Online Trust Alliance Releases Report Regarding Shared Responsibility and the IoT
The Online Trust Alliance (OTA) has released its fourth in a series of vision papers, titled “Securing the Internet of Things; A Collaborative and Shared Responsibility.” The report, released in recognition of National Consumer Protection Week, outlines the imperative actions that businesses, consumers and governments must take to ensure the security, privacy and vitality of Internet of Things devices.
“The thousands of new Internet-connected devices are dramatically improving the way we work and live,” said Craig Spiezle, OTA’s president and executive director, in a prepared statement. “However, many IoT devices appear designed primarily for convenience and functionality without much, if any, attention to long-term security or privacy.”
The paper likens connected device security and privacy to global warming. It warns that if there isn’t a concerted effort by all stakeholders, there will be a mass weaponization of devices—ranging from unlocking doors and disabling fire alarms to the theft of personal and business property. As highlighted by the recent connected device privacy and security missteps by D-Link, Spiral Toys and Vizio, OTA believes IoT companies are not heading in the right direction.
“Much like global warming or industrial pollution, there will be long-term consequences resulting from inaction with IoT threats,” the paper states. “The impact of these threats has jumped to the physical world. The lack of action has created a treasure chest ripe for abuse by white collar criminals, terrorists and state sponsored actors as IoT devices become weaponized. Left unchecked we may realize a “digital environmental disaster.”
In the paper, OTA claims that IoT devices are reaching a crossroads in which regulation may be required. However, OTA acknowledges that passing regulation will take too long and will never keep pace with the evolving threat landscape. With the Trump administration’s stated goal to eliminate two regulations for every new one introduced, OTA does not expect government to solve this problem any time soon. It details how stakeholders have a collaborative and shared responsibility:
Retailers, Resellers & E-commerce Sites: The retail channel is perhaps the most influential party holding the keys to change. Not unlike retailers pledging not to sell products made by child labor or those from unsustainable forests, they play a pivotal role in setting baseline security and privacy measures for the products they profit from.
Developers, Manufacturers and Auto Makers: Manufacturers need to disclose their security support commitment to users prior to purchase. Not unlike food nutrition labels or new car stickers, they need to clearly articulate their security and privacy policies. Such notices should be included on product packaging and point-of-sale materials to easily inform consumers prior to purchase.
Brokers, Builders, Car Dealers and Realtors: A smart home or connected automobile can be an attractive selling point for every buyer or renter. Often listed as a home or car feature, sellers should be encouraged to disclose all such devices and features, disable their access, and provide new owners the ability to re-set them. At “closing,” car rental or sale, they should be required to turn in their physical and digital keys, and remove all personal data.
Internet Service Providers and Wireless Carriers: Botnets taking control of IoT devices has become a reality with the discovery of thousands being commandeered to attack high-profile websites, rendering them inaccessible. In several countries, including Australia and Germany, Internet Service Providers are required to block botnets emanating from residential IP addresses. While many have recognized this as a best practice, U.S.-based ISPs and wireless carriers are not required to take action.
Regulators and Policy Makers: To promote innovation and commerce, regulators should encourage self-regulation while providing a “safe-harbor” to device manufacturers that demonstrate they have adopted reasonable security and responsible privacy practices. Conversely, companies that fail should be put on notice that they may be exposed to oversight, fines and or class-action suits.
Consumers: Consumers must recognize the need to patch and ultimately replace insecure devices beyond their expected security life. When buying a connected device one should review the company’s support commitment and privacy policy. If this information is not readily available or if their privacy practices are unacceptable, look for another product or retailer.
OTA’s “Securing the Internet of Things; A Collaborative and Shared Responsibility” vision paper is available here. OTA’s IoT resources, including the IoT Trust Framework outlining required device security norms and responsible privacy practices, are posted here. The framework was developed through a multi-stakeholder process that provides developers with actionable and prescriptive advice to ship and maintain security and privacy for the life of their products and applications.
