The Internet of Things (IoT) promises a future where everything is online. But today, a lack of standards makes it difficult to connect. To learn how developers can solve this problem, I spoke with Tony Magallanez, OEM Systems Engineer at McAfee, an Associate member of the Intel® Internet of Things Alliance (Intel® IoT Solutions Alliance).
Below are key excerpts from my interview. For more on this topic, see my interviews with Wind River and McAfee.
What are the biggest challenges to deploying Internet of Things (IoT) solutions?
The major problem we see is the security of these devices. These devices tend to be not manned but often handle personally identifiable information. For example, a device in a hospital – like an imaging device – will transmit personally identifiable information to the back-end system to keep track of things like device machine management and billing. The question is how you protect the data both while it’s on the system and while it’s being transmitted between devices.
How can developers address these issues? In particular, how do standards and multi-vendor solutions help?
Most people understand that they need security, but in many cases they lack expertise –and in far too many cases they end up doing nothing if they don’t have to. That’s where I see consortiums or standards-based organizations driving security. In particular, standards that have enforcement regulations tend to drive the security standards in a specific direction. The Payment Card Industry Data Security Standard (PCI DSS) is a good example. Because PCI can enforce the standard though penalties, fees, and denial of service to vendors who do not comply, they can drive compliance.
Depending on the industry, there are a number of regulatory bodies that define security. In the medical space, devices often have to comply with FDA certifications and HIPPA, for example. In the financial space, Sarbanes-Oxley and a number of other regulatory bodies define security and compliance. In industrial control there are dozens of regulatory rules that systems have to comply with. There's not just one overarching definition of what security should look like, there are dozens of opposing views of what security should look like.
So how do you comply with these regulations? Typically, OEMs or ODMS have taken a buy or build mentality. However, it’s very difficult to build your own security infrastructure. So it’s wise to get help from vendors who are experts in security, and ask these security solution vendors to make sure the systems are secure.
What role do you see for standards bodies like the new Industrial Internet Consortium (IIC)?
Talking specifically about IIC, its recommendations are likely to overlap with the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) recommendations. But one of the great things about these consortiums is that they go further than the regulations require. For example, they may recommend things like application whitelisting. In the regulatory bodies, whitelisting is still a bit of an outlying technology. So these standards bodies can help developers not only achieve compliance but also true security.
What role do you see for ecosystems like the Intel® IoT Solutions Alliance?
Alliance members will help provide the components to meet regulatory recommendations or requirements. They will give you the building blocks to get you to compliance and beyond. Without these groups, you will have different OEMs/ODMs and device owners all struggling to define what the security should look like. Not being security experts, they can miss out on some of the security opportunities.
How you are using standards and ecosystem collaboration to create IoT solutions?
The Intel® Gateway Solutions for the Internet of Things (Intel® Gateway Solutions for the IoT) is designed to be a development gateway. It is designed to allow ODMs to be able to create a device that will fit in their given space. There is nothing particularly geared towards one industry or another, though it fits well in the industrial control space because there are models that are models that are heat tolerant, rack ready, and things of that nature.
What we are doing with the Intel® Gateway Solutions for the IoT is providing a platform that will allow OEMs/ODMs to establish a base level of security and functionality in the device without having to do a lot of the development on their own. In addition, the hardware that’s built in gives them a starting point that is easier than taking a huge SKU sheet and picking out the components individually.
Contact featured member:
McAfee is an Associate member of the Intel® IoT Solutions Alliance.
Roving Reporter (Intel Contractor), Intel® IoT Solutions Alliance
Editor-In-Chief, Embedded Innovator magazine
Follow me on Twitter: @kentonwilliston