Events

Looking back to IoTSWC2017

Topics
IoT, Internet of Things, event, conference, security, Privacy

IoT Solutions World Congress was held last week (3.-5.10.) with three days of speeches, demonstrations, good discussions and (some) fine Spanish white wine. Here’s a recap and some analysis about where the connected things are going.

One of the most interesting talks happened right on the first day. John Ellis, the author of the Zero Dollar Car, presented a relatively different view to privacy. We are used to take it as granted that we get something in return if we give up pieces of our privacy. At the same time, we know that we are tracked online more and more, and IoT is enabling companies to track our offline world too. It’s inevitable that the data those devices collect is used to learn more about us, thus reducing our privacy.

However, this data is valuable to various parties, usually valuable enough to pay a lot of money for it. Ellis presented an idea that in the future it might be possible to use that data as a currency. We might be able to get for example a car for free if we give away full rights of the data that the car collects. It is obviously tempting to get a free car, but it comes with the downside of letting the world know your movements and habits.

What if one day you’re going to go to a place that you don’t want to share with anyone, and don’t want the advertisers to track you? Well, since you got the car for the exchange of the data, how about you pay for a day when you’re not sharing that data? If this kind of privacy screen is built-in in the services it could be an interesting business model. Nowadays you get privacy for free just by going offline and pay for all the assets that you buy. Soon you might literally be paying for your privacy but get a lot of stuff for free.

John Ellis talking about the $0 car

Another topic that was regularly referred to was Edge Analytics. While the world has been shouting that you should send all your data to the cloud for a decade now, many have realised that it might not be the smartest move after all. The computing power of IoT devices is increasing all the time, and it has reached a level where those devices can run complex analytics. For example, Google showed how you can use a camera and TensorFlow to do image recognition of the breed of a dog in an embedded device, with higher accuracy than humans are capable of. So, even the cloud providers have stopped preaching that you should send all data to them.

Edge analytics will be the default feature of many IoT devices. It provides smaller latencies and thus faster actions in applications where milliseconds matter, and allow the devices to work also in locations where there is no network coverage. It also doesn’t necessarily make sense to send a live video stream from multiple cameras to the cloud to be analysed, since that creates huge networking bill. By doing the video analytics on the edge and sending only the results, transfer costs can be reduced significantly.

Security was also naturally one of the key themes with incidents like Mirai still in somewhat fresh memory. To summarize every security related presentation: “It’s almost impossible to add security into a product afterward”. Mikko Hyppönen from F-Secure gave a keynote about the topic (based on this article). One future threat is that when the price of connected chips is next to nothing, those chips will be inside every possible thing regardless of whether it is actually required for that thing to work. He compared the current situation with smart devices to VCR's of the 80's which all had the infamous "12:00" blinking on their LCD screens. This was because no one bothered to read the manual and learn how to set the time.

Nowadays when you hook up a smart camera or other devices in your home, you are just happy that it started to work. “It’s working, do not touch it anymore!”. Small but important stuff like changing the default admin password or creating a new subnet in your home wifi are not on the priorities list, as long as the product does what it is supposed to.

@mikko showing some examples of bad user credentials

The favorite theme of many manufacturing related presentations was the collision between IT (Information Technology) and OT (Operational Technology). Embedded devices such as robots and automation in general have traditionally had their own environment that hasn't necessarily been connected to the network at all.

The processes in IT and OT have been very different and they haven't been that much interested in each other. Now that connected devices are getting everywhere and the operational data is coming more interesting, organisations have noted that the IT and OT have to work together. This, however, is a challenge to many companies because of very different objectives and priorities of the two. IT, for example, has been always very interested in security but OT not that much since they have been working in a closed environment. That's why you can find factories online and take control of them. Usually, the access is not even known to the organisation and it is related to small changes that someone decided to do as Mikko Hyppönen pointed out. Also, IT departments have learned to rely on booting the devices when faults are found.

These are not a big issue since the downtimes are usually short and the only thing that might be lost is the data. OT, on the other hand, can't afford to recover by booting since the loss of production is usually too expensive. Also, the faults in the OT system can cause loss of lives in the worst case. So the OT has to be much more fault tolerant which makes fast experiments much harder. The IT and OT have very different cultures and organisations struggle to make them work together to enable full benefits of the Industrial Internet of Things.

Thank you BCN, maybe we see again next year!

Yours truly,
Lauri Anttila & Antti Partanen