Coresystems Intros Software Platform to Provide Real-Time Customer Service for the IoT
Coresystems, a provider of cloud-based field service and workforce management software for field service organizations of all types and sizes, has introduced the Project Management Module, a new enhancement to its field service software platform. With the new offering, Coresystems is enabling customers to crowd-source their field service operations through a “crowd service” delivery model, in order to reduce operational expenditure and risk, while increasing customer satisfaction and revenue.
The exponential growth of the Internet of Things and the real-time connectivity it enables have led to a spike in consumer expectations for instantaneous customer service. As a result, organizations of all sizes and across all industries have been forced to rethink their strategies for customer service delivery, including workforce resources and supporting technologies. In so doing, many organizations find that they lack the technician specialists required to deliver real-time field service to their customers, and until now there has been no technology-based solution to help organizations find and deploy those specialists. Compounding this resource availability problem is the fact that every day, the number of IoT-connected devices in circulation is increasing, which further adds to organizations’ backlogs of field service requests.
Coresystems developed its real-time field service software platform to help organizations improve their business and field service processes. With the introduction of the Project Management Module, Coresystems can offer its customers access to a delivery model based on crowdsourcing. Through this model, organizations will be able to utilize a platform that connects all qualified field service technicians for a certain service requested by a customer, and those technicians will then be instantly available to the field service organization.
The Project Management Module enables this by providing functionality to help customers build project structures with phases, activities, dependencies and skills; an artificial intelligence engine to automatically assign the project activities to the required qualifications, skills and dependencies; and an overview of the current execution of each project.
Key features include management of project phases, activities, dependencies and related properties to help customers quickly establish project structures; the ability for customers to release their projects to the crowd with automatic assignment to the right technician; and a comprehensive overview of each project execution.
“We understand first-hand the complexities that the IoT and the increasing digitalization of business are bringing to traditional customer service delivery models,” said Manuel Grenacher, Coresystems’ CEO. “Put simply, many organizations are under-equipped to meet the customer service needs of today’s ultra-connected consumer—either because they don’t have enough field service technicians or because the technicians they have aren’t up to speed on today’s technologies. Based on this, we saw a need for businesses to look beyond their own organizations to find the field service resources they now require. With Coresystems’ crowd service, organizations are able to leverage the sharing economy model to deliver the real-time service demanded by their customers – and in doing so, they’re able to significantly increase customer satisfaction while enjoying the double benefit of reduced operational costs.”
STMicroelectronics Offers Cloud-Compatible Wi-Fi Module for IoT, M2M Applications
The latest cloud-compatible Wi-Fi module from STMicroelectronics is set to accelerate development of all kinds of Internet of Things and machine-to-machine devices. The new module provides advanced Internet-security and application protocols, and features a microcontroller capable of supporting operation in standalone or serial-to-Wi-Fi modes.
The SPWF04 Wi-Fi module integrates an ARM Cortex-M4 STM32 microcontroller with a rich set of multi-functional GPIOs and with 2 MB of on-chip Flash and 256 Kbytes of RAM for code and data storage. Further features include a hardware cryptographic accelerator and an SPI port for faster host communications. In addition, the new MicroPython scripting engine dramatically simplifies development of custom applications to run directly on the module in standalone mode. Host interactions can use AT commands via a UART, compatible with the previous generation of Wi-Fi modules, or an equivalent proprietary protocol over SPI.
Support for strong Internet-security protocols includes WPA2-Enterprise, which enables enhanced authentication and access control in large networks, and Wireless Protected Setup (WPS) that helps safely connect devices like printers or embedded systems. There is also support for advanced HTTPS and encryption protocols, including Transport Layer Security (TLS), as well as Secured Over-The-Air (OTA) updates for applying software, firmware or Flash file-system upgrades in the field via the Wi-Fi connection.
