Embracing IoT and Security
At a recent security-related conference, it was quite interesting to see how people reacted to any mention of the Internet of Things (IoT). Some people shuddered, as if IoT is something we should all avoid being associated with, while others embraced the opportunities it offers and even describde themselves as a part of the IoT ecosystem. The reality is integrators and installers having nothing to fear from IoT, but plenty to gain!
Whilst many people like to herald the Internet of Things (IoT) as a complex technological sea-change that will either kill or cure the security sector (depending upon which side they’re supporting), the concept is actually quite simple. Indeed, rather than being a brave new world, it could be argued that it is simply a smart and much needed upgrade of currently established M2M (machine to machine) communications.
The core concept of IoT is the ability to connect devices, allowing them to share data in order to be more efficient and effective. Whilst the established and understood ‘internet’ is a network of computers and devices, predominantly with human operators, IoT brings automated smart devices into the mix. It allows the machines, if you like, to make autonomous decisions based upon rules that have been programmed by the users and data that has been shared by other connected devices.
As an example, consider central heating in a residential application. Typically, a boiler will operate on a timer schedule, and heating levels will be set via temperature controller. Thermostatic valves will then regulate the output of individual radiators in order to maintain relatively consistent temperatures. This is the way that central heating systems have operated for decades and is well understood.
In today’s world of mobile devices such as phones and tablets, wireless and data-based internet connectivity, apps and automation, some level of remote control can be exercised over heating by the end user. So, how might IoT further impact of this scenario?
Connected temperature sensors – both internal and external – might be used to automatically control times when the boiler is operating, and the performance settings, in accordance with pre-set thresholds. This would ensure consistent and comfortable temperatures without any interaction from the user.
The user would still be able to override the configurations, but typically the system would control itself to meet the parameters. Connected automatic valves would even allow the adjustment of temperatures in specific rooms, giving a smarter level of autonomous control.
Taking things a step further, the heating system could utilise shared data from, for example, a local weather forecasting station. This would enable automatic adjustments for changes in climate, including the occasional heatwave or freeze that the UK seemingly struggles with.
Additionally, the data generated by other systems could be shared with the heating system to make it more efficient. For example, certain departments or individual offices could have the heating level reduced or switched off if they are unoccupied or if windows are open.
Indeed, using IoT sensors with regard to heating (or any power-management functions) makes sense because there is a good business case for it. The efficiencies achieved can save end users money and also help meet any green initiatives the company may have.
This is an important point, because the IoT offers significant business benefits. Yes, it can also cover very simple domestic options such as switching on a light via an app-based smart plug, but equally it can involve the use of business-critical systems, including security, to automate site management tasks.
A wide range of benefits
The potential for businesses and organisations using IoT is immense, especially when you consider national and international opportunities.
The potential scope is enormous, ranging from business devices and appliances through to IT systems, process machinery, building management, transportation, etc.. There isn’t a lot that won’t be covered as IoT spreads its footprint.
However, initially much of the focus will be on the services and devices that can add value to security systems, and the benefits that security devices can bring to other solutions.
Security systems offer a diverse range of data capture sources including video (with all that is possible from intelligent analytics), motion and object sensing, definite identification of authorised persons and asset tracking, along with secure communications in both hard-wired and wireless configurations, advanced event management and host of robust features designed to ensure around-the-clock connectivity. Indeed, it could be argued that security can offer more benefits to IoT than it will receive.
The security sector can benefit from increased integrations with IoT devices that fill some of the gaps we have in out technologies. For reasons of privacy, the security sector has never focused on audio devices.
However, other markets have and their expertise can immediately be accessed. The ability to interface with audio will open up a range of possibilities. Audio is increasingly being seen as an essential element of security and business intelligence. IoT could allow connectivity to best-of-breed audio devices.
Intelligent lighting control is another area that could benefit security. Whether this is in the form of lighting control when spaces are unoccupied, or the management of lighting for enhanced security, the options are manifold.
When it comes to site management, elements such as electronic signage could offer benefits when connected with business intelligence solutions.
For the security sector, it is not a case of struggling with the enormity of IoT, but selecting the right devices that can add value to security systems.
