October 27, 2014
Volume XLX, Issue 2
An Epic Production Is in the Works
Get a glimpse of what to expect at the 2015 INTERNATIONAL CES.
An epic production is in the works.
For 2015, CES is introducing three unique exhibit experiences — CES Tech East, CES Tech West, and C Space at ARIA. Working in unison, Tech East and Tech West will tell the full story of consumer technology, better accommodate emerging tech, and highlight hot, new innovations. The all-new C Space at ARIA connects content, creativity, and brand influencers in one submersive CES experience.
Don't miss the Distributed Computing Industry Association's (DCIA) Internet of Things (IoT) at CES.
You'll see what's now, what's next, and what you've never imagined possible.
Register today for the 2015 International CES for only $100. Use Priority Code P45.
Fees increase to $200 on January 1st.
Verizon: Multicast Is "A Year Away"
Excerpted from Light Reading Report by Dan Jones
Verizon says that it is ready to deliver Long-Term Evolution (LTE) Multicast and is simply waiting for the compatible devices to become available in volume. Verizon is also working on the revenue models for the 4G video service.
"I think the 4G Mobile TV service will be a year away," said Verizon Wireless CFO Fran Shammo on the operator's third-quarter earnings call Tuesday morning. Verizon first demonstrated the video capability in New York City around the Super Bowl with the NFL. He expects that devices need to arrive and content providers to see potential customers before the mobile TV service takes off.
"The network was ready in August of this past year," said Shammo. "The chipsets are now being implemented in most of the devices that are coming out in the fourth quarter. Some phones in the third quarter had the chipset."
Having plenty of compatible devices on the market is necessary to seed the marketplace, the CFO explained. "It's going to take us about a year before the chipsets ramp and we have some volume there which gets the attention of content providers," Shammo said, adding that content providers are "already excited."
LTE Broadcast is based on the evolved Multimedia Broadcast Multicast Services (eMBMS) standard. Sixteen operators around the globe are now testing the services, often known as LTE Multicast or LTE Broadcast. The technology may not be the biggest issue for operators looking to deploy the video service.
The big question around Multicast for Shammo is how Verizon and its content partners make money from the service. It could be advertising, it could be a consumer pay model or a revenue share model. "We're not sure yet how the ecosystem will play itself out," says Shammo.
The Nielsen Co. is expected to start counting mobile TV viewers in the fourth quarter, so this will help, according to Shammo. This just one of the avenues beyond smartphones and tablets that Verizon hopes to derive revenue from in the future. Shammo identified over-the-top (OTT) services, like LTE Multicast, and machine-to-machine (M2M) as big prospects for the operator.
For the third quarter, Verizon's earnings were relatively flat. Revenue in the quarter rose 4.3%, year-on-year, to $31.6 billion.
"This is not necessarily about how many connections I put on the network. This is about how many of those connections actually pay revenue," says Shammo. Adding that avenues around Internet of Things (IoT), healthcare, energy, and fleet management are all opening up for the carrier.
Verizon reported revenues up 4% year-on-year for the quarter at $31.6 billion. It narrowly missed Wall Street's earnings per share (EPS) expectation of $0.90, however, with earnings per share of $0.89.
Verizon Wireless brought in 1.53 million new mobile customers during the quarter. It added 457,000 phones and 1.1 million tablets on "postpaid" monthly contracts. Its subscriber base is now just over 106 million.
Verizon's wireless revenues were $21.8 billion in the third quarter, up 7% compared to the previous year. The company didn't reveal any sales figures for the new Apple iPhone 6 models, which was launched in September.
BitTorrent Chief Urges Industry to Collaborate on Net Neutrality
Excerpted from Mobile World Live Report by Steve Costello
Eric Klinker, CEO of file-sharing enabler BitTorrent, called for industry cooperation on the issue of Net Neutrality, claiming this would "bring us solutions that are much better for our customers and better for supporting our industry".
"We don't want to set it in stone at the policy level. That's the last place we want to do it. It would be great if we all as an industry self-regulate and solve problems together," he said.
Klinker noted the importance of an open Internet, noting that "if it hadn't been this neutral network, BitTorrent wouldn't exist".
"Much of the Internet today probably wouldn't exist. And you want these emerging services, the next BitTorrent, the next Tor, the next Google, the next Facebook. We all want these because that's going to make the services that we offer as an industry that much more valuable," he continued.
But he also acknowledged that a one-size fits all approach is not necessarily the best way forward. "I don't think we want to be purists when it comes to Network Neutrality. I think there needs to be a certain understanding of what can and can't be done," he said.