A full-featured TCP/IP protocol stack, including HTTP, HTTPS, MQTT, SMTP and WebSockets, simplifies connections to the cloud and mobile devices, such as smartphones or tablets. Multiple UDP protocols, including TFTP, SNTP and mDNS, aid device discovery and file exchanges. Further highlights include IPv6 support, extended Web-server functionality to simplify interaction with connected devices, and a REST (REpresentational State Transfer) API that enables bandwidth-efficient interaction with web resources.
Operating modes simplify integration with existing network infrastructure, using the module in Station mode, or setting up direct point-to-point connections using the module in MiniAP mode as an access point for other devices (up to five stations). The SPWF04 also comes with a socket layer capable of managing up to eight socket clients or two socket servers, simultaneously handling up to eight clients each, or two WebSocket clients.
Like its predecessor, the SPWF04 benefits from high RF output power and receiver sensitivity, ensuring reliable communication even in harsh environments. Furthermore, the new module delivers its extra performance and versatility within tight size and power constraints: it measures just 26.92 millimeters by 15.24 millimeters by 2.35 millimeters and draws as little as 40µA in standby and 5mA in idle connected (DTIM=1) mode.
The SPWF04 is available in two versions, with an ISM-band antenna (SPWF04SA), or a built-in U.FL connector for attaching an external antenna (SPWF04SC). Modules are FCC (US), CE (EU) and IC (Industry Canada) certified and RoHS compliant, thereby helping to streamline mandatory end-product approvals.
Fujitsu, Enmo Technologies Collaborate on Technology for Fujitsu IoT Devices
Fujitsu Components America and enmo Technologies, a provider of mobile IoT solutions, have announced a technology collaboration to support Fujitsu IoT devices in the enmo Platform. The first result of this collaboration is that the Fujitsu Sensor Beacon IoT device now is supported in the enmo Platform.
“We worked very closely with enmo to port their IoT.Over.Beacon technology to our Sensor Beacon IoT device,” said Bob Thornton, Fujitsu Components America’s president and COO, in a prepated statement. “Complete Smartphone Apps for IoT deployments that use our Sensor Beacon now can be developed and launched in minutes through the enmo Platform. We look forward to continuing to work with enmo to have their Platform support other Fujitsu IoT devices, such as our Blue Brain module.”
“The Fujitsu Sensor Beacon is a great solution for industrial and enterprise IoT applications,” said Mike Speckman, enmo’s chief business officer, in the prepared statement. “The off-the-shelf availability of the Sensor Beacon and our rapid Smartphone App Development Platform means that engineers can quickly prototype a complete hardware and software IoT application. We believe our cooperation with Fujitsu enables new and valuable IoT use cases, especially in monitoring industrial equipment conditions in logistics and in asset tracking.”
The Fujitsu Sensor Beacon is a compact mobile IoT device containing a Bluetooth radio module, as well as temperature and accelerometer sensors. It is powered by a CR family lithium coin battery.
Enmo’s support for the Fujitsu Sensor Beacon includes IoT.Over.Beacon-based reference firmware (movement-triggered data logger); enmo’s development apps (available in theApple App Store and Google Play Store); the ability to use the enmo Platform to quickly create custom smartphone Apps for applications using the sensor beacon. Additional information about enmo’s support for the Sensor Beacon is available here, while developers can sign up for a free trial of the enmo Platform here.
Opto 22 Accepted into IBM Watson IoT Partner Ecosystem
Industrial automation manufacturer and Internet of Things application toolset provider Opto 22 announces acceptance into the IBM Watson IoT Partner Ecosystem. This partnership provides developers with a toolset for building applications that connect real-world signals and data from industrial “things” to the digital world of information technology, mobile and cloud computing.
A Business Insider report forecasts that there will be $4.8 trillion in aggregate IoT investment between 2016 and 2021. Billions of sensors, machines and devices already exist in industrial infrastructure, but are currently unable to connect to the Internet of things and cloud-based applications, like the IBM Watson IoT Platform.
