Navigant Research Blog

IoT Cybersecurity Clouds

— May 4, 2017

The dark Internet of Things (IoT) cybersecurity clouds keep hanging around with the latest news about malware that can wipe data from infected devices. Researchers from Palo Alto Networks discovered malicious software called Amnesia that can infect digital video recorders. If Amnesia senses it is running in a virtual environment, it can wipe critical directories from the file system. The researchers say this is a new capability in malware aimed at Linux-based embedded devices—which include smart TVs, wireless routers, switches, set-top boxes, in-vehicle entertainment systems, navigation hardware, industrial automation equipment, and medical instruments. This potential threat goes beyond consumer devices and could affect the electrical grid. Several other threats against IoT devices have surfaced as well:

  • University of Michigan researchers demonstrated they could hack into sensors on smartphones, automobiles, and IoT devices using a $5 speaker. They targeted microelectromechanical systems, or MEMS accelerometers, which measure speed changes in three dimensions. Using acoustic tones, they deceived 15 different accelerometer models into registering movements that never happened.
  • Engineers at Israeli firm Argus Cyber Security remotely shut down a car engine using a smartphone app, a Bluetooth connection, and a $75 dongle, which insurance companies install frequently to monitor driving. The engineers triggered a signal that disabled a car’s fuel pump, something that would only happen after a collision, according to a Wall Street Journal report.
  • A doll named Cayla was investigated by regulators in Germany for being a security threat. The doll does not link directly to the Internet, but can be accessed via Bluetooth to any mobile device that has the doll’s dedicated app. Researchers found the dolls recorded voices and sent data to a third party specializing in voice recognition.

Security Is Top Concern for Developers

Among developers who write software for IoT devices, security concerns remain high. Nearly 47% of developers who responded say security is their top concern and has remained number one for 3 years, according to an annual survey (see slide 16) by the Eclipse Foundation. The situation does not seem to be getting much better in terms of the potential threats posed by IoT devices. However, beyond the negative headlines, there is some positive work taking place:

  • The prpl Foundation is making progress on efforts to reduce threats to IoT devices. Members of this open source and community-driven foundation are focused on enhancing the security and interoperability of embedded devices.
  • Two industry groups joined forces to improve Internet security. The Online Trust Alliance (OTA) has partnered with the Internet Society to improve security and data privacy. For several months, the OTA has promoted a new framework for securing the IoT, supporting multiple built-in security measures for devices from the beginning, and advocating strong security through the entire IoT product lifecycle.
  • The National Institute of Standards and Technology (NIST) continues to push a broad set of initiatives to create a safer marketplace through its Cybersecurity for IoT program.

Will the Clouds Part?

So where do we stand in this process to create a more secure IoT world? In short, there is progress taking place. One thing to keep in mind: the IoT security threat is not going away anytime soon. That said, key stakeholders need to stay focused on providing stronger security measures for IoT devices and services. Otherwise, IoT market opportunities (see Navigant Research’s Emerging IoT Business Models report) will be lost or needlessly delayed. We are in for cloudy skies for the next several years, so get used to a blend of bad news about breaches coupled with positive steps to thwart them.

 

Move Over Alexa! Text Messaging Wants a Seat, Too

— March 28, 2017

Using your voice to control your smart home might not become as popular as previously thought. Text messaging is looking for a seat at this table, too—especially for controlling smart appliances.

Ever since Amazon’s Echo device, better known as Alexa, stormed the market, voice activation has dominated smart home technology. This device was the star at the 2017 Consumer Electronics Show (CES) in January, where vendors of smart home and Internet of Things devices and services clamored to stay in Alexa’s orbit. For example, Google’s voice-activated Home device now competes with Alexa for market and mind share. Home, launched in late 2016, gets prominent retail display inside Verizon Wireless stores and seems to be riding in Alexa’s wake.

A New Use for an Older Technology

But an older technology lurks: text messaging. Unified Inbox, a small Singapore company, offers a text messaging service that has attracted the attention of several major appliance manufacturers, including Bosch. The service works by adding a user’s home to a contacts list in an app like WhatsApp; a message such as “preheat the oven to 300 degrees at 5:00 p.m.” can then get passed to an oven.

While this type of text messaging has yet to catch on with consumers, some technology leaders, including Facebook founder Mark Zuckerberg, are fans. Zuckerberg has been tinkering with Jarvis, his own voice-activated artificial intelligence program. He has discovered that he prefers text, mostly because the use of it feels less disturbing to people around him compared to voice-activated devices.

Texting has its place, and it should take hold among consumers in the coming months and years. However, the pace of adoption could be muted in the United States, where smart appliances are not that attractive to consumers. A report by Mintel last year found that 56% of respondents are willing to pay more for an energy efficient washing machine (good for consumers and utility demand-side management programs). Yet, just 11%-12% would pay more for a washing machine with smart features—including the ability to diagnose problems or monitor and control the machine from a mobile device.

An Open Question

Smart or connected appliances have already entered the market, and Navigant Research expects steady growth for this category going forward (see our Market Data: IoT for Residential Energy Customers report). But how people will interact with these smart appliances is still an open question. Voice activation has its place, but there is room for other user interfaces such as text messaging. The view here is that multiple interfaces will be available, and users will have to decide how best to control their own smart devices. There is no clear winner here—at least for the near term.