"For example, you may not know it, but BitTorrent is probably one of the biggest violators of Net Neutrality out there. We voluntarily degraded our traffic in the face of congestion. This is something that we took as an action," Klinker noted.
Report from CEO Marty Lafferty
 The DCIA commends the bipartisan group of US Senators including Kelly Ayotte (R-NH), Cory Booker (D-NJ), Deb Fischer (R-NE), and Brian Schatz (D-HI) who wrote a letter this week requesting that Commerce, Science and Transportation Committee Chairman Jay Rockefeller (D-WV) and Ranking Member John Thune (R-SD) conduct an oversight hearing regarding the "Internet of Things (IoT)":
"As you know, digitally-connected technologies, such as health wearables and home-connected devices, represent a rapidly evolving transformation of the Internet.
The introduction of these innovative consumer products presents a wide range of cutting-edge policy issues impacting a broad set of businesses and industry sectors.
International Data Corporation (IDC) expects what some are calling the 'Internet of Things (IoT)' to generate global revenues of $8.9 trillion by 2020.
In anticipation of the opportunities and challenges this technological revolution will bring, we respectfully request the Senate Commerce Committee to schedule a general oversight and information-gathering hearing before the end of this year.
The proliferation of connected products is sparking a number of important policy questions related to consumer protection, security, privacy, technical standards, spectrum capacity, manufacturing, regulatory certainty, and public-sector applications, among many others.
Last November, the Federal Trade Commission (FTC) conducted a panel on some of these topics.
The number and the scope of these issues demands our prompt attention so we can better understand the technologies and explore how best to preserve America's global leadership position in innovation and economic growth.
These issues are especially ripe for Congressional attention as millions of Americans will be shopping for new tech products during the upcoming holiday season.
Congress should engage on the issue cautiously and constructively, in a bipartisan fashion, and we appreciate your leadership in examining this topic.
Now is the time to start building a robust public record through testimony and questions.
The Senate Commerce Committee has the most relevant jurisdiction over these matters because of its authority over the broadband economy and consumer protection issues.
Smart policy can best result from an open, collaborative process and dialogue generated by our committee.
For those reasons and others, we commit to working with you on an agenda for a public hearing at your convenience."
It is challenging for government to stay current with technological advances, and legislative and regulatory actions often fall behind, especially in Internet-related areas where the pace of innovation is so rapid.
If Congress can start learning about IoT sooner rather than later, it is more likely that this body will be able to benefit industry progress by helping remove impediments to adoption.
The role of lawmakers in this space should be to protect consumers — their ultimate constituents — from potential exploitation, including by agencies of government that will find certain aspects of IoT tempting to abuse.
As Pew Research reported recently, "Of large concern is that much of the IoT is invisibly interwoven into people's lives and it favors convenience for governments and businesses serving individuals over the privacy and sometimes the security of individuals.
The realities of this data-drenched world raise substantial concerns about privacy and people's abilities to control their own lives.
If everyday activities are monitored and people are generating informational outputs, the level of profiling and targeting will grow and amplify social, economic, and political struggles."
Safeguarding the first wave of networked devices has proven challenging to government, and securing a much larger ecosystem of unconventional objects will likely pose a larger number of new and more serious hurdles.
Not only will data and intellectual property be exposed, but physical property and personal security will also be at risk.
In a recent Nextgov interview, White House Cybersecurity Coordinator Michael Daniel exclaimed, "You're going to connect all of these wildly different devices with wildly different functionality with just really incredibly varying functions and software and capabilities. So, we've not only scaled up the problem; we've made it incredibly much more diverse."
DCINFO readers are encouraged to assist your elected officials in getting up-to-speed on IoT issues of concern and to help educate Congress so that it can be as effective as possible in this area. Share wisely, and take care.
IoT Is Here, But Rules to Run it Are Not
Excerpted from GigaOM Report by Jeff Roberts
The objects around us — from cars to clothes to baby monitors — are now Internet-connected, and acting almost on their own. What laws do we need to control and protect ourselves when these objects act up?
The first murder through the Internet of Things (IoT) will likely take place in 2014, police service Europol warned this month. The crime could be carried out by a pacemaker, an insulin dosage device, a hacked brake pedal or myriad others objects that control life-and-death functions and are now connected to the Internet. Under the control of a malicious hacker, any of these devices could give "killer app" a whole new meaning.
"We're used to having our computers networked, we're not used to having everything networked. But we all know that any information system is hackable," Kraig Baker, an attorney and technology expert, said at law firm Davis Wright Tremaine's Download event in New York, NY last week.
