By Richard Eyo, Department of Mathematics and Information Security, Royal Holloway, University of London.
The Internet of Things (IoT) has been defined in Recommendation ITU-T Y.2060 (06/2012) as a global infrastructure for the information society, enabling advanced services by interconnecting (physical and virtual) things based on existing and evolving interoperable information and communication technologies . It is a global network that connects physical devices such as household equipment (e.g. refrigerators, kettles, washing machines etc.), buildings, electronic devices, vehicles, medical equipment, manufacturing machines, which are embedded with sensors, network connectivity, software, actuators which aids in communication and exchanging information to and from devices either through Radio Frequency Identification (RFID) or in more advanced way (e.g. WiFi). Unique thing about IoTs is that, each device will be identified and recognized in the network and could be controlled remotely.
It is expected that 50 billion devices will be connecting together by 2020, although to individual persons or organizations, IoT is seen in different perspective either as services, technologies, etc.; . Irrespective of their viewpoints of IoT, the primary objective is to make sure that, either they provide services or buy services form others by connecting physical objects, sensors, actuators and the Internet together. According to IBM, “every company, every city, every country—every individual—is increasingly interconnected with millions of others, the cost of a bad call can be devastating. But analytics is increasingly helping business and government leaders look beyond their own biases to discern real patterns and anticipate events” .
Supporting ITU – Connect 2020 Agenda in the context of IoTs
ITU- Connect 2020 Agenda is to work towards the shared vision of “an information society, empowered by the interconnected world, where telecommunication/ICT enables and accelerates socially, economically and environmentally sustainable growth and development for everyone” and invited all stakeholders to contribute with their initiatives and their experience, qualifications and expertise to the successful implementation of the Connect 2020 Agenda . In order to support ITU Member States in the context of IoTs, achieving these goals, we are therefore points out some of the challenges that needed to be address so as not to hamper the adoption and deployment of IoTs in the developing world.
This is achievable if there is trust between the manufacturers of the devices, the users and the IoT devices. By that I mean, the architectural designs, network infrastructure, interfaces for communication, security and safety of the users, standards, policies, and guidelines to regulates the manufacturers and the service providers of IoTs should be in place, otherwise IoT will affects lives negatively.
Challenges of the IoTs Deployment in developing Nations
Considering the issue of existing technologies (e.g. electricity, Internet etc.) of which many developing countries are still struggling without constant power supply in terms of generation and distribution, as it plays a major role in modern society and modern life; of which a society could not progress without significant commitment to it . Unlike the developed countries where the power sector is fully managed, privatised and regulated through standards and policies, whereas in developing countries however, this has been more difficult and leads to serious weaknesses. Also, the process of capacity building and establishing adequate regulatory institutions has been a slow and complex one, lagging behind the entry of private operators in the electricity sector , and of course we all know the importance of electricity as it will play a major role to the smooth operations of IoTs.
Again, in most developing countries, due to poor and limited Internet connectivity for example, in Nigeria . In my own experiences, I have seen people subscribing to more than three ISPs. Not that they have so much money to do so, but the reasons are that, they are exposed to the trend of new technologies and very eager to explore it. But it is rather unfortunate and very frustrating seeing someone with sophisticated and very expensive mobile devices but due to poor services from the Mobile Network Operators (MNOs), the devices become not useful in their hands, because there is no strong standards and policies to put the service providers on their toes in order to upgrade their services to a standard such as in the developed countries.
Another important aspect is the IoT manufactures is for profit making, who are not ready to invest greatly in the research. In my own opinion, however such manufactures may not have necessary guidelines starting from the design, testing, to the implementation phases. There might be propensities that, devices that were not initially designed to connect, may be shabbily reprogrammed along the line with embedded hardware in order to do so.
Therefore, there should be standardised and regulatory bodies that regulates and certify the products to see that, they meet the standards in all the phases before they are being roll-out for services. In as much the IoTs manufactures are not well regulated, and they are trying to dodge from the certification and standardised bodies if being set up, of course, this is an indication that, there are countless dangers ahead as billions of devices will connects together.
Safety, Security, and Privacy of the users
Does the IoT manufacturers have the safety, security, and the privacy of the users in mind during the design phase, and to what extents? For example, governments and utility companies are rolling-out smart metering in order to improve energy consciousness and efficiency in supply and consumption, as the case may be . Hospitals are introducing wearable devices to monitor the health condition of their patients , automobile industries are producing vehicles with IoT – enabled sensors and so on.