 

IoT and Millennials

— March 24, 2017

The much studied Millennial generation has some issues with Internet of Things (IoT) devices. A new survey says this cohort of young American adults—ages 18 to 29—is the least likely to own an IoT product. This trend presents a challenge for utilities attempting to promote programs like demand response that can link to IoT products such as smart thermostats, air conditioners, or appliances.

According to the study conducted by the Association of Energy Services Professionals and strategic marketing firm Essense Partners, 85% of Millennial respondents do not own IoT devices. The percentage of non-IoT device owners in the other age groups is as follows: 79% for ages 30-44; 81% for ages 45-59; and 84% for the 60 and older group. The study was conducted among 2,700 consumers.

Among respondents who do own IoT devices, the Millennials also represent the least likely cohort to take part in utility programs. They participate at half the rate of those in the 30-44 and 45-59 age groups, and almost a third of the rate compared to the 60 and older set.

Of course, the main reason for lower ownership of IoT devices among Millennials is they are less likely to be homeowners. Therefore, they are not as likely in the market to buy IoT devices that can help manage energy usage.

But there is another reason lurking around the edges: they are worried the most about the devices being hacked. In a survey conducted by KPMG, 74% of Millennials say they would use more IoT devices if they had more confidence that the devices were secure. Among the other age groups, 63% of Generation Xers hold the same view about device security and nearly half of Baby Boomers (47%) say the same.

Part of the Solution: Device Security Standards

One way to boost confidence among consumers and drive adoption of IoT devices is for industry stakeholders to agree on security standards. An effort that has surfaced recently is being spearheaded by Consumer Reports (CR), which is promoting a digital consumer protection standard, along with its cyber expert partners (digital privacy tools provider Disconnect; privacy policy researcher Ranking Digital Rights; and Cyber Independent Testing Lab). The CR privacy standard has four key features: products should be built to be secure; products should preserve consumer privacy; products should protect the idea of ownership; and companies should act ethically. The full standard is in its first draft, and CR expects stakeholders to help shape and improve it going forward.

The need is evident for IoT device security standards such as CR’s and others like NIST’s Cybersecurity for IoT program and UL’s Cybersecurity Assurance Program. Navigant Research applauds these efforts to create standards, as noted in its report, Emerging IoT Business Models. Utilities would be wise to get behind these efforts as well to ensure that their customers, including skeptical Millennials, gain the confidence to adopt devices like smart thermostats and feel more willing to take part in demand-side management programs.

 

Tech Companies Signal Important IoT Infrastructure Moves

— February 24, 2017

Several influential high technology companies have recently announced new strategies and partnerships as they build out the foundations for the expanding Internet of Things (IoT). These moves are likely to have important implications for the energy sector as utilities and their customers adapt to and adopt emerging IoT technologies.

The recent announcements cover a range of IoT areas, including smart grid, security issues, industrial use cases, and payment management. Oracle and Huawei extended their cooperative smart grid efforts by signing a memorandum of understanding dubbed a power IoT ecosystem partnership. The new deal calls for both parties to promote and sell an end-to-end advanced metering infrastructure solution aimed at helping utilities improve customer experience, increase operational efficiency, save energy, and reduce emissions. For its part, Huawei will provide tools for managing smart meters, communications networks, and headend systems; Oracle will leverage its meter data management software, smart grid gateway, and related solutions for utilities.

Cybersecurity and the Industrial IoT

AT&T, IBM, and Nokia have formed a new alliance to beef up IoT security. The new group, IoT Cybersecurity Alliance, will not set standards, but will instead focus efforts on conducting research, educating consumers and businesses, and influencing standards bodies or policymakers. Symantec, Palo Alto Networks, and mobile security company Trustonic are also founding members of the alliance.

Meanwhile, Nokia, Qualcomm, and GE Digital announced the successful demonstration of a private LTE network aimed at the industrial IoT market, specifically targeting companies operating in remote locations or sites where connectivity can be difficult. This would be a good fit for some utilities or companies engaged in energy exploration. Live field trials of the private network are expected to continue throughout this year.

Nokia separately introduced its worldwide IoT network grid (WING) in a bid to boost the IoT market. The IoT grid as a service offering is aimed at enterprises seeking a one-stop-shop for IoT needs across multiple geographies.

Visa and IBM have established a new partnership that will utilize IBM’s Watson IoT platform for extending digital payments to wearables, connected cars, and other devices. The idea is to enable commerce from any connected thing. From a connected car perspective, this could be useful for EV owners who need to charge their vehicles and pay for the electricity in a more seamless way and from a variety of suppliers.

Signs of a Wider Trend

On their own, these moves might not amount to much. However, when seen as part of a larger IoT trend, they represent another milestone along the road toward a much more connected and automated world. For utilities and other stakeholders in the energy industry, it pays to stay abreast of these IoT moves, as many are likely to have an impact on both sides of the meter.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"Neil Strother","path":"\/author\/neilstrother?page=4","date":"12\/11\/2017"}