Driving Increased Security in All IoT Devices
CableLabs engages with the IoT industry and the broader stakeholder community, including governments, to help drive increased IoT device security. The rapid proliferation of IoT devices has the potential to transform and enrich our lives and to drive significant productivity gains in the broader economy. However, the lack of sufficient security in a meaningful number of these newly connected devices creates significant risk to consumers and to the basic functionality of the Internet. Insecure IoT devices often serve as building blocks for botnets and other distributed threats that in turn perform DDoS attacks, steal personal and sensitive data, send spam, propagate ransomware, and more generally, provide the attacker access to the compromised devices and their connections.
To help address the challenge of insecure IoT, CableLabs along with 19 other industry organizations came together to develop “The C2 Consensus on IoT Device Security Baseline Capabilities” released earlier this week. The broad industry consensus identifies cybersecurity baseline capabilities that all new IoT devices should have, as well additional capabilities that should be phased in over time. The development kicked off in March with a workshop hosted by the Consumer Technology Association (CTA). Over the past months, the group has coalesced around the identified cybersecurity capabilities. These include capabilities in the areas of device identity, secured access, data protection and patchability, among others.
CableLabs has also engaged with the National Institute of Standards and Technology (NIST) as it develops its recently released draft report, “Core Cybersecurity Feature Baseline for Securable IoT Devices: A Starting Point for IoT Device Manufacturers.” Both industry and governments largely agree on the capabilities that must be included to increase device security. Like the C2 Consensus, NIST focuses on foundational cybersecurity capabilities, including device identity, secure access, patchability of firmware and software, protection of device configuration and device data, and cybersecurity event logging.
The cybersecurity capabilities identified in the C2 Consensus and NIST will help prevent and minimize the potential for exploitation of IoT devices. Both documents provide a strong foundation and help point IoT manufacturers in the right direction on how to increase device security. However, cybersecurity is an ongoing journey, not a destination. Security practices must evolve and continue to improve to address new and emerging threats and changes in technology. This foundation must continue to be built on overtime.
CableLabs has long been a leader in the development of security technologies. For decades, CableLabs has helped guide the cable industry in incorporating many of the identified security capabilities into cable devices and has ensured the maintenance and advancement of these capabilities over time. For instance, since the first DOCSIS specification in 1997, CableLabs has helped ensure the protection of data: All traffic flows between each cable modem and the CMTS are encrypted to protect the confidentiality and integrity of those transmissions. This is not a once-and-done process; CableLabs has and must continue to advance the cryptography used in cable devices to protect against new and more powerful brute force attacks and other potential threats. Similarly, nearly 20 years ago, CableLabs adopted PKI-based digital certificates to support strong device identity and authentication for devices connecting directly to the cable network (e.g., cable modems, Internet gateways, set-top boxes). Since the initial implementation, CableLabs has continued to advance its PKI implementation to address new and emerging threats.
CableLabs has leveraged its experience and success in developing and implementing cybersecurity technologies in cable devices to help drive increased security in IoT devices. The underlying fundamentals, as well as many of the approaches to implementing, are transferable to IoT, as detailed in our white paper, “A Vision for Secure IoT”. We’ve not only engaged with the C2 Consensus and NIST’s IoT security efforts, but also in industry specification organizations, specifically the Open Connectivity Foundation (OCF)—to develop secure interoperability for IoT devices. OCF has implemented nearly all of the identified capabilities in its specification, tests for the capabilities in its certification regime, and provides the capabilities, free of charge, in its open source reference implementation – IoTivity.
Since publishing “A Vision for Secure IoT” in the summer of 2017, industry and the broader stakeholder community, including governments, recognize and have begun to address the challenge of insecure IoT.
The Need for IoT Standards
Imagine a world in which you can tell your phone you’re leaving work, and your washing machine automatically starts the laundry at home so that it’s ready for the dryer when you arrive. Or your oven begins preheating so that you can pop a pizza in when you get home. Or, on cold days, your car automatically starting and warming up for your drive home. Imagine coming home from the grocery store, and your hands are full. No worries! The camera above your door has recognized you, and your door has unlocked and is already swinging open for your convenience.