Murder, of course, is a dramatic example of how the IoT could go awry — though the threat is real enough for Former Vice President Dick Cheney to have removed the WiFi from his pacemaker. And such an incident is just one example of the potential criminal and legal issues related to this new world of networked machines. To get an idea of what's at stake, here are some examples of how technology is moving far out front of the law when it comes to the IoT.
Wearable computers, which let people connect their bodies to the Internet, are a hot topic these days. Devices like the Fitbit or Google Glass or Apple's iWatch, promise to let users collect an unprecedented stream of data about their health and the environment around them.
The presence of these data vacuums strapped to our bodies pose privacy risks, however, and not just to the people wearing them. For employers, the arrival of Internet-clad employees presents major new headaches.
As attorney Sean Hoar noted at the law firm event, the era of wearables could make security concerns related to "bring your own device (BYOD)" policies look trivial in comparison. How, for instance, are executives in charge of information technology (IT) or trade secrets supposed to safeguard information when even the clothes of their employees might act as sensors? And hushing up a secret meeting between two companies will be harder than ever as executives and their staff wear more items — bracelets, watches, garments, and so on — that transmit their location.
Such accidental — or deliberate misuse of networked objects — is stoking concerns not just in companies, but government, too. GigaOM explored this topic in detail at Structure Connect this week with former White House deputy CTO Nicole Wong among others.
"It's amazing the things we volunteer and that are being collected from us," added Baker, who points to data security as one of three broad categories — in addition to product liability and intellectual property — under which we can begin to group legal issues related to the IoT.
Everyday objects connected to cameras and the Internet bring unprecedented convenience to our home: think of Google Nest thermostats, remote pet monitors, or iPhone-activated door locks. The flip-side is the unprecedented possibilities for invasion. And when an intrusion arrives, how will the law decide who is to blame?
Consider the man in New Jersey who objected to his neighbor's drone flying overhead — and blew it away with a shotgun. The man was arrested, but some scholars have made the case that such actions could be justified under new concepts of privacy-based self-defense.
And drones are just the tip of the iceberg. There have already been scary stories of toddlers terrorized by hacked baby monitors, while other newly-automated objects such as driverless cars pose hypothetical but very real safety dangers.
The big question is how to allocate liability when our machines start to act up. If one of Google's automated cars crashes, is it the fault of the driver or Google? In the case of the baby monitor, does legal fault lie only with the hacker, or with the manufacturer, too (and should the parents' failure to password-protect the device change the outcome)?
While courts in the first part of the 20th century thrashed out many basic principles of product liability, those cases turned on topics like lead paint and snails in ginger beer. Those principles may not apply very well when everyday objects act on their own, and as part of a globally-connected network.
For now, the law doesn't treat services like Apple's iCloud or Snapchat as defective products — even when they unexpectedly harm people by exposing their private lives to the whole Internet. In the future, judges may start asking if the concept of "privacy by design" should become a safety standard, and even require Internet companies to adopt the same precautions as auto makers or playground designers.
The bottom line is we're just beginning to recognize the new legal issues related to the IoT, and are a long way from writing rules for them.
Privacy in the Internet of Things Era
Excerpted from TheNextWeb Blog by Wojciech Borowicz
We've already entered the Internet of Things (IoT): a world where everything is connected, with billions of devices storing and exchanging data about each other and about their users — i.e., us. As it matures, it's going to be hugely convenient, not only to the average Joe, whose smart home will always remember to lock the door and switch the lights off, but also to huge organizations.
However, one of the main concerns associated with it is the security of IoT platforms and devices. But it's not only preventing hackers from accessing these systems we should be discussing: What about privacy, government surveillance, and the creepy vision of Big Brother hiding in my smart fridge?
Apple likes to claim that it values the security and privacy of its users above all else. The Privacy section of its website opens with those soothing words: "At Apple, your trust means everything to us. That's why we respect your privacy and protect it with strong encryption, plus strict policies that govern how all data is handled."
The proof of that are features such as two-step verification, Touch identification (ID), or extra security measures implemented in the new Apple Pay system. All are designed to protect your personal data from peeping third parties.
Well, it's good to know, especially now, with iOS 8 venturing far into the IoT territory and introducing HomeKit and HealthKit: new frameworks that will make our iPhones hubs for home automation and quantified self software. With these new platforms, the amount of sensitive information stored in our handsets will grow exponentially, which necessitates strong protection.
Google probably has the largest archive of digital data out there. The knowledge they have of their own users is so vast that Eric Schmidt could have said something like this back in 2010:
"We don't need you to type at all. We know where you are, with your permission; we know where you've been, with your permission; we are more or less able to know what you're thinking about."
To give you more context, that was just a couple of months after the first iPad hit the shelves, so in terms of online data transfer, that's an order of magnitude ago.
