There’s Still No Governmentwide Definition of the Internet of Things

The Internet of Things may be the biggest tech buzzword of 2014.

The number of Internet-connected sensors, trackers and other assorted things could grow to as many as 50 billion devices by 2020, according to some estimates -- enough for every human on Earth to have seven such devices.

But for the government, that term means different things to different people.

A report issued last month by the President’s National Security Telecommunications Advisory Committee, made up of corporate executives who advise the White House on tech policy, called on the National Institute of Standards and Technology to come up with a single definition of the emerging technology, as it has done with cloud computing.

“It's not going to be probably the last definition, but at least a definition that the government can then use to determine how it is now using IoT and how it's going to use it in the near future,” said Jeff Greene, a Symantec executive on the committee, who spoke last week at an event hosted by the Center for Strategic and International Studies on “enabling the Internet of Things.”

That feat could be challenging, as the whole concept of the Internet of Things defies easy categorization.

IoT essentially represents the convergence of information technology -- think software and regular computer systems -- with operational technology, the heavy-duty physical machinery that powers industrial systems.

IoT also represents the potential convergence -- some say collision -- of critical systems, both government and industry, with commercial technologies widely available to the public.  

"The line between consumer and industrial is disappearing,” Greene said. "In the past, no one had a home-powered generation system. But now you can buy an industrial-control system in a box from Lego,” he said, referring to the build-a-robot Lego Mindstorm kits.

It may be only a matter of time before commercial devices, wittingly or not, insinuate themselves into networks powering critical systems.

"And if that happens, all the vulnerabilities that were inherent in this hobbyist device are going to be ported into critical systems to the country,” Greene added.

Make no mistake, the confusion over definitions spills over into the world of consumer devices, too.

"This Internet of Things idea gets thrown out there a lot, and I think there's questions about what that means,” said Hilary Cain, the director of technology and innovation policy at carmaker Toyota.

For example, many newer model cars have Internet-connected multimedia interfaces built directly into the dashboard. Is that part of the Internet of Things? Not really, Cain says. It's basically just a different kind of mobile platform -- a smartphone embedded into your vehicle.

"But some people think of that as the Internet of Things because it is the Internet in a thing," she said. 

For car manufacturers, IoT’s promise lies in the possibilities of sensor-informed car maintenance as well as vehicle-to-vehicle and vehicle-to-infrastructure communication, which could reduce car accidents.

Upcoming Challenge: Secure the Internet of Things

The advisory committee’s report didn’t stop at calling for clearer definitions of IoT. In fact, the main thrust of the report was to draw attention to the government’s need to better secure IoT devices in critical infrastructure systems.

"There is a small—and rapidly closing—window to ensure that IoT is adopted in a way that maximizes security and minimizes risk. If the country fails to do so, it will be coping with the consequences for generations," the report concluded.

The committee pegged the window of opportunity at only between two and five years.

Why such a short time frame?

"We're in the midst of IoT adoption,” Greene said. “It's not something that is coming over the horizon."

Government policymakers need to a take a risk-based approach to securing the devices plugged into the increasingly global IoT web, he added.

"If your Wi-Fi toothbrush is hacked, it's probably not a big deal,” Greene said. “If the water system is somehow penetrated or compromised or the power system that supplies electricity to your Wi-Fi toothbrush, that's a bigger problem."

But the key tenets of building a strong cybersecurity posture may not change all that much.

"We can all sit around and wait for that revolutionary silver bullet or we can sit down, think about our assets, think about our threats, conduct some integrated risk management and make some good, sound risk decisions that support our businesses,” said Matt Scholl, deputy division chief at NIST.

Still, the potential for harvesting massive amounts of data may call for a new breed of cybersecurity professional.

“I'm looking for a cryptographer-psychologist-data scientist,” Scholl said. "There's not a lot of them out there. But these are the types of future skill sets that we need. What does the future IoT repairman look like?"

(Image via Anna Bardocz/Shutterstock.com)