The security industry has to embrace the opportunity to link diverse system elements together, both in the worlds of security and non-security systems, but any progress must consider the issue of data protection.
The crux of the matter revolves around who decides how data is shared between the various systems, and where the permission comes from between one data platform and the next.
Security runs at the heart of this conversation, specifically data security encryption with protocols. In the world of IoT, it is not just the device manufacturers who will have a say. The Googles, Apples, Microsofts and Ciscos of this world want IoT to be easy to implement in the consumer market. The business world, however, needs more stringent protection.
This technological challenge will be resolved in the commercial arena where the benefits can be easily understood and are more tangible. The economics of convergence are significantly more important to businesses and organisations han consumers, and as the business case for IoT applications grow, so will the demand for dependable and flexible solutions.
The potential value of machine-to-machine opportunities are enormous and installers and integrators must work to deliver an appropriate solutions strategy. Increasingly key to this will be the adoption of open platform systems, ensuring that security technologies can reliably interact with those of others sectors.
Another important challenge is tempering users’ expectations and ensuring they understand what is sensible and what is foolhardy when it comes to IoT. For example, the often-quoted IoT fridge might seem like a ludicrous idea, but it does make sense in certain applications. However, such a device is unlikely to be designed with security in mind, so adding one to a company’s network which also supports security and HR services would be a risk that should not be contemplated.
By way of an example, one large US-based retailer suffered a significant cyberattack and data breach after their network was accessed via the air conditioning system. Because elements are connected in an IoT environment, it doesn’t make sense for every element to be linked on the same network, or indeed for certain systems to sit alongside less important (and often less secure) resources.
Adding systems to an IoT environment is a choice, not a mandatory situation is which every networkable device must communicate with every other device. Only connect additional devices which add value to the security system and ensure that those devices offer the same level of cybersecurity as the security elements of the solution.
If other systems want to access data from the security system, then ensure that this does not create a vulnerability which might impact on the security system. This is not always straightforward as those managing other systems might be reluctant to allow you access to the core configurations.
The only way to ensure all elements of an IoT solution are secure is for the various departments to share knowledge and training on how the various systems interact and the operational requirements for the various elements. Whilst this works well for commonly integrated systems (for example, a video surveillance system and an access control package), use of IoT could introduce some seemingly unrelated technologies that need to work together. The end user will dictate the requirements in most cases.
Making it work
The security sector has been quick to get up to speed with IP-based technology, something which has helped us move to integrated systems. Unfortunately this has not always been the case in reverse, with some IT providers being slower to catch up with the intricacies and benefits of integrating with security systems.
Installers and integrators must ensure they understand the intricacies of IP configuration such as firewalls, VLANs and SSL which can compromise security. Equally, the security industry must understand the intricacies of all other IoT devices, ensuring all parts of a solution work well together.
Generally most organisations are protected against cyberattacks, but a connected IoT device may not uphold the required level of end-point security. A simple IoT device could be used to perform a straightforward task, but there is no guarantee it will include SSL encryption. This would create a weak point in the security of an IP network.
The question of who is responsible for the components used in IoT must be clearly defined. In a typical business the different facets often have specific owners: the IT department, the security team, etc..
However, IoT will see many areas of definition blur together and the responsibility for these crossover areas needs to be defined to ensure security and resilience of the business systems.
IoT will deliver true integration; all systems will run on the network. Buildings will be designed with standards-compliant structured cabling solutions built in. This will guarantee that the services required for the client will work, no matter what and where it is to be deployed.
The CENELEC standard, ‘EN50173-6 Information Technology – Generic cabling systems – Part 6: Distributed building services’, outlines the requirements for installing points for the network to be accessed. If end users want an IP-based access control solution, for example, the infrastructure will be close by to allow the service to be deployed.
Once services, no matter what, are using the TCP/IP Ethernet protocol, they are ready and able to join an IoT platform. An ISO11801 structured cabling solution gives the ability to do that.
Overall, IoT deployments promise to provide benefits for security, offering greater choice and options to end users, installers, integrators and manufacturers. They also bring potential risks, which are by no means insurmountable. With the right considerations, planning and cooperation, the benefits of IoT implementations by far outweigh the risks.