Internet of Things – Black Hat Notes

201510-1

1) Likely development phases:

• Geekling – initial demonstrator projects showing technological components;

• Hype and Bandwagon – “Important” projects that “succeed” and fade away;

• Stove-pipes – stand-alone demonstrators, one or two of which will go into product oblivion;

• Micro-environments – “plug and play” kits with bespoke plugs – the wrong plugs;

• Service marshes – differentiation into specialist tufts, guides needed link tufts into a path;

• Islands – complete environments leading to inter departmental wars about the best island;

• Archipelagos – the emergence of standards, enabling bridge building between islands.

2) The Problems of Time:

• Immediate term – devices failing/losing connectivity;

• Short term – changing configurations as new devices added and new services aggregate the outputs of multiple devices;

• medium term – sustaining services in the face of technology and standards changes;

• long term – sustainment of high value systems over multiple generations of technology.

3) Approach most likely to be Ignored:

Integrated Vehicle Health Management – designed for networks of sensors across large platforms (ships, aircraft, oil rigs) to keep a track of the “health” (maintained state) of the platform – strong on solving the short term problem.

The six level OSA-CBM architecture is a useful starting point:

Levels one to three collect the information and compress it down to the level needed for decision making; they focus on technical (mathematical) issues. Levels four to six link the signals collected to knowledge about the system and what it is supposed to do. For example, in your car, levels 1 to 3 measure the petrol in the tank and turn on the “low fuel” warning light – levels four and up are your problem as you work out where and when to fill up (or you may have a level 5 “53 miles to refill” dispay).

Hype and Stove-pipe projects will likely lump the levels together, making it difficult to feed a sensor output into multiple system and forcing some sensors and functions to be replicated. They will be hard to extend, even in the short term.

Micro-environments and marshes will use a structured model – or rather, many different, incompatible, structured models. Depreciation calculations must assume the value of intellectual property needed will be written off in the medium term.

4) Standards

• Transport level – probably fixed by the Internet;

• Data level – will focus on data structures, but leave the meaning of these structures vaguely defined, so every implementation will overlay its own information model on the data standards;

• Information Level – industry and sector level standards will be developed by the bigger players – currently, major defence companies, oil & gas giants, possibly automotive, possibly building industry and civil engineering. Don’t expect the IT industry to help and don’t be surprised if they hinder.

Historical example: Policy-based security has the XACML and SAML standards (OASIS-open), which are data level standards that allow you to communicate policy descriptions. However, to implement you need to create a common information model so that the security applied to “confidential” in one office is not downgraded by another with a different set of rules for “confidential”. For an information standard, see, for example, Trans-Global Secure Collaboration Protocol (TSCP). https://www.tscp.org/about-tscp/

© TheSeanBarker Ltd 2015.