In order to play offensively, managers and IT leaders must come up with a standardized code for how Internet-connected devices are set up.
SACRAMENTO, Calif. — The Internet of Things (IoT) means different things to different parties. For utilities, it's about making a smarter grid by connecting electric or water meters to a central hub. For exercise enthusiasts, it relates to wearable devices that measure steps, heart rate and your sleep cycle.
In the most boiled-down definition available, IoT refers to the connection of physical devices to the Internet in order to remotely control or derive information from them. While there are hundreds of ways this can be expounded, “every entity has its own definition that best serves its mission,” said Ted Alben, IoT practice manager for Dimension Data, during a panel discussion at the Public Sector CIO Academy* on March 1. Another way to boil this idea down is to meld informational technology (IT) with operational technology (OT).
OT, according to research firm Gartner, is a system of hardware and software that detects a change through the direct monitoring and/or control of physical devices in the enterprise. Melding the two together has created inherent complications.
“IT has been around for about 30 years,” said Shilpa Kolhatkar, senior business development manager for Cisco. “OT has been around since the Industrial Revolution, so more than 100 years.”
And the convergence of the two will no doubt hit speed bumps. The benefits of a fully integrated OT and IT and secured IoT, however, would more than pay for itself.
Take, for instance, the recent downpour in California. While the state was in the middle of one of the worst droughts in recorded history, the first two months of 2017 nearly reversed those years of chronic lack of precipitation. During those storms, “11 trillion gallons of rain went underutilized," Alben said, "because [they] don’t have a system capable of recognizing surplus rain and transferring it into temporary holding ponds."
On a smaller scale, people often forget to turn off automatic sprinkler systems when it rains. If a software program could retrieve data from weather sensors and automatically flip the switch for sprinkler systems, the state could save hundreds of additional gallons of water.
There are, however, obvious risks to an increasingly connected world. Cyberattacks have become increasingly common. Last year’s distributed denial of service (DDoS) attack on the Dyn Web hosting services that took out Twitter, CNN and CNBC, to name a few, essentially forced Internet-connected cameras and DVRs to relay thousands of terabytes of information to Dyn servers, causing a system crash, said Sean Telles of ForeScout Technologies.
“The mirai malware located which devices used the default login,” and weaponized them, said Telles. In the shorter term, encrypting information and changing accessibility of devices is an obvious way to deter cyberattacks. But the biggest risk to the IoT is the lack of a unified standardization for products that are connected because malware will continue to affect these devices.
In order to play offensively, Alben said, managers and IT leaders must come up with a standardized code for how Internet-connected devices are set up.
“Commons sense allows us to exclude consumer-grade devices,” from state and local IT, he said, adding that we need to go further and set a model for the impending convergence. Because even when it is not necessarily a nefarious actor, the possibility for connected devices to be compromised could potentially be devastating. “Even something as innocent as a system reboot,” he continuted, which could potentially turn off lights at a rail station could potentially be very dangerous.
The connection of devices is not going anywhere. As the advances in software continue to be paired with hardware, standardization of safety protocols is imperative to the safety of networks and people. “IoT is ubiquitous,” said George Akiyama, CIO of Caltrans. “It is everywhere and we need a way to secure it.”
*The California Public Sector CIO Academy is an event hosted by Public CIO, sister publication to Government Technology.