Upload
future-insights
View
2.213
Download
0
Embed Size (px)
Citation preview
Mike Amundsen, API Academy
@MAmund
“The IoT space is definitely ready to enter. This is a
fantastic space. The Internet of Things is going to be
faster, bigger than the Internet.”
Product ideas
Customer knowledge
Market research
Industrial design
Physical design
Hardware design
Embedded architecture
Manufacturing operations
Marketing
Sales
Formula for a great
product:Know your
customer
Know how to
build stuff
Know how to
please your
customers
Hugo Fiennes, Electric Imp
@HFiennes
Formula for a great Connected
Product:Antenna design
RF engineering
RF approvals
Network-centric operating system design
Ongoing security and support
Protocol design
Network security
Server software
Scalability
Cloud operations
Device managementHugo Fiennes, Electric Imp
@HFiennes
IoT Standards
• Wireless Power Consortium
• Industrial Internet Consortium -
ATT, GE, Cisco, Intel, and IBM
• Open Internet Consortium - Intel,
Samsung, a few others
• Open Interconnect Consortium
But wait, there’s more…
• HIPAA
• PCI
• Sarbanes-Oxley
• Cyber security standards?
• NFC
• BLE
• WiFi
• 3G
• 4G
• RF
Mike Amundsen, API Academy
@MAmund
“We’re trying to build too much intelligence into one
device. That’s why we have so many protocols.”
Richard Parker, Altitude Angel
@altitudeangel
“Very much reminiscent of dot-com boon — everyone is
rushing to compete the standards. We aren’t trying to
compete, we want to work with everybody. Integrate with us
and in addition to your drones being safer, everyone else’s
drones are safer.”
1. Security
2. Privacy
3. Connectivity
4. Interoperability
5. Battery life
6. DOES IT EVEN WORK?!!??!!!
Hierarchy of IoT Needs
Brian Knopf, BRK Security
@DoYouQA
“I wanna know with 100 percent certainty when I say
a device goes on, it goes on. When you think of the
hierarchy of needs, security is great but it doesn’t
mean anything if I can’t get it to function properly.”
Guillaume Gimbert, Stardust Mobile
@guibarca
“When an application crashes, it’s dead for the users. If you
buy an application, sometimes it’s two euros, four euros, or it’s
free, so if it doesn’t work, it’s ok, you’ve wasted your time, but
when you buy an object that’s a hundred euros or more and if
you can’t connect, it’s an issue…you have to be careful about
connect-ability before putting your object on the market.”
1. Secure by default.
2. Secure by design.
3. Secure by deployment.
Security is a part of the
human experience of IoT.
Aditya Gupta, Attify
@Adi1391
““Whenever you build a particular product, you
should start thinking of the security from the very
start built into the framework. Create a threat model
from the start.”
‘Threat modeling my wife’
Brian Knopf, BRK Security
@DoYouQA
Neurostimulator
Leads
Electricity, Voltage
Mission Programmer
Software
Battery Charging Unit
Lifespan
Battery Leakage
Risk #1: Damage to neurostimulator caused by
strong electromagnetic (EMI) interference.
Mitigation #1: EMI shielding and an MRI-safe mode.
Likelihood: Highly unlikely.
Risk #3: Attacker turns stimulation on high voltage.
Mitigation #3: Remote only works when directly against
the skin. External signals don’t change this.
Likelihood: Highly unlikely.
Risk #2: Via wireless signal, someone could change
stimulation profile, causing the user to be in pain, which in
turn needs more medication and potentially overdose.
Mitigation #2: Remote only works when directly against the
skin. External signals don’t change this.
Likelihood: Highly unlikely.
Risk #4: Overheating of skin during charging causes burns.
Mitigation: Neurostimulator monitors skin temperature and
its own device temperature. Stops if unit or skin overheats
Likelihood: Highly unlikely.
Risk #5: Riskiest, based on damaging leads with high radio
frequency causing scarring, electrocution, shock or death.
Mitigation: New devices have much thicker leads
dispersing RF across whole length of lead.
Likelihood: Highly unlikely.
Andy Thurai, IBM
@AndyThurai
“You need to be careful in your thought process, always
question when you say ‘This system needs to connect
to this system. Why? What’s the purpose?”
Aditya Gupta, Attify
@Adi1391
“It’s a better role for the developer to have the security
mechanism in place before the testers actually test it.”
