The internet of things has been dubbed “the confusion of things” for a legitimate reason. There are no binding standards, no regulations or even best practices to guide the proliferation of IoT devices – estimated by Juniper Research to reach 38.5 billion by 2020. It is the Wild West in the IoT world.
Chris Greer, Director of the Smart Grid and Cyber-Physical Systems Program Office and National Coordinator for Smart Grid Interoperability at the National Institute of Standards and Technology (NIST) spoke exclusively to ITWatchIT about NIST’s take on the Internet of Things.
The Internet of Things
Cyber-physical systems (CPS) have a reasonable definition, said Greer. They are hybrid, co-engineered information technology and operational technology systems that are adaptive and predictive in real time.
An example that is often used is an autonomous vehicle that has network capabilities, computational capabilities, and can interact with its environment, but also has engineered components – like an engine, transmission and suspension system.
All of those things interact to create the cyber-physical system that is an autonomous vehicle.
The internet of things is a subset of these set of cyber-physical systems, and is typically devices and systems that have not traditionally been connected to the internet. As such, home appliances, factories, cars and so on were not previously connected to the internet, but are now becoming more and more connected.
The internet of things is also focused on device communications, rather that person-to-person communications.
They also create new data streams or data sources by adding sensors and sensing capability to a lot of systems that previously did not have that.
It’s really those things: new types of devices, new data streams, and a focus on device-to-device communications that characterizes – from a technical point of view – what the internet of things is about.
That’s the way we think about it, and focus on it here at NIST.
A key challenge in the internet of things space is the diversity of internet of things solutions. We have emerging, the internet of energy things, and separately, the internet of transportation things. We also have the internet of industrial things – with a diversity of solutions in each of those spaces.
The fact that they are separate solutions form one another is a real challenge.
The nature of that challenge is that traditionally, key infrastructures, like water, energy and others have been managed separately.
That is inefficient, and we have a real opportunity now, with the emergence of the internet of things technologies, for coordinating that management.
For some of society’s most important goals, that coordinated management of the internet of things infrastructures is an important capability.
If you are interested, for example, in a community that maintains a sustainable environment to pursue that goal, you need to be able to manage coordinately, all of those sectors that contribute to a sustainable environment.
That includes transportation, the internet, the energy sector, the manufacturing sector and so on, working together in coordination to achieve a sustainable environment.
Alternatively, the goal might be resilience to natural disasters, and in that case, coordinately managing your communications: energy, first responders, transportation, food and water supply systems – all of those things being managed together.
That suggests to me the need for a globally interoperable internet of things. That’s what we are working on, which is developing the technical foundations that would enable the coordination and interoperability across these sectors.
Our approach is always focused on voluntary consensus standards that are industry-led.
We think that innovation happens in industry, private sector and academia. Following that lead, we enable them to develop coherent standards that create interoperability across sectors.
Our core approach is to make those voluntary and consensus-based. it is also true that the internet of things will exist and operate around the world. It’s not just a US activity, internet of things activities are emerging globally.
IoT will exist and operate around the globe in many different operational, regulatory and legal environments.
In order to enable that, it’s really important that we have international partnerships to pursue cooperation on provisions for interoperability of internet of things solutions globally.
In many of our activities, we have international counterparts and partners working with us on technical issues for internet of things approaches.
An example is our internet of things-enabled smart city framework, an international, open technical working group—anybody can participate and its products are openly available—which works towards understanding what the current smart city architectures are and what’s common among those.
It also examines some current deployments, and looks at what’s common among those with an effort at harmonizing those architectures and solutions that are out there today.
We have partners from Asia, the US and Europe, who are working together to reach some sort of international consensus around the opportunities for harmonizing smart city solutions on a global scale.
Those are some of the key factors that we’re focused on.
NIST has a series of special publications, 800-183 is an example of that. Another important example is 800-160, which is Systems Security Engineering, a really important contribution to the IoT space.
This was developed as a way of applying some existing standards and existing recognized process mechanisms to an IoT sort of environment.
The process of revising that has been going on for the past 12 to 18 months, and this is done in consultation with industry, so this is a consensus process we use to gather industry input on how to describe this implementation, and also working together with industry to revise the previous version.
Internet of Things Devices: Safety and Security
NIST is not a regulatory body, so it has no regulatory authority to provide standards. What we are doing is creating a technical foundation that we think will provide a rational way to develop policy and other coherent approaches.
About two years ago, we convened a cyber-physical systems working group, which was an open technical effort with participation from industry and academia in the US and around the world. That group published back in May, the version 1.0 of the Cyber-Physical Systems Framework, which is on the group’s webpage.
An important concept that’s included in that framework is the concept of trustworthiness. We just held a workshop last week on this concept. In the IoT or CPS context, trustworthiness is the integration of security, privacy, safety, resilience and reliability – all interacting.
The purpose of this workshop was to bring together communities, from the safety or reliability engineering realm, for example, or from cybersecurity – to talk together about how to combine their approaches, for a more effective approach for safe and trustworthy internet of things applications.
It is an important concept that the internet of things systems have a broader range of mitigation capabilities than a pure digital system.
The idea is to create a trustworthy IoT system. You can use a digital means or cyber means, or you can use analog systems or physical means for mitigating against threats.
There is a lot work that engineers and others have done in the safety/resilience/reliability realm, that contribute to security and better privacy protection for IoT applications that goes beyond just the digital mechanisms for cybersecurity that we’ve used in pure IT systems in the past.
We think that is an important concept that can be explored for promoting better and more trustworthy IoT systems.
We’ve just started a joint project with the Society for Automotive and Aerospace Engineers, and this project is around applying this concept of trustworthiness as the integration of safety/security/resilience/reliability/privacy, to a connected vehicle context.
Our intention is to explore how that would play out in a connected use case. We haven’t identified the use case yet because we are at the start of this project.
We would let them develop, with their members, best practices and guidelines that the industry believes would be useful in applying this trustworthiness concept.
That is a model of how we work – we develop the technical foundation, help others understand how they could apply it and then allow them to develop, from an industry perspective, the best practices and guidelines that will work for them in their setting.
Speaker: Chris Greer
Chris Greer is Director of the Smart Grid and Cyber-Physical Systems Program Office and National Coordinator for Smart Grid Interoperability. Dr. Greer previously served as Associate Director for Programs in the NIST Information Technology Laboratory (ITL) and Acting Senior Advisor for Cloud Computing. In these positions, he was responsible for strategic planning for information technology initiatives across ITL, including its data and cloud computing efforts. Prior to joining NIST, Chris served as Assistant Director for Information Technology R&D in the White House Office of Science and Technology Policy (OSTP) and Cybersecurity Liaison to the National Security Staff. His responsibilities there included networking and information technology research and development, cybersecurity, and digital scientific data access.