Understanding the IoT or IIoT Ecosystems Prior Deployment
Author: Daniel Ehrenreich, Consultant and Lecturer, SCCE
Business opportunities created by the Internet of Things (IoT) and the Industrial IoT (IIoT) are among the most debated topics, as these are designed to function in a broad range of consumer and industrial applications. Manufacturers of IoT components believe in this new trend, but many of them still not understand the essence of the IoT concept. In reality, we must accept that not every controlled device is an IoT nor IIoT.
The IoT/IIoT concept is a communication-based eco-system in which control devices, CCTV cameras and industrial sensors communicate via the Internet with cloud-based computer systems and data sources, and the result of this process is displayed on a computer screen, smartphone or used for optimal activation of a process. Through an IoT/IIoT ecosystem’s operation you may boost productivity and achieve unique benefits. Examples of IoT/IIoT include applications such as; remote operation of home appliances, medical devices, check on product availability a in a store, warnings on unusual conditions and malfunctions, etc.
Leading market research firms already estimate that by 2020 there will be over 20 billion IoT/IIoT devices worldwide. Although the forecasted figures are growing rapidly, it is not clear whether these figures correctly refer to devices which can or should be considered IoT or IIoT. It is strongly recommended that the following factors shall be taken into consideration prior you start spending your money on deployment.
Connected devices not considered as IoT/IIoT
Facts are that not all devices can be accepted to the “IoT/IIoT Club”. Through the following three examples I will try to clarify the main considerations referring to this topic.
- You purchased a home air conditioner activated by a smartphone or a web based application. If the packing label shows “Wi-Fi-Ready”, you can do that, but it will not necessarily make it an IoT, since direct remote activation by itself is not a sufficient condition to call your appliance an IoT.
- You consider to add a vibration sensor to a large water pump or gas turbine to diagnose a malfunction. This is also not an IIoT, as the vibration sensor device is reporting to a special PLC and the ICS computer which control the operation of that machinery and may stop it if a fault is detected.
- You purchased a CCTV camera, which is connected to a home computer or a VCR for security surveillance and 24/7 loop recording. This is also not an IoT, because that system does not require additional data from external resources and not require computing processes.
These devices are considered as IoT/IIoT
Here are few commercial, consumer oriented and industrial examples, that according to listed explanations are considered appropriate for being considered as IoT/IIoT ecosystem.
1.-Computerized control of a washing machine. The IoT system is using the built-in controller, which support the decision related to optimal starting time of the washing process. Consequently, the IoT controller device communicates with cloud based data sources related to the following considerations:
- Is there a report from the electric company on unusually high loading of the power grid at the neighborhood? If yes, the washing process is delayed, because the start time is not critical.
- The ecosystem will clarify if is it forbidden to generate unusual noise in a residential area such as may be caused by the washing or dryer machine? If yes, the washing process will be delayed
- Is there sufficient amount of hot water from the sun-roof boiler as required for the washing? If not, the washing operation is delayed until electric heating of the water is completed.
2.-Operation of a solar or wind power plant can be controlled by an IIoT process. After the plant receives a request to start supplying power to the grid, the IIoT ecosystem system checks for the following conditions:
- Is the forecasted intensity of sun-rays during the next few hours adequate to generate the required amount of energy to the grid? If not, the power plant activation is refused.
- If the operator has alternative resources that are more suitable to generate electricity (wind, etc.) for the requested period? If yes, the power plant activation is arranged accordingly.
- If there are no other alternatives, the solar or wing power plant will be activated with limiting conditions, and the power grid operator will be advised accordingly.
3.-An order is received to purchase a certain type meat for home use. Following this requirement, the customer can start and IoT-based search using his smartphone:
- In which food chain is the required item available, and what is the ticket price
- Which stores are active during the hours when the purchase is required
- The outcome of that process shall be a list of options sent to the customer
From the three examples listed above you may learn that the IoT/IIoT concept is applicable when it is impossible to perform a simple interaction between the requesting entity and the device which provides the service. IoT/IIoT systems allow such interactive process through cloud-based data resources.
Do you recognize reasons for concerns?
Definitely yes, because a huge amount of cheap IoT components without professional configuration and without cyber security measures already started to flood the network and allow cyber-attacks from a variety of directions. Can ordinary home owners properly configure these devices, replace the default password and detect DDoS-type security breach? Of course not, and that is also a huge problem.
Today, as a result of excitement towards IoT market, none wants to remember the early 2000’s and the “dot.com” bubble. Then professional companies invested billions of dollars in products and solutions that did not provide benefits for which users were willing to pay. The true benefits came only years later, and then more resources were required to create new business models in order to recover their losses.
We all hope for huge IoT/IIoT deployments in the future, as this is good for users, vendors and also for innovation. But, anyone considering to develop a new IoT/IIoT ecosystem, shall focus on finding a real need and properly design a cloud-data based ecosystem that delivers true benefits.
Cyber protection for any IT and ICS architecture consists of three essential elements that are achievable:
a) The use of security technologies
b) Strict adherence to policies
c) Careful user behavior.
This is also true for future IoT/IIoT ecosystems. New technologies, components and architectures must include cyber protection as part of the IoT/IIoT ecosystem at no extra cost, and hopefully this will drive the success.
Daniel Ehrenreich, BSc. is a Consultant and Lecturer acting at Secure Communications and Control Experts, teaching at cyber security colleges and presenting at ICS cyber defense conferences; Daniel has over 25 years’ engineering experience with electricity, water, gas and power plants systems as part of his activities at Tadiran, Motorola, Siemens and Waterfall Security. Selected as Chairman for the ICS Cybersec 2018, taking place on 11-10-2018 in Israel. Linkedin