Dogfooding the Internet of
Things*
*20-year-old boys shouldn’t test for menopausal women
devices. @jkriggins #fowa
Diwakar Menon, Last Mile Consultants
@diwakarmenon
“Look beyond just a pure usability perspective and
start peeling off the layers of the onion. They will
cause tears to your eyes, but there’s a need to learn
usability testing.”
Stacey Mulcahy, Microsoft
@bitchwhocodes
“Understanding how these devices work, setting them
up in the fragility and unpredictability of an
environment—the environments they are deployed in
aren’t necessarily in their own home.”
Kin Lane, API Evangelist
@kinlane
To investigate IoT, “is something anyone can do, I
don’t think you have to be a network specialist or
developer. Research the tools out there—Proxy,
Sniffer—find interface devices out on the network.”
Citizen activist: noun. A domain expert or
developer that doesn’t have an investment in a
platform.
Citizen activist: noun. Anyone passionate about a
sector and ready to ask questions.
@jkriggins #fowa
Paul Bruce, SmartBear Software
@paulsbruce
“In order to really benefit from open standards, you
need to contribute to them—provide feedback. It’s
our responsibility to do what we can… Think about
how the devices are going to be used and misused.”
Kin Lane, API Evangelist
@kinlane
When you are testing, “publish your strategy and
plan and share it with others so they know that it’s
executed and so they can emulate it.”
Richard Parker, Altitude Angel
@altitudeangel
“When I’m looking to hire, I’m not looking for traditional software
developers, I’m looking for people who are imaginative and play, build
stuff at home,” like radio-controlled cars and aircraft. “Folks who are
inspired by technology. I don’t want a career developer at Altitude
Angel. I want them for their engineering skills but in this domain, in
the IoT world, we’re blending the real world with the software world.”
Stacey Mulcahy, Microsoft
@bitchwhocodes
“Pick a project that kind of leans on your software
skills and finish your project, as simple as it is, and
try to have all the pieces of some kind of inputs or
outputs, capturing that data.”
Makers FTW!!!
Stacey Mulcahy, Microsoft
@bitchwhocodes
Learn in two phases:
1. Getting really comfortable with your thing—how to work with it
and write stuff for it.
2. Figure out how to store data, put it in the cloud—the opportunity
is analysis and ability to predict behavior on the data.
Stacey Mulcahy, Microsoft
@bitchwhocodes
“The beauty right now for software is that there’s so
many options and I think you’re better off to leverage
what you feel like you know.”
• Arduino
• Raspberry Pi
• Spark Photon
• Java
• C++
• Linux
• Python
Diwakar Menon, Last Mile Consultants
@diwakarmenon
“Get familiar with that environment, the devices, the
protocols, the gateways, the platforms. They need to
understand:
• how devices communicate
• how aggregation happens
• what kind of protocols are
used
• how is that data stored
Michael Kruk, Crowsnest
@crowsnestio
“Totally network your ass off.
I think you need to have an idea or hypothesis. Don’t build anything,
interview everything. ‘I think I can build a program that solves
Problem X for Person Y.’
Ask them, ‘What is your biggest problem in this industry?’ and hope
they say X. Then after you have about a 100 people confirming your
hypothesis, then you can go and write some code.”
Create your own IoT biz
Guillaume Gimbert, Stardust Mobile
@guibarca
“To learn how to work with different people with different
backgrounds because, in the end, developing a software is
quite easy. When we are talking about IoT, you also have to
take account of design, of manufacturing. It’s software plus
objects so it’s extremely difficult manufacturing lab classes -
makers lab — to mix software and objects.”
Brian Knopf, BRK Security
@DoYouQA
“You have to love to learn. You can never really be
complacent in QA. You’re always going to be
constantly learning the technology and how to do
things.”
Michael Bolton, Rapid Software Testing
@MichaelBolton
“I think there will always be a role for investigators,
journalists, critics…Software will increasingly be checked
through tools, through automation. What can never be
automated is the investigation of social fit. Does this
product fit into society? Is it good enough? Does it fulfill
our intentions? Are there undiscovered intentions?”
Jennifer Riggins, eBranding.Ninja
@jkriggins
linkedin.com/in/jkriggins
“Be the first to fiddle, to write about it, to talk about
it. Just be the first and the rest will all fall into place.”