For the fact that, these devices must connect to one another in order to share services, therefore, there are propensities that the devices could be hacked by criminals. Hence, vital information regarding safety, security, and privacy of both the devices and the users are revealed. This could become the matter of life and death, for example, a vehicle that is IoT-enabled if hacked could reveals the location of both the vehicle itself and the driver/owner to the hackers, of which the hackers can use the information to track the owner’s movement or even manipulate some important components of the vehicle either for fun or for bad motives.
What if in the case of hospitals where IoT- drugs dispensary equipment which is linked to every patient’s record and connected to their wearable IoT devices for effective monitoring are being hacked? This could be very devastating to both the patients and the hospitals. The life of the patients is at a very high risk, since the hacker has the patient’s medical record, therefore, he knows the time, next drugs, and the dosage to be given to the patients. So, this gives him enough details about the patients and the type of sickness. Therefore, the hacker could change the drugs type and dosages and save the record again, leaving wrong prescription to the next medical officer that will take over.
The hacker’s intention could be to frustrate the hospital by running down their reputations, to intentionally killed the patient, or to get the patient’s information for financial benefits to a third party. Of course, seeing the type of drugs dispensed to the patients will tell the hacker the nature of the patient’s sickness, and therefore reveals the patient’s safety, security and privacy.
Dumping of rejected or banned IoT devices to the developing nations.
In recent times, there are series of complaint from the developing nations concerning incessant dumping of banned and sub-standard products from manufacturers. For example, the medical/health sectors where Nigeria and Uganda raised alarm over poorly-calibrated, old machines being dumped in their hospitals as donation. India blamed china for exporting low-priced equipment of low standard to their country, China probe against western and Japanese medical device makers for selling dialysis kits at exorbitant prices in comparison to indigenous versions. While a 2012 report in The Lancet showed that about 40% of healthcare equipment in poor countries is out of service mainly because of ill-conceived donations-for instance, oxygen concentrators donated to a Gambian hospital worked on a voltage incompatible with the country’s power supply .
If proper measures are not being taken, it is very obvious that, more of these incidences will occur in the nearest future as far as IoT is concern, and as the developed nations with strong and standardised bodies will band or rejects sub-standard goods and services from entering their countries. Of course, there are many reasons that could lead to the banning of IoT devices, such as safety, security, privacy, environmental, technological, compatibility etc. And the options for the IoT vendors would be either to ship the sub-standard devices as they are or refurbish them and send to developing world where there is no or very little regulations, in order not to lose out completely. Which of course, the idea would be probably very costly. The devices could be as a means of donation just to create relationship with such country for subsequent businesses.
The danger here is that, when such good and services are banned from the developed world, the manufactures will rush trying to cover up the mess by updating the devices, of course any house built on a wrong foundation will surely collapse. So, if the updates are not okay, they will stop the production, since the cost of update could be more than the cost of producing new devices. So what happen to the hundreds of thousands devices already circulated?
There will be no updates, as the products would be unsupported or end-of-range. The end user suffers these effects spending money on what they don’t really used or enjoy. Again, the sub-standard devices could become a back door for hackers to get access and steal the end user’s personal information.
On the other hand, the IoTs vendors stands greater chances of losing their trust, reputation and integrity, if such flaws are detected. For example, the issue of Samsung Galaxy Note 7 phones that have a high propensity of batteries failing, leading to personal and property damage . Although, the Samsung company officially stops Galaxy Note 7 sales globally, urges owners to power down phones , which is well recommended. The banning of the said phone first came from the developed nation (USA), even the airlines that banned the same phone are from the developed world . Does it mean Samsung Galaxy note 7 were not sold in the developing nations? Or do the developing nations don’t own or travelled by air? They do! Kudos to the developed nations that, act together, regulate, and notify her citizens promptly and regularly.
Upgrade of IoTs goods and services
The upgradeability of goods and services, is another important role for the smooth running of IoTs, for the manufacturers, service providers, and of course the users. It is very obvious that, millions of IoT users are not IT experts, and there is that tendencies for them to choose or purchase as many devices as the can afford without being first considered the safety, security and privacy policies. How do the IoT users know when there are new security updates available in order for them to update to the latest version? Are they allowed to carry out the updates by themselves or the updates are set to automatic? What are the assurances that, the user will even update the devices? How do they know if the updates are genuine and not a malicious one from cybercriminals?
Updates is very critical in the sense that, when the above questions are being answered correctly by the IoTs actors (i.e. manufacturers, devices, service providers, and the users) the better the situation. Updates are very achievable if the products in their original design were considered to be so, else reverse is the case. Therefore, whenever an update is available, there should be secure channel of communication between the manufacturers, the service providers, and the end users in order to keep them from installing malicious updates from cybercriminals, so as not to lose their personal information through back door access to the cybercriminals.
