It's hard to secure the internet of things if parties can't agree what it is.
The phrase “internet of things” usually references the growing connectivity among sensors, smart devices and people, but a computer scientist at the National Institute of Standard and Technology believes that phrase is useless and doesn’t mean anything.
“There is no universally accepted definition of IoT,” said Jeffrey Voas, speaking Tuesday at an event hosted by FCW. Voas wrote a NIST publication on the issues last August. Uncertainty regarding its definition makes it difficult for interested parties to come together around—much less agree on—standards like security risks or software patching.
Rather, Voas said IoT was a “marketing term” that encompasses a catalog of supporting technologies, not a singular technology.
» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.
The problem with IoT, Voas said, is not just that policy experts, technical wonks, corporations and legislators don’t agree on what IoT is, but also that the phrase lacks comparative capabilities. In other words, you can’t compare agency X’s IoT with agency Y’s IoT.
“I cannot bound the internet, from a security standpoint,” Voas said, so “it is meaningless to speak of comparing one IoT to another.”
But computer networks do have boundaries. Agencies and organizations are better off describing and defining individual “networks of things,” Voas said.
A fully-defined network of things would include five building blocks. They are the sensors that collect various types of data; aggregators that use algorithms to transform large piles of raw data into aggregated information; communication channels, the mediums through which data is transmitted (wireless, physical systems, wired); eUtilities, a software or hardware product service, and decision triggers, which are “final outputs needed to satisfy the purpose of” the network of things,” he said.
“I can build almost any network of things using this five-piece Lego unit,” Voas said.