and the different types of models
that can be leveraged to achieve a policy/legal framework, let us now discuss some of the key
policy initiatives taken by prominent organizations across the globe.
European Union Commission Approach6
To establish a legal framework for IoT, EU invited comments from various stakeholders. Key
points involved are:
6
Weber, R.H. & Weber, R. (2010), Internet of Things: Legal Perspectives. Springer
8. P a g e | 8
EU recommended the commission to follow a technology neutral approach to IoT. Also, the
development of IoT cannot only go to the private sector but should be done in a coherent
manner with all public policy related to governance of the internet.
European Union Legislation7
It aims to issue a legislation which aims at a regional framework before applying it on a
global level making the whole system functional. EU laid down 14 lines of action which
include:
Governance implementation
Privacy monitoring and personal data protection
IoT infrastructure of utmost importance
Standardization of IoT technologies
Promotion of R&D in IoT
Public and private sector cooperation
Institutional awareness
Waste management and recycling
International dialogues
From a legal perspective major points to be considered are:
7
http://innovation-regulation2.telecom-paristech.fr/wpcontent/uploads/2012/10/CS87_BARBRY.pdf
ANEC and BEUC - Privacy and data protection being the major challenges,
regulations other than self-regulation need to be implemented.
Amcham - Focus on RFID limits innovation; Technology independent rules should
be laid down after further development
Afilias- Recommended IoT root system to focus on backward compatibility,
identifier collusion, unilateral control authority, assurance of practicality,
openness to competition. Framework with local control and global
interoperability
9. P a g e | 9
IoT security and “Silence of the chips”: need to be able to disconnect from the network
whenever required.
Legal scenarios and specific implementation
Legislation for privacy and data protection should be focused on these goals:
EU directives considers „specific implementation‟ i.e. - natural persons as objects of privacy
laws. But legal persons like corporations also should be included in privacy protection laws.
Evaluation of European Union Legislations
Address many aspects but does not consider the merits of self-regulatory models and
industry standardization
Ensures that the principles of verticality, ubiquity and technicity can be taken into account
Only applicable for member States in Europe and not globally
Attest that privacy and data protection problems in the field of the IoT are taken seriously
ITU Telecommunication Standardization (ITU-T) Approach8
Combining its expertise in setting standards for internet as well as radio communication
sector, ITU can provide necessary inputs for setting the rules for IoT ecosystem as well.
Currently ITU acts as a consultant for various bodies engaged in IoT and hence its activities
are not directly monitored by the users of IoT. But ITU has identified challenges in the use of
IoT wherein they believe that users are concerned about privacy and socio-ethical
implications of the use of tracking and geo-location: users have to be made aware of the
benefits of the IOT.
8
Weber, R.H. & Weber, R. (2010), Internet of Things: Legal Perspectives. Springer
Goals Right-to-know legislation: Users should know what data is collected and
should have the option to deactivate tags if needed
Prohibition legislation: If public community dislikes certain behavior, it should
be prohibited
IT-security legislation: Protect application from unwanted reading and
rewriting
Utilization legislation: Making information available in scenarios where it
might be required
Task-force legislation: research on legal challenges and resolution for the
same
10. P a g e | 10
Legal Barriers: ITU
Regulation of radio frequency
RFID which forms an important aspect of the IoT is controlled by national regulations. The
band allocation or usage conditions will vary between states. For a global network like IoT, it
is required that RFID attached to all objects operate at the same frequency for effective
information exchange.
ITU has regional differences within its system, efforts need to be made in this direction to
harmonize and establish specifically dedicated frequency bands for IoT usage for ensuring
interoperability.
Health impact
The effect of electromagnetic energy radiated by RFID tags on human body is yet to be
established. These tags might also interfere with other devices used by individuals. Before all
things are designated with electromagnetic tags health risks should be essentially considered.
These can otherwise contaminate the environment as well as interfere with wide frequency
range.
ITU has given many recommendations with respect to the environmental effects of
electromagnetic radiations. Its goal is also to provide consultation for the limits of human
exposure to these radiations. It had defined classes depending on transmitting antenna
directivity, accessibility to people and general public or occupational exposure. It also
provides guidance for telecommunication installation to comply with tolerable human
exposure to electromagnetic fields. ITU also helps in guiding migration to reduce radiation
levels in areas accessible to people. In all, ITU serves the aim of identifying potential sources
of radiation and modifying the same for decreasing it.