Fast forward four years and Google is also keen on getting a slice of the IoT pie through acquiring Nest, developing Android for all sorts of devices, and exploring ideas like physical web, to start harvesting loads of information about how we interact with the physical world.
Well, I've gotta admit that Google is aware of the huge responsibility that comes with such deep insight into user data. It's leading the debate on the right to be forgotten, advocating US government surveillance reform and releasing rich transparency reports. In other words, behaving as you'd expect a mature company with partial control over global information flow to behave.
Microsoft (MS) may have slept through the explosion of mobile, but it definitely does not want to end-up sidelined on IoT as well. Earlier this year, MS rolled out its program for developers interested in bringing Windows to all things connected and now, with Windows 10, it aims to build a single platform for all devices which goes well beyond PCs, tablets, and smartphones.
You might not see the "Start" menu on your thermostat just yet, but who knows what the future brings? Luckily for us, Microsoft also takes privacy issues seriously and goes as far as to call government snooping an advanced persistent threat.
What do these three major companies have in common, apart from being tech giants with strong appetites for leading the IoT evolution? Despite their vocal claims about paying the most attention to user privacy, the NSA was still able to harvest contents and metadata of communication going through services provided by them.
And of course Apple, Google, Microsoft and others caught up in last year's massive NSA leak swore they don't leave any backdoor open for intelligence agencies. But apparently, this doesn't stop the guys from Fort Meade, and they have all the tools they need, from super-advanced programs like PRISM and Xkeyscore to FISA courts, which hand out electronic surveillance warrants like candy (no, really: in the first 30 years of its existence FISA courts denied only 11 out of almost 35,000 warrant requests!).
The fact that intelligence agencies have the resources, doesn't necessarily mean they will use them to harvest the tons of data generated by IoT, right? Wrong: David Petraeus, ex-CIA director, already loved the concept of IoT as a bottomless well (or, to quote him directly: a treasure trove) of information about persons of interest back in 2012.
When the NSA started collecting telecommunication metadata, its insight into our lives became unnerving. Now we've realized it's far beyond unnerving when Edward Snowden leaked documents showing that at Fort Meade, the team actually has access to the content of our communication via services provided by the biggest tech companies as well.
Now we're at the stage when the same companies are about to start storing even more of our private data, from thermostats and cars to fitness trackers, while intelligence agencies openly admit that's a great opportunity for them to obtain an unprecedented level of knowledge about citizens.
IoT data surveillance opens up access to a whole new layer of private information, especially as it's not only appliances in our homes and offices that will be transferring the data: it's also going to be services built on top of an immeasurable number of sensors we're about to deploy throughout cities, on roads, and in shops. And there is absolutely no regulation in place to keep that under any control.
There will be 50 billion connected devices in the world in 2020, and no laws exist to govern the IoT and its implications for privacy. This in turn, means that other laws will have to apply, including telecom regulations, along with FISA courts.
This doesn't mean no one is trying to introduce some ground rules, though. In 2013, Democrat Mike Capuano introduced two bills to prevent excessive data collection in modern DVRs and automobiles: the We Are Watching You Act and Black Box Privacy Protection Act. As of now, neither even made it to the floor.
There's also the broadly discussed USA Freedom Act, supposed to put a stop to the NSA's bulk data collection, but as Electronic Frontier Foundation (EFF) points out, it has loopholes and compromises that the intelligence community can exploit.
Without regulation, Orwellian insight into behavior of whole societies and individual citizens might soon be at hand's reach for the government. The greatest irony, however, would be if those regulations would come, but as a way to legitimize surveillance, instead of protecting civil liberties.
After all, it's not that hard to imagine lawmakers pushing for the exact opposite of the aforementioned Black Box Privacy Act: obligatory Event Data Recorders in each vehicle, with constant access available to state agents. In other words: a car that could automatically fine you each time you exceed the speed limit or even one that prevents you from doing that at all. Safe? Probably. Terrifying? Absolutely.
And it's just one example of how IoT can become its own parody — if lawmakers go all "1984" with it. Does this mean we should fear the IoT instead of looking at it as next milestone of the digital age? Of course not! It is a truism, but begs to be said now: no technology is good or bad by itself.
IoT has tremendous potential for making our lives easier and businesses more efficient. We just need to be aware of the implications it may have on privacy if we don't watch the hands of those in power close enough.
According to a recent study by Lightspeed GMI, two thirds of Americans would be so outraged (or "completely violated" as the survey states) by a breach of their personal data by a connected device, they would consider taking action. What exactly they mean by that unfortunately remains unknown, but it better have something to do with calling for IoT-related privacy regulations and then closely watching those who will be responsible for implementing them.
