 | Issue: | North America I 2016 |
| Article no.: | 3 | |
| Topic: | The implications of IoT in the Connected World | |
| Author: | Jon Alexander | |
| Title: | Senior Director of Product Management | |
| Organisation: | Level 3 Communications | |
| PDF size: | 211KB |
About author
Jon Alexander manages the media products at Level 3 Communications, which includes its global content delivery network. Jon joined Level 3 in 2008 and relocated to Colorado from London in 2012 to take over the global product ownership.
Prior to Level 3, Jon ran the product team at Velocix through to acquisition by Alcatel Lucent.
Jon Alexander has an MA and a MEng from the University of Cambridge.
Article abstract
As more and more industries start to release Internet-connected devices, they’re learning what IoT veterans, like those in the video game industry, have known for years: IoT devices need frequent updating and safeguards. Customers have come to expect this as part of the purchase because they know fixes and updates are a natural part of the IoT experience and they want the latest and greatest.
Full Article
Can you imagine life without your phone? It touches so many aspects of our everyday lives. We use it to schedule meetings, find our way around, read and respond to emails, stay abreast of news, play games, board planes, text and even to make phone calls. Losing your phone is akin to losing your keys or wallet – you can’t go anywhere without it. It’s amazing just how important this connected device has become to our lives.
Phones are perhaps the most obvious example of the phenomenal growth in Internet-connected devices that constitute the Internet of Things (IoT), which also includes medical devices, cars, industrial sensors and even toys. According to Frost & Sullivan, by 2020, there will be 80 billion connected devices worldwide. That’s a huge number, which represents a lot of opportunity for companies in the IoT space.
Updates prevent bigger problems later
As users, we accept new OS updates without even thinking about it. We’ve been conditioned to automatically accept patches on our computers to keep us secure, to fix bugs and glitches, and to roll out new features. Even the apps and games we have on our phones send us regular updates to improve stability and performance as well as to enable new features. We have become accustomed to this fast pace of product evolution, which is now driven by software iterations and not by the typical hardware lifecycle.
That same expectation for continuous product development exists within the broader IoT world. Companies are moving quickly to bring new devices to market, but then iteratively enabling new capabilities through software updates. For example, the Tesla v7.0 software update added the ability for its Model S or Model X to open the garage door and back out by itself to greet you when you’re ready to leave the house. This upgrade involved no change in the physical car whatsoever, just new capabilities enabled in its software. This is a lot more cost effective and convenient than taking your car back to a dealership or loading updates via physical media.
However, as with any technology disruption, there are some growing pains. Security is perhaps the largest issue we’ve seen to date, as malicious actors have come out in droves to steal data or hijack controls – making for some alarming situations, like what we’ve seen in the toy industry.
The toy industry is in the nascent stages of connecting toys to the Internet. Unfortunately, we’ve all seen the headlines recounting how certain connected toys have been compromised, allowing hackers to break into the home Wi-Fi network and access private data or even worse, commandeering the toy to do or say things outside its programmed functions.
Tools are emerging online to make it trivial to find vulnerable devices connected to the Internet, such as Shodan, which is described as “the world’s first search engine for Internet-connected devices.” The ease with which baby monitors can be accessed online caught the attention of many, but Shodan also boasts, “There are power plants, Smart TVs, refrigerators and much more that can be found.” Chris Roberts, a Colorado-based computer hacker recently describes how in one demonstration, “he was able to access an Internet-connected oven, which led to a home network, then to a home computer, and on to his ultimate goal, a work computer with sensitive information on it.”
As more and more industries start to release Internet-connected devices, they’re learning what IoT veterans, like those in the video game industry, have known for years: IoT devices need frequent updating and safeguards. Customers have come to expect this as part of the purchase because they know fixes and updates are a natural part of the IoT experience and they want the latest and greatest.
It’s not just toy manufacturers and small electronics companies that are learning about the need to rapidly update their devices and close security holes. In 2015, a major U.S. automotive company saw one of its cars compromised to the level that the hackers were able to take full control of the car – its speed, brakes, steering and dashboard functions – all from their computers. Another major automotive manufacturer had its climate control system hacked. Both of these situations not only received a lot of press, but also ended up costing these companies a lot of money to fix, not to mention the loss of public trust.