United States Federal Trade Commission on IoT
The privacy and security of consumer information have always been reflected in the policies
and directives of the US Federal Trade Commission (FTC). The idea has only expanded
recently with the emergence of the Internet of Things on an international stage and the
potential security and privacy concerns that it brings with itself considering the potential
stakeholders employed in the system as well as the potential uses of data. In a March 2012
report9
, the FTC highlighted the Department of Commerce (DoC) recommendation to
9
Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers,
http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-
consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
11. P a g e | 11
implement a Consumer Privacy Bill based on the Fair Information Practice Principles
(FIPP) along with a framework to assess how different scenarios in the regulation would
apply to different businesses. In the same report, the FTC highlighted five key points of
consideration for government policymaking efforts in the future years:
The workshop called for development of a policy where regulators work in tandem with
businesses and society to not stifle but protectively nurture a growing technological
revolution. It also underscored the need for developing a context-aware system inclusive of
the culture, demographics and user perceptions for data use to supplement the privacy and
security of consumer data in an interconnected world and increase the acceptability of IoT.
Do Not Track
Mobile
Data Brokers
Large Platform
Provides
Promoting
enforceable
self-regulatory
codes
Do Not Track: Noting the efforts by Digital Advertising
Alliance (DAA), browsers (e.g. Mozilla) and W3C consortium in
helping the consumer with opt-out options, the commission
reiterated its support to the above stakeholders.
Mobile: The commission planned on working with companies
providing mobile services on creating succinct and clear
messages for the customers for better transparency.
Data Brokers: The commission called on data brokers who
collate and use consumer information to create a centralized
platform with ease of access of information for the consumers on
how their information is being used.
Language Platform Providers: Large platforms like ISPs
actively track consumers‟ online activities and must be
enlightened for addressing privacy concerns.
Self-Regulation: The FTC would work with the DoC on
creation of sector-specific regulatory codes and further work on
ensuring the compliance of these codes.
Understanding the need for a policy framework on IoT, the
FTC held a workshop in December 2013 to invite the public on
exploring the surge in consumer data security and privacy
issues posed by the surge in interconnected devices able to
transfer data amongst each other.
12. P a g e | 12
Building a context aware system10
Research Findings
Challenges posed by growing IoT Ecosystem
The exponential growth of the devices and endpoints in the IoT ecosystem has resulted into a
variety of challenges being posed in front of the researchers such as:
10
Internet of Things: Privacy and Security in a connected world, Federal Trade Commission Workshop
http://www.ftc.gov/sites/default/files/documents/public_events/internet-things-privacy-security-connected-
world/internet_of_things_workshop_slides.pdf
Device growth (Host ecosystem diversity)
With a host of new ecosystems and mods of existing ones
appearing every day, consistency of host devices is a big
challenge.
Device growth (Internet bandwidth constraint)
Although IPv6 addressess the exhaustion problem of IPv4,
the transition time and complexity are still on higher side.
Information security and privacy
With a surge in the number of devices participating in
handling sensitive information, privacy enhancing
technologies (PET) must form the core of any IoT design.
13. P a g e | 13
Need for a global policy framework for IoT
Data Integrity/Access Control
With data travelling across diverse devices, it is important to
establish the contextual integrity of data
Breakdown immunity
With a breakdown potentially affecting millions of people, fallback
mechanisms must be developed for damage control
Establishing object trust/traceability
Since the data flows through multiple checkpoints and inter-device
boundaries, it may be difficult to trust and trace a specifc part of data
Data reuse
The data in an IoT network travels across multiple device boundaries
which raises the possibility of it being used outside of the intended
authorization
User maneuverability
With a large amount of user data shared for the IoT services of a
provider, data migration would be a challenge
Loss of human control
As technology develops, more predictive algorithms will result in
autonomous operation of systems which would subsequently make
human intervention difficult
Legal operability
As multinational organizations provide geographically dispersed data
and information services, compliance of local/national/international
laws may be a hurdle
“It is difficult to stop it as our ability to see is limited”
General Keith Alexander, Director NSA on cyber securityattacks
14. P a g e | 14
The challenges posed by an exponentially growing IoT network notwithstanding, the need for
establishing a global policy framework for the same has become prominent more than ever.