Actually, you don’t have to imagine these scenarios anymore; they’re happening now. It is estimated there will be 30 billion IoT connected devices by 2020 and 75 billion devices by 2025. But with all these devices from dozens of manufacturers exploding onto the scene, how will they all work together? Today, many of them don’t—but it’s essential that they do.
The Importance of Technical Standards
That’s where technical standards come in. Standardizing products allows devices to work together, making the products easier to use and more appealing to end users. It also creates competition among manufacturers, which reduces prices and gives consumers a choice. But what’s in it for the manufacturer?
Often, companies want to lock you into their products so that you solely use their brand. But most companies don’t make every type of product. Door lock companies don’t usually make dishwashers. Automotive product companies don’t usually make medical devices. So, allowing devices to work together actually expands the market for the manufacturer without having to develop products outside of their specialization. It also allows for smaller niche products to work with more widespread ones. Beyond that, making devices more versatile and easier to use makes these devices more appealing in general so that all manufacturers sell more products. As for the price, the best way for companies to keep prices up is to produce newer, better and more innovative products, which benefits the consumer as well.
Spearheading IoT Standards for Interoperability and Security
Where do standards come from? For standards related to IoT, an organization has been created called the Open Connectivity Foundation (OCF). OCF is committed to consumers, businesses and industries to deliver a standard communication platform to ensure interoperability and security for IoT devices. These standards will span multiple industries, including smart homes, automotive, industrial, scientific and medical, to name a few.
OCF’s goal is for devices from various manufacturers to operate together seamlessly and securely. Currently, OCF’s membership includes roughly 400 member organizations, including major software companies, service providers and silicon chip manufacturers. OCF has developed specifications and is using an open-source platform called IoTivity (hosted by the Linux Foundation) that can be embedded in IoT devices. IoTivity is used to create middleware that will allow various clients and servers to communicate with one another. The communications occur in software, so the physical connections (e.g., Wi-Fi, Bluetooth, Zigbee, Z-wave, ethernet) aren’t an issue.
But OCF isn’t just about interoperability. The latest release of the OCF platform incorporates PKI security. At a time when security is often taken for granted or is an afterthought for new technologies, OCF is committed to the highest level of security possible for such low-power limited processing devices. Why is this important? We may not think that hacking a lightbulb is a big deal, but the weakest link in a network is often the biggest target for hackers. Once they’re in, they can cause irreparable damage. Therefore, every device on the network needs to be secured. Not to mention the fact that you probably don’t want someone else to be able to unlock your doors, turn off your security devices or control your medical device or vehicle without your knowledge or consent!
Furthering IoT Standards Development with CableLabs and Kyrio
So where do CableLabs and Kyrio fit in? CableLabs has been in the business of developing standards and certifying products for the cable industry for the past 30 years. Kyrio, as a subsidiary of CableLabs, is reaching out to other industries to help develop new technologies. The combination of experience in standards development, as well as certification testing, makes CableLabs and Kyrio a natural fit with the OCF.
For the past few years, CableLabs and Kyrio have been heavily involved with OCF. Our involvement ranges from acting as a standing member of the board, to chairing the security working group, to participating in various working groups such as certification and interoperability testing. Kyrio is also one of seven authorized test labs (ATLs) in the world and have performed certification testing for several of the first devices to be certified. In addition to OCF certification testing, we also offer development support to manufacturers that need to get their implementations ready for certification.
CableLabs Hosts “Cyber Risks in an IoT World”
Security provides the fundamental trust that enables the growth of broadband, and as the number of connected devices grows rapidly, all actors must make it a priority. The cable industry’s security expertise and investment positions it to play a constructive role in this rapidly evolving, global challenge. Here at CableLabs, we continue to focus on cybersecurity in our innovation and R&D work, and we recognize the interdependence of public policy and technology developments in this area.
