The Internet of Things
/// BLUF: Regardless of its purpose, network connectivity, or what you call the thing / device / node / system, it is a computing asset made of hardware and software that can have cyber effects applied. ///
In 1982, a Coke machine at Carnegie Mellon was modified to connect to the internet in order to have the machine provide information about its supply of soda and whether they were cold or not . Since then the number of devices connected to the internet has exploded, with Cisco estimating that the number of connected devices to be approximately 22.9 billion devices with growth to 50.1 billion devices by 2020 . The term “Internet of Things”, which is often abbreviated as IoT, was coined in 1999 by Kevin Ashton to describe non-traditional devices that are network connected . Definitions of IoT devices vary but typically an IoT device is considered to be something that 1) processes data, 2) is “connected” via an internet connection, radio frequency identification (RFID), near field communications (NFC), cellular connections, or Bluetooth, and 3) monitors or interacts with its environment. However, there are still issues with the aforementioned statement. For example, an IoT devices does not need to be connected to the Internet to have cyber effects applied. IEEE goes as far as to say that:
"There is no common definition of IoT; current definitions vary so much that they are reminiscent of the old story of the blind men and the elephant".
Smart devices are devices intended for everyday use that extend the functionality of existing technologies. They have become increasingly popular in the mid to late 2000’s. Smartphones are the most prolific and one of the earliest examples, although personal digital assistants (PDAs) were a precursor. Smartphones also provided an impetus for the propagation of other smart devices, as many smart devices use phone applications for remote control.
A common category of smart devices is home efficiency and improvement devices. Examples that fall into this category include smart thermostats, that learn the homeowners schedule and adjust the heat so that it is lower when nobody is home and warms back up just prior to the when it expects the house to be occupied. It will also allow the user to change the temperature via an application on their phone or a web application, which is useful if the owner has an unexpected change to their schedule. Smart lawn care systems will check online weather reports and adjust the watering schedule to make use of rainfall to optimize the amount of water used. Smart locks allow the user to check whether their doors are locked or unlocked and can be controlled through a phone application.
Another category of smart devices is wearable technology such as monitoring devices. Fitness trackers will monitor levels of activity, which can then be uploaded to the user’s computer for long term tracking or sharing on social media. Also popular within this category are a range of tracking devices, that can be attached to keys, luggage, cars, etc. These devices will use GPS data and show the tracked objects location or emit a sound at the push of a button. Internet enabled video cameras allow users to set up home surveillance systems that can be monitored anywhere that an internet connection is available. Advanced systems will send alerts when movement is detecting when the user is not home. As technology advances, implantable medical devices, such as pacemakers and insulin pumps, have been made networkable. This allows medical professionals to adjust settings on the implant without surgically removing the device.
Many industrial control systems (ICS) have integrated network control features to make managing an increasingly larger and more dispersed infrastructure easier. These features are often implemented in the supervisory control and data acquisitions (SCADA) subsystems. SCADA systems are responsible for controlling a wide variety of functions in industrial equipment. In a power generation plant, the SCADA system controls fuel and oil pumps, pressure valves, HVAC systems to vent exhaust and control the temperature of the systems, etc. It also has sensors responsible for monitoring the fuel and oil levels, ensuring that pressure within each component is within a safe range, and reporting power output levels. If an error is detected in one of the generators at the plant the SCADA could shut off that generator until it could be repaired. In days past, each generator in a facility would have a SCADA system that would be controlled at the generator. Now, the SCADA systems for each generator can be networked and connected to a control/monitoring facility. The facility can also be further networked through e-mail and SMS alerts that are sent to plant supervisors and maintenance personnel when an error is detected.
C. Cyber Physical Systems (CPS)
The National Science Foundation describes cyber-physical system (CPS) as:
"engineered systems that are built from, and depend upon, the seamless integration of computational algorithms and physical components. Advances in CPS will enable capability, adaptability, scalability, resiliency, safety, security, and usability that will far exceed the simple embedded systems of today. CPS technology will transform the way people interact with engineered systems -- just as the Internet has transformed the way people interact with information. New smart CPS will drive innovation and competition in sectors such as agriculture, energy, transportation, building design and automation, healthcare, and manufacturing."
Generally, its best to steer clear of Wikipedia as a citable resource, but Wikipedia offers the best description of cyber-physical systems (CPS) that I have seen thus far:
A cyber-physical system (CPS) is a mechanism controlled or monitored by computer-based algorithms, tightly integrated with the internet and its users. In cyber-physical systems, physical and software components are deeply intertwined, each operating on different spatial and temporal scales, exhibiting multiple and distinct behavioral modalities, and interacting with each other in a myriad of ways that change with context. Examples of CPS include smart grid, autonomous automobile systems, medical monitoring, process control systems, robotics systems, and automatic pilot avionics.
CPS involves transdisciplinary approaches, merging theory of cybernetics, mechatronics, design and process science. The process control is often referred to as embedded systems. In embedded systems the emphasis tends to be more on the computational elements, and less on an intense link between the computational and physical elements. CPS is also similar to the Internet of Things (IoT) sharing the same basic architecture, nevertheless, CPS presents a higher combination and coordination between physical and computational elements.
D. Embedded Systems
The final, catch-all category of the IoT is embedded devices. These are small computer systems that are designed for a specific purpose and are part of a larger system. Some of the literature describe standalone embedded systems, and give examples of phones, home heating systems, and other items that this paper classifies as smart devices. Due to the difference in attacks against traditional and standalone embedded devices, these categories have been kept separate in this paper. Furthermore, tasks that embedded systems are designed to perform are determined by the manufacturer, not by the user, which differentiates them from the typical computer system and some customizable smart devices.
An example of an embedded system would be the electronic control unit (ECU) system in a vehicle. This system controls the vehicle’s fuel injection system, anti-lock brakes, transmission, cruise control, GPS, etc. Today, many of vehicles contain an infotainment system that communicates with the ECU, allowing the driver to control certain vehicle functions. The magazine “Military Embedded Systems” contains numerous examples of military applications of embedded systems to include tactical military vehicles.
E. M2M -> IoT Ecosystems
Machine to machine (M2M) communications are simply direct communications between devices. M2M communications were first implemented by Theodore Paraskevakos in 1971 when he created the first caller ID system in Huntsville, AL. Since then, M2M communications have been utilized for a variety of applications from telemetry to SCADA.
Finding a generally accepted definition of an IoT ecosystem is even harder than finding a generally accepted and agreed upon definition of what the IoT is. Postscapes provides an interactive map that, in my opinion, does the best job of creating a holistic snapshot of the IoT ecosystem.
Image Credit: Postscapes (Click for Interactive Map)
F. Those "EXTRA" IoT Acronyms
- IIoT (Industrial)
- IoBT (Battle Things)
- IoD (Drones)
- IoE (Energy)
- IoE (Everything)
- IoF (Fashion)
- IoHT (Healthy Things)
- IoIT (Intelligent Things)
- IoLT (Living Things)
- IoMT (Medical Things)
- IoNT (Nano Things)
- IoOT (Overwhelming Things)
- IoPT (Postal Things)
- IoP (People)
- IoRT (Robotic Things)
- IoUT (Underwater Things)
- IoV/IoC (Vehicle/Cars)
...and the iconic Internet of Ransomware Things.