This legacy equipment holds valuable untapped data that is needed to improve business processes and decisions in almost every enterprise and every industry. The partnership between IBM and Opto 22 enables developers to rapidly design, prototype and deploy applications to connect existing industrial assets to the IBM Watson IoT platform, and to share their data, capabilities and resources with other connected systems and assets, to build the Industrial Internet of Things.
Building IIoT applications has historically been complex, requiring multiple layers of expensive middleware and significant developer manpower. IIoT applications built from the ground up can take months or years, and require expertise in both the operations technology domain, where industrial assets live, and the information technology domain, where digital and cloud computing assets exist. These long development cycles increase cost, slow time to market and increase risk of IIoT project failure for customers. Together, these problems delay and reduce the return on investment for implementing IIoT applications.
Through this new partnership between IBM and Opto 22, developers and systems integrators have a concise toolset for connecting the OT and IT domains. The partnership combines more than 40 years of OT domain expertise and innovation from Opto 22 with more than 100 years of IT domain expertise and innovation from IBM. Combining open technologies like RESTful APIs and Node-RED with powerful and computing platforms like the IBM Watson IoT platform decreases development time, eliminates the need for expensive middleware, reduces risk for customers and gets solutions to market faster.
According to Evans Data Corp., 79 percent of Internet of Things app developers spend at least 25 percent of their time on developing analytics tools. The Watson IoT Platform reduces the need to focus on developing analytics systems and provides everything required to harness the full potential of the Internet of Things. Rather than reinventing the wheel, developers can tap into the already built toolset provided by the IBM Watson IoT Platform.
Developers can connect, set up and manage edge-processing devices like programmable automation controllers from Opto 22 and apply real-time analytics, cognitive services and blockchain technology to the data generated by these devices. Cognitive APIs deliver natural-language processing, machine-learning capabilities, text analytics and image analytics to help developers realize the potential of the cognitive era with the IBM Watson IoT Platform.
mPrest, New York Power Authority Deploy Software to Ensure Reliability of Statewide Critical Power Infrastructure
mPrest, a provider of mission-critical monitoring, control and analytics software for utilities, and the New York Power Authority (NYPA), have announced their decision to operationally deploy a predictive health analytics application that enhances the operational reliability and cost-effectiveness of NYPA’s critical assets network.
mPrest’s Asset Health Management application was developed in collaboration with NYPA and is already deployed and monitors the operational health of NYPA transformers in real time, assisting to improve reliability and maximize efficiencies at NYPA’s Niagara Power Plant, which is one of the largest renewable energy sources in the nation. The NYPA-mPrest partnership reduces costs while ensuring that New York remains at the forefront of technological innovation.
mPrest’s software taps into the power of the Industrial Internet of Things to closely monitor equipment and systems outfitted with online and offline sensors, allowing for real-time monitoring and data analysis, as well as enhanced control capabilities. At the Niagara Power Plant, mPrest’s software platform analyzes information from sensors on electrical transformers to automatically diagnose their operational health and predict potential malfunctions and failures. These new capabilities enable strategic maintenance of the transformers optimizing their efficiency, avoiding outages, reducing operational costs and supporting reliable power supplies for New Yorkers.
“Our partnership with the talented, forward thinking electricity engineers and experts at the New York Power Authority has resulted in the development and deployment of a first-of-its-kind, comprehensive monitoring and control system,” said Natan Barak, mPrest’s founder and president, in a prepared statement. “In a record amount of time, we, together with NYPA, determined what was needed, and created an unprecedented, effective solution that will reduce operational risks, deter unplanned down time, and prevent expensive maintenance costs. I believe that this technology achievement will lead to broader partnership between Israel and New York State.”
“Our transformer system is a critical piece of our statewide power infrastructure, raising the voltage or ‘electrical pressure’ of power so that it can be transmitted long distance over the state’s grid”, said Gil C. Quiniones, NYPA’s president and CEO, in the prepared statement. “Through our collaboration with mPrest, we can now accurately predict potential failures through better diagnostics and prognosis. As we actively pursue becoming the ‘first completely digital utility in the country,’ it is through cutting-edge technological innovation like this one, made possible with the intelligence, dedication and cooperation of our partners, that we have developed a unique, effective way of monitoring our transformers.”