In that spirit, we recently hosted an event at our facilities in Colorado entitled Cyber Risks in an IoT World, which was co-presented by the Rocky Mountain Chapter of the Federal Communications Bar Association (FCBA) and Silicon Flatirons. Our primary goal was to shine a spotlight on key elements of federal cybersecurity policy and the evolving risk faced by enterprises in light of the rapid proliferation of Internet of Things (IoT) devices. The event featured Evelyn Remaley, Deputy Associate Administrator at the Office of Policy Analysis and Development of the National Telecommunications and Information Administration, U.S. Department of Commerce, among other notable speakers and attracted over 60 attendees from the local and regional technology policy and legal communities.
CableLabs’ Rob Alderfer kicked off the event by laying out the broader context, including the trends that are driving increased risk to consumers and the basic functionality of the Internet. With the constant barrage of new cyber incidents, often driven by IoT devices vulnerable to exploitation, governments at all levels are taking notice and grappling with the rapidly evolving threat. Cybersecurity is no longer the domain of the IT department, but rather a key area of governance for all enterprises. You can read more about our vision for improving IoT cybersecurity here.
Clete Johnson (Wilkinson Barker Knauer, LLP) provided a primer on federal cybersecurity policy that cast the Internet and enterprise networks as the battlefields, espionage platforms, and crime scenes of the 21st century. The current regulatory landscape can be subdivided into several broad areas: the threat environment, the policy environment, government activities, and the developing policy consensus across government and industry. The threat environment is characterized by the increasing number of more and more severe attacks. These attacks originate from both non-state actors (organized crime groups, proxies for nation-states, hacktivists, and, potentially, terrorists) as well as state actors (Tier I intelligence services and their allies and partners). However, the line between non-state and state actors often blurs and these groups often overlap. Johnson also detailed the developing policy consensus that centers around dynamic, flexible risk management; a shared responsibility across all stakeholders; mutually beneficial public-private partnerships; and a move beyond the “punish the victim” enforcement. This developing consensus is largely embodied in the Cybersecurity Executive Order and its implementation.
Evelyn Remaley (NTIA) delivered the keynote presentation on the Cybersecurity Executive Order, the developing Botnet Report required by the Order, and, more broadly, the NTIA’s work in cybersecurity through the multi-stakeholder process. Remaley emphasized that NTIA recognizes the complexity of the ecosystem and sees it as a multi-textured and evolving global system that requires an agile, inclusive cyber policy approach. Two truths underlay that perspective:
- To protect innovation, there must be stakeholder-driven policy outcomes that are flexible enough to adapt quickly to changes in technology
- No single industry sector or the government will be able to solve the challenges facing the Internet ecosystem, because while the Internet is largely managed by the private sector, governments, civil society, and individuals all have key roles. Successfully addressing cyber threats requires collaborative efforts from across the Internet ecosystem. The ongoing effort to produce the Botnet Report is an example of this collaborative approach in action.
Panel Discussion with Evelyn Remaley
The panel discussion following Remaley’s presentation tackled both baseline questions around the incentives at play in the current IoT ecosystem and the upcoming Botnet Report’s role in addressing the risk of distributed threats, as well as practical questions about where the policy development process goes after the final report is released. Mark Walker moderated the panel discussion between Evelyn Remaley (NTIA), Michael Bergman (Consumer Technology Association), and Tracy L. Lechner (Brownstein Hyatt Farber Schreck, LLP). The panelists discussed the incentives misalignment that keeps a significant number of IoT providers from investing in better device security, including the perception that consumers do not place a significant value on security and that increased security comes at a significant cost (time and/or money). They also discussed the availability of effective security controls and the various industry efforts to drive increased adoption of those controls.
Panel Discussion on Risk Landscape for Enterprises
The final session entitled The Risk Landscape for Enterprises: Attacks, Recovery, Liability, and Compliance covered the cybersecurity threat landscape from the enterprise perspective. This panel was moderated by Blake Reid (University of Colorado Law School; Silicon Flatirons) who lead the discussion with Paul Diamond (CenturyLink), John Diana (LogRhythm, Inc.), Ryan Howe (Webroot, Inc.), and Deborah Shinbein Howitt (Lewis, Bess, Williams & Weese, P.C.). The discussion focused on the challenges enterprises of all sizes face when tackling the rapidly changing cybersecurity risk landscape, including limitations on resources and talent, as well as the task of understanding and complying with the numerous legal obligations coming onto the scene. Much like developing a cybersecurity program, building up the required legal policies begins with identifying the most critical data a business handles (e.g., healthcare information, social security numbers, credit card information) and then creating incident response plans that meet the most stringent obligations in those areas first. The NIST Cybersecurity Framework was highlighted as providing an enterprise with a structured approach to assessing cybersecurity risks and developing a robust cybersecurity program that matches its unique needs.
