The Internet of Things - 36th International Conference of Privacy and Data Commissioners

The Digital Revolu/on Con/nues: The Internet of Everything

Kate Carruthers Mauri/us, October 2014

Internet – web 1.0

Oct 2014 © Kate Carruthers | katecarruthers.com 2

Source: Web Focus: Ways of Exploi/ng New Technologies, 19 July 1998 hSp://www.ariadne.ac.uk/issue16/web-‐focus

Internet – web 2.0


Source: Launching the Web 2.0 Framework, Ross Dawson, May 30, 2007 hSp://rossdawsonblog.com/weblog/archives/2007/05/launching_the_w.html

“Internet of Things” IoT “Machine to Machine” M2M “Internet of Everything” IoE



Objects are becoming embedded with sensors and gaining the ability to operate & communicate independent of human interven/on.


The resul/ng informa/on networks promise to create new business models and disrupt exis/ng business models.

Characteris/cs

• Distributed • Peer to peer • API based • Network neutral Oct 2014 © Kate Carruthers | katecarruthers.com 7


Connected devices are transformed from a single purchase product into a service that generates recurring income.

IoT value is not in the devices, but in new services related to

the devices.

New business models

• Open models •  Collabora/on & loose confedera/ons •  Agile, change ready organisa/ons •  Restructured supply chain • Mergers & acquisi/ons


Ubiquitous connec/vity


Cisco says US$14 trillion IoE value

1)  asset u/liza/on (reduced costs) of $2.5 trillion 2)  employee produc/vity (greater labor

efficiencies) of $2.5 trillion 3)  supply chain and logis/cs (elimina/ng waste) of

$2.7 trillion 4)  customer experience (addi/on of more

customers) of $3.7 trillion 5)  innova/on (reducing /me to market) of $3.0

trillion


CISCO White paper: Embracing the Internet of Everything for your Share of $14 trillion

Market signals -‐ 2014

•  Google bought Nest for US$3.2B Jan 2014 •  Google & Nest bought Dropcam for US$555M •  Samsung bought SmartThings for US$200M •  Vodafone bought Cobra Automo/ve for £115M

•  Zebra Technologies bought a unit of Motorola for US$3.45B


Market signals -‐ 2014

• global survey of 1400 sooware developers • 17.1% working on IoT apps • 23% expect to begin work in next 6 months


Evans Data Corpora/on Survey July 2014

Driven by convergence

•  Ubiquitous comms networks

•  Mobile connec/vity •  3D prin/ng •  Sensor networks •  Big data > drawing useful inferences

•  Peer to peer networks

•  Cloud compu/ng •  Ar/ficial intelligence •  Commodity sensors •  Sooware defined networks


Fuelled by app ecosystem

“Between 2008 and 2017, Google Play and Apple’s App Store will be responsible for a mind-‐blowing number of mobile app downloads: 350 billion.” Oct 2014 © Kate Carruthers | katecarruthers.com 15

Source: hSp://www.mobilemarke/ngwatch.com/the-‐decade-‐of-‐350-‐billion-‐app-‐downloads-‐26932/


Allflex DNA tags

Emerging Standards landscape

•  Industrial Internet Consor/um •  AllJoyn •  WebRTC •  Z-‐Wave Alliance •  Zigbee Alliance •  Open Interconnect Consor/um •  Thread •  Internet of Things Consor/um


Industries

Financial services Automo/ve Technology Entertainment Retail

Healthcare Hospitality Industrial Power & u/li/es Energy & mining



Driverless trucks the next big thing in WA's Pilbara, ABC 25 Apr 2014, 3:13pm

Source: hSp://readwrite.com/2014/04/30/connected-‐home-‐hackers-‐stop-‐yelling-‐at-‐babies-‐foscam#feed=/tag/internet-‐of-‐things&awesm=~oEe6yipkTkz40o


Last August, a hacker infiltrated a wireless camera owned by the Gilbert family, living in Houston, Texas. The stranger took control of the unit and used it to scream obsceni/es at a two-‐year-‐old toddler. Fortunately, the hearing-‐impaired child didn’t have her cochlear implant turned on at the /me, otherwise she would have heard the stranger yelling, “Wake up Allyson, you liSle slut!”



Bloomberg, Data Breaches in the US, at 4 Sep 2014


•  3rd party HVAC firm aSack vector •  Security sooware disabled •  PCI DSS didn’t save them


Bloomberg, Oct 2014

JP Morgan

•  Sarbanes-‐Oxley Act (SOX) •  Payment Card Industry Data Security Standard (PCI DSS)

•  Gramm-‐Leach-‐Bliley Act (GLB) Act •  Electronic Fund Transfer Act, Regula/on E (EFTA) •  Free and Secure Trade Program (FAST) •  Fair and Accurate Credit Transac/on Act (FACTA), including Red Flags Rule

•  Federal Rules of Civil Procedure (FRCP)



Tradi/onal approach to perimeter security


Bot-‐herders can launch DDoS aAacks from dryers, refrigerators, other Internet of Things devices

Network World Sep 2014

Oct 2014 © Kate Carruthers | katecarruthers.com 29 Proofpoint Uncovers Internet of Things (IoT) CyberaSack, January 16, 2014

“The global aSack campaign involved more than 750,000 malicious email communica/ons coming from more than 100,000 everyday consumer gadgets …”

Oct 2014 © Kate Carruthers | katecarruthers.com 30 Proofpoint Uncovers Internet of Things (IoT) CyberaSack, January 16, 2014

“… such as home-‐networking routers, connected mul/-‐media centers, televisions and at least one refrigerator”


It’s “ooen impossible to patch the sooware or upgrade the components to the latest version.”

Bruce Schneier, The Internet of Things Is Wildly Insecure -‐ And Ooen Unpatchable, Wired, Jan 2014


“Ooen, the complete source code isn’t available. Yes, they’ll have the source code to Linux and any other open-‐source components.”



“But many of the device drivers and other components are just ‘binary blobs’ -‐ no source code at all.”



“That’s the most pernicious part of the problem: No one can possibly patch code that’s just binary.”


Consumer privacy

• Pervasive compu/ng • Personalisa/on • Customisa/on • Convenience • Lack of understanding • Meaningful consent Oct 2014 © Kate Carruthers | katecarruthers.com 35


Time, Sep 2014


“We tend to overesGmate the effect of a technology in the short run and underesGmate the effect in the long run.”-‐ Amara's law

Kate Carruthers UNSW Australia Sydney [email protected] TwiSer @kcarruthers


Business

The Internet of Things - 36th International Conference of Privacy and Data Commissioners