Internet of Things: Policies of self-destruction
This post is also available in: Spanish
We are entering the fourth Industrial Revolution, at least according to some techno-cultural commentators, a new cultural, social and commercial age founded on interconnectivity among devices, the Internet of Things.
What are we talking about when we talk about the Internet of Things?
Let’s get this out of the way immediately; there is no one definition that covers what IOT really is. It’s an umbrella term that encompasses a multitude of domestic devices, machines, wearables, implantables, robots, vehicles, even buildings, all with different functions and objectives, with the link being that all are connected to a network, and most to the biggest network of them all, the World Wide Web.
This is a huge pie and everyone wants a slice, but the cost of those slices is a serious overhaul of IOT SOP ASAP. Cisco predicts that by “the year 2019 there will be more than 21,000,000 objects connected to the Internet”. Huawei, even more ambitious, puts the figure at 100,000,000 IOT connections by 2025, leading tech companies to investigate other, cheaper ways of connecting to the Internet than Wi-Fi or Bluetooth, e.g. “Chirp Networks”.
As an astute reader might imagine, this change implies multi-million dollar investment to improve safety standards. Think about it; if your device is network-enabled it’s not just the end-buyer’s personal security the manufacturer has to keep in mind, but also that of everybody else who is connected to that network, using that road, working with that robot.
When a modern, informed citizen-consumer performs a consumer action, exchanging their credit for, let’s say, a washing machine/tumble dryer, she expects that device to function as promised until at least the day the guarantee expires. You’re probably thinking, “Right, until the day the guarantee expires, and not a day longer. I know that old trick”. That old trick may be about to become standard industry practice.
Let’s take another domestic appliance example. A company designs a refrigerator programmed to alert you when there is no more milk, when products are about to pass their expiry date, is even authorized to do the shopping on your behalf, and is also a nutritionist (possibly in conjunction with an intelligent WC, that carries out sophisticated waste analysis) giving you dietary advice. So, there’s a machine involved, with its mechanism and its power source, but now there’s also software, a network connection of some kind, and, around those, new regulation that has to include the implementation of refrigerator-monitoring policies to control the fridges sold and provide client support.
Now imagine that monitoring extended to private vehicles, public transport, haulage, hospital drips, pacemakers, intelligent glasses, webcams, kitchen bots, smartpens, smartpets, smartpills, smartlamps, Augmented Reality wearables, home alarm systems, e-furniture, ebooks, ebackpacks, iPads, e-umbrellas, sliding doors, A/C, smart TVs, intelligent hair dryers, clock radios, smartshoes, online calorie counters in combination with implantable intelligent gastric bands, step-counters, contamination detecting smartmasks, sleep apps, network-enabled exo-appendages and bluetooth-enabled vibrators.
That represents an amount of protocols, policies and regulation we just don’t have yet, and monitoring has a role to play in occupying its rightful territory in this unregulated vacuum.
The primal IOT fear was that desktop PCs could be used to launch DDoS attacks, but the profileration of network-enabled, low security gadgets has created a fifth-column of potential assailants. One of the most recent, high profile cases was that of the MIRAI malware launched against one of the world’s biggest hosting companies, OVH. Approximately 145,000 devices were infected, mostly digital and IP cameras.
Clearly manufacturers have to assume responsibility for investing in security, in order to avoid repeats of these DDoS attacks. One solution is to include a self-destruct option, as found on cell phones or credit cards, giving the possibility of disabling them temporarily or totally.
So, should all devices include this option? There is a legal debate around this question at the moment, as to whether the purchase of a software-powered device really makes it the property of the person who paid for it, or if the manufacturer remains the ultimate owner, with the consumer merely leasing the product indefinitely. There are questions for law-enforcement, too. For example, if the murder of O.J. Simpson’s wife and her lover by an unknown assailant or assailants happened nowadays, and if O.J. Simpson’s infamous white Ford Bronco had been network-enabled, would law enforcement have the right to disable the car mid-persecution? And what about network-enabled medical technology? A legal minefield, to be sure.
There’s no answer that is going to please everyone, so the best a manufacturer can do is lay out their position clearly, whatever it may be, and have clear policies relating to the question of what happens when a device ceases to function, or when the terms and duration of support expire, and if a disable option is included that it be clearly stated.
Knowledge is key
An informed user is a satisfied user. Here’s where Pandora FMS comes in. Monitoring software makes tracking devices easier, and maintaining correct interconnectivity, so that when a policy has to be implemented it can be done with minimal fuss. We recommend anticipating problems by maintaining oversight of your devices’ status at all times. For more information visit IOT monitoring with Pandora FMS at the Pandora FMS website.