Wednesday, 2 March 2016

How risky is your IoT

Copy of an article first appearing on the IoTUK blog.

In a previous blog, we kicked off a discussion about the categorisation of IoT applications and systems; and their technical complexity.
Today we will analyse risk as a further dimension in helping us differentiate various IoT applications. Our mission in all of this categorisation is to start an in-depth discussion about the subsets of IoT applications and their common problems and solutions; otherwise we are in an endless apples and oranges discussion.
Our risk dimension includes privacy, safety and resilience; in fact anything that in project management terms should be included on a (sensibly used!) project risk register. We are interested in what could go wrong, how to decrease the likelihood of such events and how to mitigate the effects; because rest assured things will go wrong.

The inevitability of failure

It is the nature of all computers and communications systems to do unexpected things; even if we could dream of removing all software bugs, the very physics of the systems lead to an underlying failure rate (see metastability). Many of these IoT systems will involve interactions with fallible human beings. Things fail and IoT designers need to deal with it.
We have included privacy here, as one aspect of the impending EU General Data Protection Regulation move, welcomed by many, to a risk based assessment of the requirements for handling personal data.
Such risk assessments are subtle and not solely related to the type of the data, but the context in which it is being used – it might be an annoyance to have your credit card details stolen, but if it is published they were stolen from Ashley Madison’s website that tells a different story.

Privacy risks

Privacy risks are present everywhere where we have sensing technologies in IoT. It will often be possible to correlate the sensing with an individual’s activities.
You can expect to see this data used in unexpected ways – the court case involving FitBit data is a sign of a trend where IoT data can be used as evidence of a person’s innocence or guilt. Mitigations could include strong encryption, ephemeral data or only maintaining statistical and aggregated data in the longer term.
Many IoT devices also have the ability to actuate and affect the physical world – so what could possibly go wrong? Human safety checks are absent when moving to automation in IoT. We will need to design with safety in mind as everyday domestic objects become known killers – whether automatic door openers or even something as mundane as a venetian blind.
Picking up the theme of care for the elderly in their homes, again from a previous blog, we also start to see the need for resilience in our IoT designs. A particularly dangerous episode for many elderly people is a power outage – from the heating stopping, to lack of lighting, leading to increased risk of falls or other accidents.

Resilient IoT design

A resilient IoT design would include several hours of protected power supply for the sensors and router; backup communications using 3G as the ADSL or cable modem may not be available to access the internet (fixed line telecoms operators are required to have the phone service available during a power outage, not the broadband); and the ability to act independently of internet servers to raise alarms, so that operations are maintained when there are network and server failures or DDOS attacks on the infrastructure.
To build an IoT we trust we must first learn to handle the risks. Importantly, while showing damages in privacy cases has proven hard, the rise in citizens injured by devices will rapidly lead to product liability cases.