The claims by security researchers from Proofpoint11
and the Linux worm vulnerability of
routers uncovered by Symantec12
only serve as a reminder of the reach and potential impact
of a security vulnerability in IoT. With even mild security attacks costing the industry from
$40 to $80 billion each year13
, the implications of a large scale attack on the economy,
society, technology and above all, the user trust in IoT could be disastrous as evident from the
Malta smart meter electricity theft14
.
15
Moreover, although an ecosystem such as the IoT serves the grand purpose of bringing the
real and virtual worlds together, currently from a legal perspective at least, the laws
governing each of these worlds are different and thus arises the need for a policy framework.
Reconfirmation by Primary Research
Owing to the time constraints involved, the primary research for the purpose of this paper
was undertaken by adopting a two-pronged approach for reaching the industry professional
working in the field of IoT for their thoughts on the topic. Professionals from organizations
having a comprehensive IoT program such as General Electric were contacted and
interviews have been taken via email and phone calls.
11
http://www.bbc.co.uk/news/technology-25780908
12
http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices
13
http://www.industryweek.com/systems-integration/technology-rethinking-safety-iot-world
14
http://www.smartgridnews.com/artman/publish/Technologies_Metering/Malta-s-smart-meter-scandal----
41-million-worth-of-electricity-stolen-6360.html/#.Uw1szfmSzMU
15
Primary Research,
http://www.linkedin.com/groupItem?view=&gid=73311&item=5843314036610969603&type=member&com
mentID=discussion%3A5843314036610969603%3Agroup%3A73311&trk=hb_ntf_COMMENTED_ON_GROUP_
DISCUSSION_YOU_CREATED#commentID_discussion%3A5843314036610969603%3Agroup%3A73311
As the IoT network grows, the sheer deluge of devices and
nodes on the network will present a governance challenge too
big to manage without a policy framework in place. This
problem has already been brought to the fore with Verizon
admitting that it cannot see an IoT when connected to a
smartphone and Cisco admitting that it will not be able to secure
1 trillion IoTs.
“Technology and law
sometimes must work
together or neither
will be effective.”
Larry Karisny,
Security Expert
15. P a g e | 15
In order to further reach the professional community working outside the ambit of our
immediate reach, we have leveraged the professional networking platform of LinkedIn16
to
pose our questions on the topic and invite comments from the community.
The primary research insights corroborated the secondary research findings on the need of
establishing a policy framework owing to the large size of IoT ecosystem but at the same
time brought to fore the skepticism and possible distaste for the same by industry due to fears
of scuttling innovation. As such, any policy framework aimed at governing IoT on a global
scale must have a fair representation of not only the consumers of the system but also the
service providers and the industrial giants with sizeable investment research projects in-
progress on IoT.
Approach to a Policy Framework
There are four key challenges in the establishment of a policy/legal framework17
:
Globality
IoT will be marketed and distributed globally; same technical processes will be applied all
over the world. To prevent the complexity which can arise in businesses and trade due to
differing laws globally, legal systems need to be synchronized.
16
Primary Research,
http://www.linkedin.com/groupItem?view=&gid=73311&type=member&item=5843314036610969603&qid=7
45c202a-ac89-4275-b530-5c723dbd57a3&trk=groups_items_see_more-0-b-ttl
17
Weber, R.H. & Weber, R. (2010), Internet of Things: Legal Perspectives. Springer
Globality Ubiquity
Verticality Technicity
16. P a g e | 16
Ubiquity
IoT environment should be ubiquitous encompassing persons, things, plants, animals
everything.
Verticality
IoT technical environment should be such that it is durable. Products should be such that they
last for duration long enough for going through the entire product life cycle.
Technicity
Technical considerations are important for developing rules for protecting objects privacy.
Based on the above requirements, a global framework established by an international
regulator is required which can be implemented on every object right from initiation to
destruction. Determining a legal framework will also require addressing technical issues.
Therefore a framework without involving technical experts seems inevitable.
As such, there is a need for a global policy framework for IoT that addresses the different
stakeholders‟ aspects for security and privacy such as regulatory, economic, socio-ethical and
technical.18
18
Weber and Weber, Internet of Things Legal Perspectives
• User rights
• Public awareness
• Disclosure
• User advocacy
• Encryption
• Identity Management
• Privacy Enhancing
Techniques
• Self-regulation
• Codes of conduct
• Privacy certification
• User education
• User Consert
• Collection Limitation
• Data Use
• Accountability
• Openness
Regulatory Market
Social-
Ethical
Technical
17. P a g e | 17
IBTCa Policy Framework for IoT
Based on our analysis of the viewpoints put forth by the various policymakers and stake
holders that form a part of the IoT ecosystem, the following four characteristics have come to
the fore as the integral part of any internationally accepted policy framework for IoT:
Information
This is the bottom-most layer of the framework and is responsible for ensuring the resilient
and up-to-date technologies enabled security and privacy enhancing implementations to
ensure the protection of user data and related information. This layer would be responsible
for increasing both user trust and participation in the system by ensuring that the personal
information travelling in the system is secure.