As CableLabs continues to focus on developing new and innovative security technologies, we must continue to ensure we have a sound understanding of the rapidly evolving cybersecurity policy landscape, both here and abroad. But, just as importantly, policymakers should have a sound understanding of current and developing technologies. Events like this help bridge those gaps in understanding.
The Benefits and Challenges of a Connected World
On April 12, CableLabs hosted an Inform[ED] conference in NYC focused on the emerging IoT security landscape. This open event brought together business leaders, key technologists, and security experts from multiple industry sectors, academia, and government. They shared in-depth views of IoT's evolution and the increasing security, privacy and policy challenges arising from the ongoing and rapidly accelerating deployment of connected devices.
Billions of new devices lead to an increased threatspace
Shawn Henry of Crowdstrike, a retired executive assistant director of the FBI, set the stage for our experts for the rest of the day. His focus and ideas were repeated and supported throughout the event by speakers and panelists. Security threats pose significant challenges to IoT, with real risk to individuals, businesses, and national security. The threats come from terrorist and organized crime groups along with other nation states. New extremist groups such as the Cyber Califate extend activities of terrorists into a cyber Jihad. Organized crime groups focus on theft of personal identifying information they can monetize, targeting capabilities critical to businesses as they evolve extortion.
Criminals target IoT, losing essential data or the ability to use critical devices unless asset owners pay financial compensation to retrieve. A major example is the rash of ransomware targeting hospitals. And, of course, there have been attacks by nation states, notably attributed to North Korea and Iran. All three types of adversaries steal data, change data, and destroy data to achieve their own ends. However, the IoT benefits are worth investment in effort and resources to protect, and IoT security needs to assess the risks posted by bad actors, mitigating vulnerabilities appropriately.
Collaborating on standards and public policy
IoT risk management is also a concern among policymakers, who take notice when insecure devices impact networks and services. Matt Tooley of NCTA discussed with Allan Friedman of the NTIA the agencies' efforts to galvanize all relevant parties toward solutions through a multi-stakeholder process. Gerald Faulhaber of the Wharton School, Chaz Lever of Georgia Tech, and Jason Livingood of Comcast agreed on the need for broadly shared responsibility for IoT security, and Professor Faulhaber noted some form of government oversight may be forthcoming, though the model is unclear. While certification of devices may provide some key elements we need, it's important we understand policy will likely be slow to evolve. This means businesses, including service providers, device manufacturers and others must evolve their security strategies as adversaries evolve their methods of attacking IoT. Industry-driven solutions will continue to provide the most agile responses to new threats.
The team of security experts that came together at CableLabs’ Inform[ed] event are working hard to manage risks and mitigate threats. We heard great insights from Dylan Davis of RiskSense, Terry Dunlap of Tactical Network Solutions, James Plouffe of MobileIron and technical consultant to the popular Mr. Robot series, Dan Massey of the DHS Security & Technology directorate, Tobin Richardson from the Zigbee Alliance, and Matt Perry from Microsoft also the OCF Board of Directors President. Service provider experts includes Brian Rexroad of AT&T, Clarke Stevens of Shaw Communications, and Rich Compton of Charter Communications. This fantastic body of experts provided substantive insight into the IoT security challenge and what needs to be done to protect our infrastructure, data, and user experiences. One of the common themes of the conference — how to secure IoT devices and the infrastructures that connect them – kept resonating throughout the day. We just need to do it. There aren’t that many surprises here — as Brian Scriber of CableLabs provocatively summed up in the final key.
- Encouraging manufacturers to implement well designed and securable code, and enabling the security capabilities and features we know to use in other technology areas.
- It is critical to protect people and devices during onboarding, the process of joining networks and configuring devices and services properly as they are first installed. We need strong device and personal identity methods, enabled through public key infrastructure solutions.