Otherwise, we might end up in a super-smart world… where the NSA needs only a FISA warrant to check what's inside your connected fridge.
Will It Take a Catastrophe Before We Lock Down the IoT?
Excerpted from GigaOM Report by Kif Leswing
Security for the Internet of connected devices isn't just about securing data: When our doors, locks, and cars are connected to the Internet, a breach could threaten physical security.
As more devices become connected to the Internet, safety and security considerations often seem like an afterthought — which could be fatal in the case of connected cars or industrial controllers. "If it's got software, it's vulnerable, and if it's connected, it's exposed," said Joshua Corman, Founder of I Am The Cavalry, at GigaOM's Structure Connect conference in San Francisco, CA on Wednesday and was joined onstage by Hugo Fiennes, CEO of Electric Imp.
It's not just your data that's at risk if your car or your lock has an Internet protocol (IP) address, it's also your physical security. Because our dependence on connected technology is growing faster than our ability to secure it, the Internet of Things (IoT) has a problem that doesn't have a clear solution, whether it's public standards, the free market or even government regulations. Consumers don't have a clear authority to whom to turn.
What wi-fi chip maker Electric Imp is counting on is that a secure toolkit will be attractive to connected device makers that don't necessarily have the resources to do security themselves. "Companies who build products can make uses of the security work we've done," said Electric Imp's Fiennes. "Because you can't add security to an insecure system."
But security isn't an end-point, it's a process, and part of having a system that isn't easy to attack is keeping it up to date. Connected devices need to get better at installing updates without user input. "People have too much stuff going on to make sure their lightbulbs are updated," Fiennes said. "You can't be asking did I leave the gas on and are the lightbulbs patched?"
Ultimately, securing devices on the IoT may mean considering whether an object needs to be connected to the Internet in the first place. "It's like 'everything's better with 'bacon' — not everything is better with Bluetooth," Corman said. "Just because you can put connectivity on something, doesn't mean you should."
One important question is whether it will take a disaster for meaningful changes to be made to current connected security practices. "Around the turn of the century, the Cuyahoga River caught on fire, and that's why we have the Environmental Protection Agency (EPA)," Corman said. "I hope we don't have a 'cyber-Cuyahoga' moment before we start doing something."
Warning to Those Who Covet the Data of Internet of Precious Things
Excerpted from The Register Report by Out-Law.com
Data generated by devices in the "Internet of Things (IoT)" age should be "regarded and treated as personal data," data protection authorities from across the globe have agreed.
The watchdogs said it is "more likely than not" that such data can be attributed to individuals.
"IoT sensor data is high in quantity, quality, and sensitivity," a declaration published at the 36th International Privacy Conference last week read.
"This means the inferences that can be drawn are much bigger and more sensitive, and identifiability becomes more likely than not. Considering that the identifiability and protection of Big Data already are major challenges, it is clear that Big Data derived from IoT devices makes these challenges many times larger. Therefore, such data should be regarded and treated as personal data."
The document is not binding on the Data Protection Agencies (DPAs) that attended the conference, which included regulators from across Europe and Asia Pacific. However, it made clear that businesses that embrace the IoT should consider the data generated by devices to be subject to data protection laws, and therefore collected, processed, stored and disposed of in line with those rules.
"Assuming that all data generated by IoT devices is personal data is too simplistic and unhelpful insofar as it transfers the burden of proof onto data controllers to demonstrate otherwise," data protection law specialist Marc Dautlich of Pinsent Masons, the law firm behind Out-Law.com, said. "A better approach for all would be to undertake a considered analysis of the data generated by IoT devices, including analytics derived from their output, and use that as the basis for the organization's privacy strategy."
The declaration said that businesses using connected devices must be "clear" with individuals "about what data they collect, for what purposes and how long this data is retained". Consumers should not experience any "out-of-context surprises" about the way in which their data is processed, it said.
"When purchasing an IoT device or application, proper, sufficient and understandable information should be provided," the declaration said. "Current privacy policies do not always provide information in a clear, understandable manner. Consent on the basis of such policies can hardly be considered to be informed consent. Companies need a mind shift to ensure privacy policies are no longer primarily about protecting them from litigation."
The declaration outlined the DPA's backing for new technology that accounts for privacy by the way it has been designed. The concepts of "'privacy by design' and 'privacy by default' should become a key selling point of innovative technologies", it said.
The watchdogs said "local processing" on devices should be encouraged in an effort to minimize data security risks, but that "end-to-end encryption" should be put in place if local processing is not possible to ensure the data passing over a network between devices is not subject to "unwarranted interference and/or tampering".