Business
The business layer sits on top of the information layer and would encompass the business or
industry specific laws of information exchange and governance. The idea behind placing this
layer separately is to ensure re-usability of a wide array of rules already in place for different
sectors and industries. This would further ensure adoption of the framework by a wider
audience.
Contextual abstraction
Trust
Business
Information
18. P a g e | 18
Trust
It is both extremely critical as well as equally difficult to establish user trust in a widely
interconnected system such as IoT. In order to accomplish this feat, trust building measures
need to be taken at three levels of developing Industry, System and User trust.
Contextual abstraction
Displaying the right information to the right user at the right time is important to ensure user
involvement and association in the system. In order to ensure that the conveyed information
is acted upon/realized by the targeted recipient, it is important to ensure that the information
is customized to the need and knowledge level of the user as well as ensuring minimal action
on the user‟s part.
Rules on data privacy, security and protection
Public
Internet
Healthcare
PersonalDevices
Financial&Insurance
Retail
Mobile
Context/Situation specific abstraction layer
Data related
transparency
Industry Trust System Trust User Trust
Consumer
Regulators
Industry
Liberal
Regulations
Involvement of
LPPs and private
players
Work with Data
Brokers
Globality
Transparency
Security
Privacy by
design
Accountability
Do Not Track
Self-regulation
Opt-Out
Type, Use,
Origin,
Collection,
Usage
IBTCa
Policy
Framework
19. P a g e | 19
The above model adopts a bottom-up approach by proposing to continue the existing
protocols and regulations for data privacy, security and protection for the purpose of data
communication. On the basis of our primary and secondary research, we are of the opinion
that the existing sets of rules in this space are well defined and are suitable for cross-border
policy making. An offshoot of the above belief is the opportunity of further work on keeping
the systems updated with latest protocols and security measures. We believe that more
research can be done in this area on how to maximize the security upgrades on the user
terminal with minimum actions or assumption of knowledge on user‟s part.
On the basis of our research, instead of having a single law/regulation intended for all the
businesses and functions, it is much easier to devise function or context specific laws because
much of the work governing data security and privacy in this space is either already done or
in progress (as discussed in US FTC section). This would not only avoid re-inventing the
wheel but also keep the entire regime simple and easy to adopt. An addition to the existing
field of work for this section could be development of specific rules for data communication
to and from personal devices. This field of study would gain prominence with growth in the
ambit of devices covered by the IoT ecosystem and can be expanded as a separate field of
research.
Further, there is a need to develop the trust in three important components of IoT viz.
Industry, System and User. On the industry front, the regulators need to provide the right
amount of flexibility to the private players in order to
nurture and sustain the innovation in IoT. The policies
should not be drafted while only considering the
“speculative harm” that might befall the consumers but
should have good representation of the industry interests
as well. Therefore, any policy must be developed in
conjunction with different parties from the public and
private sector to ensure the continued growth in IoT.
“The Internet of Things is an
exploding innovation
ecosystem and is poised to be
a prime engine of economic
growth and mobile
opportunity globally. In these
very early innings of this
exciting technological
transformation, government
should avoid rigid,
prescriptive policies that
could stymie our rapidly
evolving wireless revolution”
Mobile Future (AT&T, Cisco,
Ericsson and Verizon)
“It is vital that government officials like myself
approach new technologies with a dose of
regulatory humility”
Maureen Ohlhausen, Member, US FTC
20. P a g e | 20
On the system front, it is important to ensure that right mix of transparency and privacy
enhancing techniques are used and continually upgraded in line with the latest developments
in security and privacy. These technologies and upgrades must then be ensured to find a way
to the terminal of the users so that attacks exploiting known vulnerabilities which form a
large part of the overall attacks on systems could be minimized.
