Vision From the Top 2014: Dave Duggal, Managing Director, EnterpriseWeb

What new opportunities are provided by the Internet of Things?

Internet of Things: Challenge Breeds Opportunity

Worlds are colliding.

First, the techie world, head over heels about the Internet of Things (IoT). A new revolution in connectivity! Computing power at our fingertips, literally! Everything talking to everything else, across the globe!

And then there’s the post-Edward Snowden/NSA world. Keep the government and everyone else out of our business. Let us, the consumer, control our own privacy. The last thing we want are smart sensors spying on our every move.

This collision of concerns might not be so bewildering if the IoT were easy to secure. But the unfortunate fact of the matter is that IoT security is woefully inadequate. Sensor endpoints are dead simple to hack. Standards and protocols, from RFID to PKI, either punt on security entirely or are unsuitable for the task. And in spite of all the noise to the contrary, nobody really knows how to solve this problem.

Furthermore, keeping hackers from commandeering our baby monitors or steering our cars into ravines only deals with the bad guys. What about those companies and organizations that we’re supposed to trust – not only our snooping-friendly government, but the Internet providers, telcos, and software vendors who actually run the IoT? How do we know we can trust them with our thermostats and electric meters and traffic signals?

The answer to these questions is, well, that we need an answer to these questions. In other words, there is an increasingly well-defined market need for technology that can empower the IoT consumer to control their own interactions with the sensors, controls, and their supporting infrastructure.

The reason that no one has cracked the IoT security nut yet is because everybody is treating the IoT as the natural extension of the Web, which in turn was an outgrowth of the client/server model. In other words, the conventional wisdom is that power should rest with the servers in a data center somewhere (helpfully renamed the Cloud), and the sensors and controls are nothing but endpoints, the way a browser is a network endpoint.

The IoT, however, doesn’t only follow a client/server architecture. The machine-to-machine aspect of the IoT is peer-to-peer, with no server needed except possibly to introduce the two devices, à la instant messaging or BitTorrent. But peer-to-peer doesn’t solve the security problem, either. How does your dishwasher know your thermostat hasn’t been hacked?

What we need is a way of putting smarts on the devices themselves – the sensors and controls at the heart of the IoT. And we need to make sure the IoT consumer controls those smarts so that the bad guys and the spooks can’t compromise – or at least, a way to make it very difficult (since can’t is a word we shouldn’t use when it comes to hackability). In other words, we need to put intelligent agents on our IoT devices.

Intelligent agents have been around for decades. They’re essentially autonomous, goal directed programs that base decisions on inputs from their environment. Traditional intelligent agent technology, unfortunately, can’t solve the IoT security challenge, either, because they are programmable, and their programmability makes them as hackable as any other piece of software.

The answer to this conundrum is a smarter type of intelligent agent – a data-driven, policy-based agent that interprets instructions dynamically, rather than being programmable in a traditional sense. Build the agent once, teach it how to comply with security polices, and then thoroughly harden it. Put the same agent into every IoT device. Finally, put consumers in charge of the policies that drive the behavior of the agent.

After all, for all the buzz about the Internet of Things, we don’t really care about the things themselves. The Internet of Things – as well as the entire Internet of which it is part – is really an Internet of People. Any effort to remove human beings from the IoT discussion takes us in the wrong direction. Only by putting people back in charge of the technology will we have the Internet we truly want.

As posted on the Software & Information Industry Association website.