A separate resolution on "Big Data" was also adopted at the conference. The resolution outlined the watchdogs' support for principles such as data minimization and called on businesses to give consumers access to "effective tools to control their information".
The DPAs also agreed on a new framework for "increased enforcement cooperation" at the conference.
Right Time for Internet of Things Regulations?
Excerpted from JD Supra Report by Giulio Coraggio
Internet of Things (IoT) technologies are already all around us and with a market that is expected to reach a value of more than $ 14.4 trillion over the next decade with 50 billion connected devices by 2020, the question is whether ad hoc regulations are necessary to govern the IoT sector.
The current rules applicable to wearable technologies, smart cities, smart home devices, and eHealth technologies have not been drafted having in mind IoT platforms. The consequence of that is that lawyers and regulators need to adapt rules issued to regulate a completely different environment reaching sometimes the conclusion that such regulations would make IoT projects either financially or operationally unworkable.
Telecom regulators that are now running consultations on Machine-to-Machine (M2M) and IoT technologies might struggle to see how current telecom roaming regulations can for instance operate for smart city or smart home devices that should be run on a permanent roaming status. Likewise, current telecom obligations might be disproportionate for M2M communications while an exemption to the applicability of current regulations for such technologies should be considered.
And the same applies with reference to data protection regulations. The position recently taken by the European privacy regulators on the IoT might lead to a competitive disadvantage of the European Union if compared to the US and Asia where more liberal data protection regulations are in place. This is the reason why we are currently in discussions with privacy regulators to find solutions ensuring data protection compliance, but at the same time preventing privacy regulations from becoming an obstacle to the growth of such technologies.
It is still unclear the approach that regulators are planning to follow. The initial impression is that some regulators believe that IoT technologies are difficult to identify since the category is very broad and still has to become part of our lives. This would prevent them from putting in place, for instance, exemptions to the applicability of specific regimes.
IoT technologies are still in an initial growth phase. However, considering the current growth estimates, it is certainly at least arguable that it is too early to regulate the IoT sector. The examples above show that current regulations might actually slow down the development of these technologies in a period of financial crisis when they might be more needed.
This might be, among others, the case of telemedicine and eHealth projects that might lead to considerable savings for the national healthcare system especially in a period when the average age of the worldwide population is increasing.
Such a proactive approach has been adopted by the UK telecom regulator, OFCOM, in its consultation on the IoT where the main objective has been to set the most appropriate regulatory framework to foster the growth of such technologies. And, based on our discussions with regulators, a similar approach is being followed in some other jurisdictions.
We will see the outcome of this transitional period and which regulator will take the first move to govern the IoT.
Technology Alone Isn't Going to Secure IoT Connected Devices
Excerpted from SC Magazine Report by Charles Wheeler
A recent study from Hewlett-Packard found that 70 percent of Internet of Things (IoT) devices contain serious vulnerabilities. Recent events prove that these vulnerabilities are being exploited on a daily basis. The good news? We can fix the problem.
With every technological advancement the IT industry has made to protect devices, it has gained knowledge and insights into how to best combat attackers and elevate security. However, it's clear that these vulnerabilities continue to exist, despite our best efforts to combat them. In fact, we have addressed many of the same problems before. Innovation often outpaces security because information security is not just a technical problem; it's a business problem.
When a major breach occurs, the press lights up with articles and stories about personal information security. Most of this advice is excellent, you really should be using strong passwords. But we get the same advice, over and over, since the early days of the Internet. Why?
In its report, HP states the most common security issues reported from the scan of 10 of the most popular IoT devices included privacy concerns, insufficient authorization, lack of transport encryption, insecure web interface, and inadequate software protection. While concerning, HP also offers some advice on how to improve the security of these IoT devices, and what to look out for before investing in the technology.
What HP does not address is that the reason these problems continue to exist despite repeated dire warnings is that it is often difficult to create a business case around information security. In addition to the technical advice about personal information security and good development practices, there are some basic rules to follow when dealing with the business side of security.
In the past a data breach could be kept quiet and dealt with internally, but that is no longer the case. If you are a company of even moderate size or importance any loss of customer data will be widely reported in short order. Your stockholders and your board are going to want an explanation from senior management, and it is a good bet your CEO already knows this. Explain your security plan in plain English and provide detailed information. A plan to set up VLANs with an IPS system and a security review of third party hardware are all good ideas. Explaining that this might help prevent a loss of credit card data from a bad POS system, similar to the recent Home Depot incident, is better.