It is also important to develop the user trust in the IoT ecosystem to ensure its adoption and
growth. Apart from user training, it is important to develop policies that assist the user
understand the flow of his/her personal information in the system and how it is being used by
the system. Coupled with options to opt out and view the data use, this would empower the
user and help in building the user trust in the system.
Finally, a lot of policies and measures do not percolate down to the user because of the sheer
technical and text-abundant nature of these directives. Therefore, a context-specific
abstraction layer needs to be developed that can convey the cause and effect of the policies on
the users in a context that relates to them.
Way Forward
While the proposed framework highlights the key components of a policy model, further
research on three important sections of the framework would help on further enhancing and
practically evaluating the ideas put forth in the model.
Firstly, development of data transfer, privacy and security regime for personal devices
presents an interesting research prospective that will not only further add value to the
proposal of developing business-specific rule base but also provide further insights in a
growing business to be increasingly impacted by IoT.
Secondly, as discussed earlier, further work is required on development of a methodology
that encourages the user to use and employ the latest security upgrades available to him/her
by minimizing the actions or technical knowledge required. This would help protect the
system from attacks on legacy vulnerabilities.
Finally, research on creation of a context-specific abstraction layer is crucial to the user
adoption of the system as it will help the user to personally relate his/her situation and
position in the system.
21. P a g e | 21
References
The Internet of Things [Online] Available from:
http://share.cisco.com/internet-of-things.html [Accessed: 4th
February 2014]
Cisco sees $14 trillion opportunity in IoT [Online] Available from:
http://iotevent.eu/cisco-sees-14-trillion-opportunity-in-iot/ [Accessed: 4th
February 2014]
Huansheng, N. & Hong, L. (2012) Cyber-Physical-Social Based Security Architecture for
Future Internet of Things. Scientific Research. p. 2, 6
Karisny L. (2014) Security in the IoT Ecosystem [Online] Available from:
http://www.linkedin.com/groupItem?view=&gid=73311&type=member&item=58433140366
10969603&qid=745c202a-ac89-4275-b530-5c723dbd57a3&trk=groups_items_see_more-0-
b-ttl
European Union. IoT Privacy, Data Protection, Information Security [Online] Available
from:
ec.europa.eu/information_society/newsroom/cf/dae/ [Accessed: 4th
February 2014]
BBC (2014). Fridge sends spam emails as attack hits smart gadgets. [Online] Available
from:
http://www.bbc.com/news/technology-25780908 [Accessed: 4th
February 2014
Symantec (2013). Linux Worm Targeting Hidden Devices [Online] Available from:
http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices [Accessed: 5th
February 2014]
Hessman T. (2013). Technology: Rethinking Safety in the IoT World - When everything is
online, security is everyone's job. Industry Week. [Online] Available from:
http://www.industryweek.com/systems-integration/technology-rethinking-safety-iot-world
[Accessed: 6th
February 2014]
Weber, R.H. & Weber, R. (2010). Internet of Things: Legal Perspectives. Springer.
United States. Federal Trade Commission (2012). Protecting Consumer Privacy in an Era of
Rapid Change: Recommendations for Businesses and Policymakers [Online] Available from:
http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-
protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf
[Accessed: 9th
February 2014]
Gartner (2013). Gartner's 2013 Hype Cycle for Emerging Technologies Maps Out Evolving
Relationship Between Humans and Machines. [Online] Available from:
http://www.gartner.com/newsroom/id/2575515 [Accessed: 10th
February 2014]
Evans, D. (2011). Cisco. The Internet of Things How the Next Evolution of the Internet Is
Changing Everything [Online] Available from:
https://www.cisco.com/web/about/ac79/docs/innov/IoT_IBSG_0411FINAL.pdf [Accessed:
10th
February 2014]
22. P a g e | 22
Evans, P. C. & Annunziata M. (2012). Industrial Internet: Pushing the Boundaries of Minds
and Machines [Online] Available from:
http://www.ge.com/docs/chapters/Industrial_Internet.pdf [Accessed: 10th
February 2014]
IBM. The Internet of Things [Online] Available from:
http://www.ibm.com/smarterplanet/us/en/overview/article/iot_video.html [Accessed: 11th
February 2014]
United States. Federal Trade Commission (2013). Internet of Things: Privacy and Security in
a connected world [Online] Available from:
http://www.ftc.gov/sites/default/files/documents/public_events/internet-things-privacy-
security-connected-world/internet_of_things_workshop_slides.pdf [Accessed: 12th
February
2014]