Following testing using historical performance data by the Electric Power Research Institute that proved the mPrest platform effective, NYPA is looking at additional applications for this technology. EPRI conducts research and development relating to the generation, delivery and use of electricity for the benefit of the public. The mPrest product-based platform combines offline dissolved gas analysis with online DGA to provide precise guidance for when to undertake transformer maintenance for optimal performance.
NXP, Canonical to Demo IoT Gateways at Embedded World
NXP Semiconductors and Canonical have collaborated to port Ubuntu Core to the LS1043A, a quad-core system-on-chip targeted at Internet of Things gateways and networking equipment. With this combination, device manufacturers gain a platform with which to build high-throughput IoT gateways.
Ubuntu Core has been used in a variety of devices from IoT gateways to network equipment. IoT gateways benefit from the wide support of IoT protocol available on Ubuntu, and let developers utilize the edge-computing capabilities offered by the LS1043A to run advanced analytics and artificial-intelligence models. Embedded networking products can run standard Linux applications such as Quagga or Sonic. Ubuntu Core thus makes full use of the LS1043A’s network and IO features, such as packet acceleration, to simultaneously support high bandwidth traffic to smart devices over 802.11ac, as well as IoT data collection via Bluetooth LE, Thread, ZigBee or other low-power wireless standards.
Ubuntu Core allows device manufacturers to use the Snaps cross-platform Linux packaging format to build applications. Snaps offers a number of features for device manufacturers throughout the software-management lifecycle, from development to deployment and from security to business models.
Snaps allows developers to create, package, test and distribute self-contained applications based on thousands of existing Ubuntu and Linux libraries. This means device manufacturers can reduce development time, the company explains. Snaps can also help with monetization, as the system can be deployed within a branded store.
“We are pleased to be working with Canonical to demonstrate the full IoT capabilities of Ubuntu Core on the NXP LS1043A,” said Richard House, NXP’s VP of software development and digital networking, in a prepared statement. “Ubuntu Core will provide our customers with a great tool to go from development to production on the scalable Layerscape family of SoCs.”
The LS1043A is part of the QorIQ Layerscape family, which offers additional security via Trust Architecture. According to the company, this complements security features associated with Snaps, such as read-only images, authentication of application origin, confinement, isolation and transactional updates. As the Ubuntu Core image is built from the ground up using Snaps, the entire device stack can benefit from tools to continuously update the stack and roll-back in case of update failure, thereby ensuring the devices’ security and integrity.
CEL Unveils Article for IoT Design Engineers
CEL recently published an article titled “Alphabet Soup: Understanding IoT Acronyms and How to Compare Them,” by Matt Smith. The article is intended to help product managers and IoT design engineers understand the ever-changing and complex maze of communication standards and protocols involved with the Internet of Things.
One of the most important decisions developers face is which communication protocols to choose, the company reports. This decision impacts hardware choices, as well as what devices and functionality are available. Communication protocols need to be grouped together, CEL reports, noting that only certain protocols can connect to each other.
CEL’s technology-agnostic blog is intended to address these and other issues. “As the Internet of Things (IoT) industry continues to expand, new information on emerging best practices, technical specifications and design considerations continues to flood the market,” Smith wrote in the article. “Here at CEL, one of our priorities is helping you navigate through the deluge of information and identify which technology choices will have the biggest positive impact on your upcoming IoT plans. With that in mind, my next several posts will aim to help your decision-making process by explaining the existing technologies and attempting to demystify the ocean of IoT protocols. I’ll go through a framework for categorizing the various technologies and explain some criteria on how to compare and evaluate these.”
Smith’s blog also features an article titled “How I Stopped Worrying and Learned to Love the Gateway.” This piece offers a discussion about the ideal IoT network architecture, and explains why Smith advocates using intelligent, on-premises gateways to manage local and cloud-based communication.