- Our communications and device operations need to ensure confidentiality and integrity while also ensuring appropriate levels of availability.
- Finally, devices must be fully supported throughout their life cycle, and this must include upgradable security and dynamic patching of vulnerabilities.
Our industry knows how to do these things — we've got over 30 years of experience securing our networks and IT systems. The lessons learned are still relevant and should be applied to the broader IoT ecosystem. But, we still see common errors like use of known insecure protocols and use of devices that don't require strong authentication, or even include default credentials so anybody knowledgeable of the device can log on. And people can find those devices through services such as Shodan — a very common theme through the day. There are opportunities for improvement such as better measurement and monitoring capabilities. Applying the benefits of data science and big data practices will help detect vulnerabilities and anomalies faster. Further, highly automated strategies to patch and reconfigure devices and networks will enable us to address threats quickly. Security's goal is to make attacking IoT sufficiently expensive so adversaries lose interest. Make it too hard or too expensive for bad actors to exploit IoT for nefarious gains.
These business, technology and policy experts provided actionable guidance, making this a unique event – and the audience and panelists left positive and confident that IoT security can be meaningfully improved if all parties share responsibility. Working collaboratively, we can ensure our customers have great experiences that enrich their lives. And we know what needs to be done. We just need to get working together to make it happen.
Join us for Innovation Bootcamp
CableLabs CEO Phil McKinney and the CableLabs team will host Innovation Boot Camp in Silicon Valley and provide a highly-focused, hands-on experience to give you the tools needed to identify, develop and pitch an innovation project.
Non-traditional Stakeholders in 5G Network Developments
With the growth of mobile data consumption, the mobile industry is embarking on its next evolution of technology, dubbed 5G referring to fifth generation mobile networks. The global wireless community has high expectations from 5G networks in terms of end user experience. Goals include achieving lower latencies and increased capacities by at least one order of magnitude in addition to radically new use cases for the technology.
3GPP, the standard development organization (SDO) that drives mobile wireless standards development, has been leading global efforts for the first four generations of wireless networks. The developments in 3GPP have focused on addressing the requirements of mobile networks who have been the primary beneficiaries of these technology evolutions.
CableLabs Participates in 3GPP Discussions
CableLabs has been actively involved with 3GPP because 5G networks will require tighter integration between fixed and mobile networks. The cable industry will play a role in the success of 5G network deployments.
More than half of the global vendors, mobile network operators and research entities who contributed to the 3GPP RAN 5G Workshop in September 2015 indicated that an efficient M2M/IOT support, coexisting with other forms of high capacity traffic, are expected to be a major use case for 5G networks. Specifically, CableLabs’ contribution to the this meeting outlined a “one user, one network” paradigm which allows the user to seamlessly roam between the fixed/pedestrian home/office environment and outdoor mobile environments. Additionally, it is crucial that the cable industry be involved, given the criticality of 10+ Gbps backhaul support of 5G.
Examples of M2M/IoT use cases that are expected to bring non-traditional players to the 5G development table span:
- Small appliances vendors
- Local, provincial and federal/national governments, employing different security, traffic and city wide monitoring operations
- Car manufacturers
- Utilities (water, hydro, gas)
- Industries employing sensor nodes on a large scale (energy, chemical etc)
The vast majority of the participants expected that the spectrum expansion into millimetric wave-bands is expected to be the main focus of 5G development.
The Advantages of 5G
In addition to the large bandwidths (1-4 GHz) made available in the new FCC allocated cm/mm spectra, 5G networks are expected to make effective use of large hybrid beam-forming / MIMO technologies, new modulations and coding schemes. Harnessing these technologies will allow the 5G base stations to transmit in multiple Gbps. This level of performance will require significant backhaul capabilities. For example, technologies like Coordinated MultiPoint can optimize the inter-cell interference at the cell edge and improve a user’s throughput. In return, such an implementation would require the backhaul/fronthaul to carry 10+ Gbps of data, at very low latency.