If you are planning to use, develop or integrate with an IoT product, please do your homework and follow these tips:
Insist on a strong identity. The first step to securing information is having a strong identity. It doesn't matter if it's through passwords, biometrics, tokens or any other method. Use multi-factor authentication, make sure your identities are stored securely and never transmit credentials in clear text. Now that it is 2014, it's inexcusable for developers to create or consumers to accept weak authentication in any product. Many IoT devices offer users the opportunity to create strong identities when used properly. For example, the Nymi wristband uses your heartbeat, which is as unique as a fingerprint, to wirelessly take control of computers, smartphones, cars, and more.
Don't trust the protocol. The truth is, many communications protocols were not designed with security in mind. With that said, take it into account and anticipate that other devices connected to yours are not always properly secured. By expecting the worst, or at least by expecting a lack of security, device users should be able to proactively protect themselves from unsecure protocols.
Security does not equal privacy. This may seem obvious, but when these two terms are associated with the IoT, the definitions can get murky. Security, in its very basic form, means safety, protection, and defense. Privacy, on the other hand, means secrecy. While the terms can go hand-in-hand, they are not one in the same. For connected devices, collecting personal data is the point of the product. For example, Nest and FitBit wouldn't be the same if they didn't collect your personal data and learn from your habits. This collecting of information can be seen as an intrusion into privacy, but should not jeopardize any security.
Data security is a product, Big Data is big business at the moment; use that to your advantage. Protect that data just like any other trade secret. Protection of that information is likely to be a key selling point to the next generation of consumers.
We will continue to go through the vicious cycle of data gathering and data loss as long as security remains locked in the IT space. Until security gets the same attention and resources as Sales or R&D, we will always be one step behind the bad guys.
Security Jobs are Hot, Thanks to the Internet of Things
Excerpted from InfoWorld Report by Bill Snyder
My reporter's baloney detector flashes red when an analyst or a PR person shows me a chart with a growth curve that looks like a hockey stick. Thus, I remain skeptical of claims that the so-called Internet of Things (IoT) will result in 25 billion or even 50 billion connected devices and a couple of million new jobs for security professionals around the world in the next few years.
Nonetheless, security is probably the hottest topic in IT right now, and the public is being barraged by stories of data breaches, ransomware, security holes, and the NSA's widespread data collection. Huge bets on mobile payment schemes like Apple Pay and Google Wallet could flop if users are scared off by fears that their personal data is at risk, and banks and large retailers are getting tired of apologizing for security lapses.
Hockey-stick charts aside, there is a growing demand for security professionals. Security-related certifications are becoming more valuable as technology vendors like Cisco Systems move to make those certifications more reflective of the current threat environment.
There are more than 7,000 security-related jobs posted on Dice.com — an all-time high — and pay premiums for eight security-related certifications increased by more than 10 percent in the second quarter of the year, according to Foote Partners.
Those jobs are worth serious money: The median pay for a security architect at midyear was $116,000, according to Payscale.
Even if the IoT isn't as large as some claim, connected devices are popping up in new places that need to be defended. "The factory floor wasn't a place where there were security threats. Now it is," says Tejas Vashi, a director of product strategy and marketing at Cisco.
He's right. Intel, for example, is placing connected sensors on equipment in its fabs, while customers of Teradata are using predictive analytics and data stores to manage supply chains and enable just-in-time manufacturing of everything from golf clubs to automobiles. Because those sensors and controllers feed data to the cloud, security specialists are suddenly confronted with a very different landscape.
As the network (in the broad sense) expands into new territory, IT employees whose jobs, such as network engineers, were not closely related to security — someone else would handle that aspect — now have to learn about cyber security, says Vashi. The same goes for public works engineers in cities like Newcastle, Australia, where the city is embedding connected sensors under parking spaces and atop street lights.
It's not likely that anyone wants to hack into a parking meter, but connected devices, whether they're on the street or in someone's home, create a pathway into the heart of the network. They have to be defended.
From a personnel point of view, the challenge of defending a much larger network is twofold: Security professionals need to update their skills, and companies need to hire more people.
When Foote Partners released its skills and certification survey this summer, the value of security-related certifications and noncertified security-related skills soared. For example, EC-Council's Computer Hacking Forensic Investigator certification, a new entry in the highest-paying IT certification list, gained an astounding 66.7 percent from a year earlier. In 2014, any talk of hot security certifications has to include CSSLP, Certified Secure Software Lifecycle Professional. In the second quarter, its value grew 17 percent, after increasing 40 percent in the preceding year.
Although certifications historically have been product-focused, more are becoming job-focused, such as a Cisco Industrial Network Specialist, one of several new certifications the networking giant has created. At the same time, Cisco is revising the qualifications for existing certifications much faster than in the past, Vashi notes.
On the job front, Dice.com has postings for 7,251 security-related jobs, an increase of 38 percent in the last year. In that category, the fastest-growing listing was "cybersecurity," which had a total of 2,716 jobs — a jump of 92 percent from a year earlier.