As a response to the threat of vehicle cyber attacks, the SPY Car Act (security and privacy in your car) is attempting to establish a regulatory framework to ensure manufacturers add appropriate protection. The Act outlines sensible precautions such as inclusion of “reasonable measures to protect against hacking attacks” and “isolation measures to separate critical software systems from noncritical software systems.” It also recommends that cars are equipped with “capabilities to immediately detect, report, and stop attempts to intercept driving data or control the vehicle.” For those who are familiar with developing Internet-facing applications and services, the concepts of firewalls, intrusion detection systems (IDS), intrusion prevention system (IPS) and sandboxing are common, but we are starting to see those concepts translated to entirely new industries, devices and technologies that represents an interesting challenge and opportunity.
These security issues can be mitigated, but it takes a multi-layered security approach and a defensive mindset that is new to many of these organizations. They must be proactive about pushing bug and security patches to their devices – customers not only appreciate it, they expect it, and companies will gain brand loyalty points when new product functionality comes with the update. However, beyond responding quickly to vulnerabilities as they are discovered, the IoT world needs to move to a security-first approach to all product development. Security cannot be added later – it must be built in from the start. With the potential 15+ year lifespan of many IoT devices, developers need to plan for in-service upgrades over the air without requiring product recalls. Here are several key concepts that are increasingly being recognized:
1. Strong authentication. Developers must ensure that only authorized devices and users are able to access the system and communicate with other devices.
2. End-to-end encryption. Not only is much of the data sent to and from devices highly sensitive and potentially containing personally identifiable information (PII), but also the communications often contain control information. End-to-end encryption protects against interception and manipulation of the communications between devices.
3. Hardware and software protection. IoT devices are readily available to the bad guys, who can disassemble and reverse engineer at their leisure to attempt to identify vulnerabilities. Tamper-proof hardware and encrypted software are recommended.
Many manufacturers are taking this threat very seriously, which is great to see. At Def Con in 2015, Tesla was actively participating with the hacker community and stated that, “It is a community that we want to be part of, and collaborate with, as well as recruit from.”
IoT must have a solid network infrastructure
While it may go without saying, the network is incredibly important. There is a compelling need for a network architecture that can support not only the volume of data that IoT creates, but also provide the much-needed safeguards to protect infrastructure and secure data.
We often see companies using two different networks to connect to their devices. A public Internet connection to deliver software updates, patches and new content, and a private network to deliver control information and collect any personal data. In both cases, encryption, authorization and validation/verification of downloaded packages are used to ensure privacy and security.
Typically a content delivery network (CDN) is utilized to facilitate the download of updates. CDNs are incredibly efficient at delivering content globally and supporting huge demand. According to the latest Cisco Visual Networking Index, CDNs will carry over half of the Internet traffic by 2019. While CDNs are perhaps best known for their ability to stream video, Level 3 Communications’ CDN saw its largest growth in 2015 from what we categorize as Digital Downloads – distribution of software updates and packages to connected devices. More than 50 percent of traffic on our CDN remains video, but the largest individual peaks are driven by Digital Downloads traffic today.
To keep ahead of the demand during 2015, Level 3 almost doubled the capacity of its CDN:
• 80 percent additional capacity added in North America
• 90 percent additional capacity added in Europe
• 218 percent additional capacity added in the Asia-Pacific region
This investment made a significant difference on Christmas this past year. At a time when we would expect the majority of households to be enjoying family time, we actually set a new record traffic level across the CDN. As we analyzed what was driving this peak, we identified a confluence of several customers pushing out patches, running software sales over the holiday period and updating the firmware on new devices that were received as gifts over the holiday period. The chart below illustrates this trend. A CDN is able to accommodate this sort of traffic spike easily to ensure that the software update reaches all target devices quickly and securely without overloading the customer’s origin infrastructure.
IoT is great when you have the right network
As the world of IoT continues to grow and evolve, the network component will remain a critical piece of the equation. CDNs bring a wealth of benefits to IoT because they can offer better economies of scale, higher performance, more flexibility and agility, and more security. And that means more innovation, more actionable data, more efficiencies realized and much happier customers.