The cable industry, with its deep fiber and HFC networks capable of supporting large capacities, is well positioned to leverage 5G technologies and drive a new level of mobile experience. In return for the “one user, one network” environment, requirements might include:
- A re-usable access network (between the fixed and wireless networks)
- A distributed core network capability such as the example shown in Figure (1).
Figure 1. Example of a distributed core network architecture backed by a re-usable access network.
All of the above point to the fact that 5G networks will require multiple stake-holders closely collaborating to deliver the targeted promises of 5G. This collaboration could be across various areas such as the convergence of fixed and wireless networks, and efficient support of M2M/IOT use cases.
Based on the above, for 5G networks to be able to deliver the targeted requirements across various industries, it is reasonable to expect changes in the technology development landscape of 5G in comparison to previous generations of mobile wireless standards. Traditional mobile industry players will need to work hand in hand with non-traditional players in the development of 5G networks’ technologies and standards. For these reasons, CableLabs is contributing to the ongoing formation of 5G network architectures.
Attend our Inform[ED] Wireless Conference to Learn More
We will be continuing the discussion of the role that the cable industry will play in 5G networks’ future at our Inform[ED] Wireless Conference in New York City on April 13.
Dorin Viorel is a Principal Wireless Architect at CableLabs.
Belal Hamzeh, VP of Wireless Technologies, CableLabs, also contributed to this article.
First Impressions of the Mobile World Congress in Barcelona
CableLabs is hosting its first tour of Mobile World Congress (MWC) here in Barcelona, Spain. The MWC is the World’s largest mobile congress with attendance likely to top over one hundred thousand people from two hundred countries. It’s the place to be seen in the mobile world, which today is more than about handsets and networks. All the largest companies in telecom are here making major announcements.
I began the day scouting with the team to make sure that our tour would visit the best companies and technologies. It was an amazing day of observing technological breakthroughs that I would like to share.
Let’s first discuss speed. Many of the world's largest telecom vendors are presenting LTE technologies that will enable 1Gbps to your mobile phone - -that is if you are the only user in a cell close to the base station. To achieve these speeds, the headsets will need four antennas integrated into them. This is now possible with frequencies as low as 2.1 GHz in order to achieve 4x4 MIMO. It also means that you need to combine 3 mobile carriers with 256 QAM. What does that mean in a real world situation in a few years’ time? Well, the average speed today of LTE in the US of circa 10 MBps and these new technologies will take this to circa 60Mbps in a few years time with all the associated improvements in cellular backhaul. Qualcomm is making all this technology available in their new X16 Chip, which is being used by companies such as Ericsson, Nokia, Huawei and the rest - all here at MWC.
5G is based on the evolution of LTE with the use of millimeter waves to extend frequency operation of today’s wireless systems from sub-6GHz to 100GHz. Ericsson was demonstrating a 15GHz system with an 800Mhz channel bandwidth to support users with up to 20Gbps. Because of the smaller physical size of antennas at these millimeter wave frequencies, it is possible to build arrays of these for 256x256 MIMO and to steer these pencil-like beams to individual users. There are expectations of commercialization of this type of technology as early as 2020.
5G - IoT
5G is more than about speed. The evolution of LTE will support the aggregation of small channels for massive IoT applications which require relatively small bandwidths.
5G - 1mS Latency
One of the most exciting aspects of 5G is the requirement to support 1mS latency. Today’s mobile networks have latency of typically 60-100mS. Why is this new requirement important? The distance from the touch of an object to the sensation in your brain is approximately 1mS. With this target of low latency, it would be possible for people to see and react to events in real-time for critical control operations. Real-time control of cars driving at high speed would be possible across networks with no traffic lights!
It is not all 5G – WiFi 802.11ax
Qualcomm was demonstrating 802.11ax pre-standard WiFi. This takes the advances for LTE technology to WiFi to support multi-users in complex environments such as offices to maintain speeds in scheduled applications.
LTE coming to WiFi soon - MuLTEfire
Qualcomm is developing a new technology called MuLTEfire which will support LTE in the 5GHz WiFi with Listen Before Talk (LBT) as a good neighbor to WiFi. MSOs could then support LTE based services without the need of an anchor mobile carrier. Qualcomm has formed the MuLTEfire alliance for likeminded members to exploit LTE in the WiFi bands. Today this includes companies such as Intel and Ruckus.