Here are some examples culled from those lists: United Airlines has an opening for a senior analyst in cybersecurity intelligence. Boeing is also hiring a cybersecurity specialist. Northern Trust is looking for a network security tester.
Will the IoT bring a million or two new jobs in security? I doubt it. But there's no doubt that security is hot, and IT pros who have skills in security are in a great position to cash in — and do something productive in the process.
Telefonica Launches First Consumer IoT Product
Excerpted from M2M Magazine Report
Telefonica today launched Thinking Things, the first Internet of Things (IoT) product that enables mainstream consumers to connect almost any device wirelessly to the Internet.
Thinking Things is a set of low-cost modular devices fitted with different sensors which connect to the cloud, and enable users to tap into all the possibilities offered by the IoT. It is a plug-and-play solution that enables users to develop their own smart solutions without any programming knowledge or having to install additional infrastructure.
The first Thinking Things pack to be marketed by Telefonica is the Environmental Pack, a set of modules that enables users to monitor in real time and remotely the temperature, humidity and light intensity of a given place, and to program automated tasks.
A whole host of additional modules such as presence, pressure, humidity and temperature sensors; impact meters; audio and LED notification modules; and timers can also be added.
The modules are pieced together by simply fitting them on top of each other like pieces of Lego. The device then automatically connects with the Thinking Things software platform in the cloud and starts to monitor all the defined parameters and execute the pre-programmed commands.
Francisco Jariego, Telefonica I+D's Director of Industrial Internet of Things, said, "This is a major step in Telefonica's journey into the Internet of Things. Our aim is for Thinking Things Open to become an open ecosystem in which any object or device can be connected to the Internet".
Thinking Things uses open hardware developed in collaboration with Arduino and 2G connectivity available in Europe, the United States and Latin America. It provides an API that allows developers to create their own IoT solutions (via apps or online) and increase the possibilities of the modules. It is an affordable solution with prices starting at 90 euros, thereby putting the possibilities offered by M2M technology within everybody's reach.
Thinking Things is an important part of Telefonica's strategic investment in the IoT and M2M, an area which major IT consultants estimate will grow in excess of 2,400% between now and 2020.
Telefonica is one of the largest telecommunications companies in the world in terms of market capitalization and number of customers. With its best in class mobile, fixed, and broadband networks, and innovative portfolio of digital solutions, Telefonica is transforming itself into a "Digital Telco," a company that will be even better placed to meet the needs of its customers and capture new revenue growth.
The company has a significant presence in 24 countries and a customer base that amounts more than 316 million accesses around the world. Telefonica has a strong presence in Spain, Europe, and Latin America, where the company focuses an important part of its growth strategy. Telefonica is a 100% listed company, with more than 1.5 million direct shareholders. Its share capital currently comprises 4.551.024.586 ordinary shares traded on the Spanish Stock Market (Madrid, Barcelona, Bilbao and Valencia) and on those in London, New York, Lima, and Buenos Aires.
Coming Events of Interest
International Conference on Cloud Computing Research & Innovation — October 29th-30th in Singapore. ICCRI:2014 covers a wide range of research interests and innovative applications in cloud computing and related topics. The unique mix of R&D, end-user, and industry audience members promises interesting discussion, networking, and business opportunities in translational research & development.
GOTO Berlin 2014 Conference — November 5th–7th in Berlin, Germany. GOTO Berlin is the enterprise software development conference designed for team leads, architects, and project management and is organized "for developers by developers". New technology and trends in a non-vendor forum.
PDCAT 2014 — December 9th-11th in Hong Kong. The 16th International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2014) is a major forum for scientists, engineers, and practitioners throughout the world to present their latest research, results, ideas, developments and applications in all areas of parallel and distributed computing.
Storage Visions Conference — January 4th-5th in Las Vegas, NV. The fourteenth annual conference theme is: Storage with Intense Network Growth (SWING). Storage Visions Awards presented there cover significant products, services, and companies in many digital storage markets.
International CES — January 6th-9th in Las Vegas, NV. The International CES is the world’s gathering place for all who thrive on the business of consumer technologies. Held in Las Vegas every year, it has served as the proving ground for innovators and breakthrough technologies for more than 40 years — the global stage where next-generation innovations are introduced to the marketplace.
The DCIA's IoT at CES — January 6th-9th in Las Vegas, NV. Twelve hours of demos, displays, and discussions of the the Internet of Things (IoT) in daily segments webcast live from the DCIA's CES 2015 exhibit-booth studio in the South Hall of the Las Vegas Convention Center.
|