3.5GHz mobile is on its way
The FCC is opening the 3.55-3,7GHz (LTE bands 42 and 43) within the next few years. People will be able to access up to 150MHz of free mobile spectrum for small cells. Qualcomm has formed an alliance with Ruckus to demonstrate a 3.5GHz LTE small cell base station in a dongle connected into what looked like a Google OnHub. 3.5GHz presents great opportunities for CableLabs MSO members seeking to become mobile operators.
If you told me as little as a few years ago that anyone could become a mobile operator in the near future, enjoying free spectrum with a base station on a dongle and a package core network on a laptop, or virtualized in the cloud, I would have not believed you. What I saw at MWC on the first day makes me feel that this well be real within the next 3+ years! CableLabs is uniquely positioned to work with our Members, some of who are gathered here, to drive innovation to make this happen.
Avoiding a Turn of the Screw in the Internet of Things (IoT)
The screw is widely believed to have been invented by Archytas of Tarentum around 400 BC. Its original application, not surprisingly, was to press grapes for wine. Over time, other uses evolved such as using it to move water uphill or as a fastener. Skilled artisans would create these screws by hand using chisels and files. By 1800, Henry Maudslay had created the first practical screw cutting lathe and soon companies were making screws and bolts of all sorts and sizes to fasten their machines together. This created a nice vertical market where you could repair your machine as long as you were willing to buy screws from the machine manufacturer.
In 1841, a revolutionary named Joseph Whitworth (I’m guessing he repaired some machines) collected a box of incompatible screws and suggested that everyone should agree on standard sizes. Several of these companies agreed and that led to Home Depot.
The point is that standardization allows companies to focus on innovation in making machines rather than building the little parts that hold them together.
The IoT Evolution Conference, where I spoke recently, is a modern day illustration of the evolution of an industry struggling to move from piece parts to interoperable products. We seem to be somewhere in the middle of that process.
The conference was attended by senior management (48%), IT executives (25%) and C-Level leaders (14%) as well as others in the emerging IoT space. Most of these companies are still trying to understand the big picture of IoT, but are largely building their own vertically integrated systems while they wait for standardization to catch up.
Just as with screws, companies are inventing the pieces and parts they can use to create their products. Gradually, they are getting together with other companies and sharing these piece parts. This leads to the risk that several de facto standards develop – which is to say, a box of incompatible screws.
While these early companies can stake out some markets and provide some useful tools, they can’t scale to the levels of their own aspirations. The “Battle of the Platforms” session at the conference was an interesting case in point. Each competing company came to the stage to show what differentiated its mostly proprietary, vertically-integrated platform from its competitors. We are arguing about screws.
The Internet of Things is quite literally the collection of connected things. At its core, it is not about vertical solutions, specific markets or proprietary things. Like smart phones, it’s a platform for innovation. And, like the Internet itself, it benefits from the mass connectivity and egalitarian nature of speaking the same language. The true innovation sits above the common layer of communications, security and interoperable understanding of devices – or at least it should.
In my opinion, the industry needs to stop arguing about what language is best and start saying something interesting that everybody can understand. It will take a while to get there because there isn’t much consensus at the moment. But there is opportunity. What the Internet of Things needs right now is a translator. There is a need for somebody to stand in the middle of the various ecosystems and sort them out for customers. In order for the IoT to meet its potential, it needs to be invisible to its customers. A doorknob needs to be chosen on its utility and appearance, not on the particular networking protocol it supports. A light bulb should work when it is screwed in, regardless of whether it is installed in the office or at home.
Eventually, standards will ensure a common playing field where innovators can concentrate on their innovations. In the meantime, we need service providers who will abstract the details of the Internet of Things so that customers can get the products they want and have them work the way they want – together.
Evolution is the process of weeding out the poorly-adapted in favor of the well-adapted. Often, this is a bumpy road, but it doesn’t have to be. By coming together on the screws and competing on true innovation, the IoT industry will prove to be amazing. With some careful planning and cooperation, maybe we can avoid screwing it up.