Imagine over 50 billion devices and sensors communicating with one another in large numbers of segmented networks connecting to internet in order execute designated tasks. This is a very large system which is more complex to manage, if things are not well designed and implemented. The systems offer convenience to the users, on the other hand, as the devices would have access and connected to user’s information if they are home or away, WiFi information, home address, Zip codes etc., the hacker could exploit the hardware of the IoTs devices and use it to spy and steal information of the users.
According to Eduard Kovacs, as far as Web interfaces are concerned, six of the ten products listed below are plagued by persistent cross-site scripting (XSS) vulnerabilities, easy-to-guess default credentials, and poor session management. Flaws in the cloud and mobile apps of 70% of devices can be exploited to determine valid user accounts through the password reset feature or account enumeration . Again, following the HP’s report, “Internet of Things Security: State of the Union“, a total of 250 security holes have been found in the tested IoT devices — on average, 25 per device. The issues are related to privacy, insufficient authorization, lack of transport encryption, inadequate software protection, and insecure Web interfaces. The most 10 commonly used IoT devices includes TVs, power outlets, webcams, smart hubs, home thermostats, sprinkler controllers, home alarms, scales, garage door openers, and door locks.
Should the Government have a say in the design of the IoT?
Governments of the developing world just as the developed world has significance roles to play to ensure that the IoTs products and services are complied with their policies and the international standards. These could be achieved through the setting up of committees in line with the usage of the devices since IoT will cut across all facet for life. For example, medical and IT experts should be in charge of regulating medical – related IoTs goods and services. Likewise, automobile, other home and offices appliances and so on. The major reason for this is that, if the governments does not have a say or clear idea of what IoTs products and services they and the individual citizens purchased, in terms of safety, security, privacy, and interoperability, for both the governments and the individual home users, it could be very disastrous along the way, and may be to too late or very difficult to correct the anomalies, especially in the case of losing human lives.
Espionage – in my own opinion, if governments of the developed and the developing nations do not have a say on the designs and specifications of IoTs or have clear ideas of what products are coming into their countries, it may lead to ‘’Cyber-espionage’’. It therefore means that, other countries, some groups, individuals, for selfish, personal, military, political, economic interests etc. may produce devices that are more susceptible to attacks and uses them as back-doors to gain accesses to very classified, personal or very sensitive information without formal permission. As it is the government’s responsibility to protects life and properties of its citizenry. It therefore means that, the government should protect personal information of its citizenry, by knowing how the citizen’s information are being managed, and who manages them, in order not to be treaded or abuse.
Considering the above IoTs challenges, such as security, safety, privacy, data management, interoperability etc. governments alone will not be able to tackle the envisaging challenges, hence the following recommendations.
- Government of the developing world should develop their IoTs framework or adopts from the developed world, if they do not have the necessary resources. Just as the Australia which embraced the British developedHypercat framework, initially for internet of things (IoT) deployments in smart cities, in part to address perceived security issues . The framework that would be interoperable with their environments, social, economic, existing or intended technologies.
- There is a need for the governments of the developing world to co-opt more participatory groups (e.g. regulatory bodies, professionals, academia, and civil societies) to help review IoTs products and services for the benefit of all. In the developed world, there are good example of such groups which include; the US Federal Communications Commission Technological Advisory Council (FCC TAC) Internet of Things Working Group , European Commission , Expert Group on the Internet of Things (IoT-EG ).
- As the IoTs is coming to stay, there should be some routine meetings with academia, researchers, IoT vendors, service providers etc. in order to get feedback from different areas in which IoTs are deployed and to plan for the future.
The positive aspects of IoT for developing nations are enormous when smoothly adopted and deployed, as it will positively affect lives in the following areas, (e.g. drought/environmental monitoring, agriculture, health care, home/office automation, transportation, education, research etc.) as the users and the machines exchanging data easily over the Internet, hence has the capability of boosting the economy positively by saving money and time.
 ITU – ‘’Internet of Things Global Standards Initiative’’. http://www.itu.int/en/ITU-T/gsi/iot/Pages/default.aspx
 Mark Fell: Roadmap for The Emerging “Internet of Things”
 IBM – Smarter Planet http://www.ibm.com/smarterplanet/us/en/overview/ideas/index.html
 Connect 2020 Agenda for Global Telecommunication/ICT Development http://www.itu.int/en/connect2020/Pages/default.aspx
 Douglas F. Barnes Electric Power for Rural Growth: How Electricity Affects Rural Life in Developing Countries.
 Yin-Fang Zhang, David Parker and Colin Kirkpatrick – Electricity Sector Reform in Developing Countries: An Econometric Assessment of the Effects of Privatisation,Competition and Regulation.
 Premium Times -The NCC, Telecom Operators, and Poor Services in Nigeria http://www.premiumtimesng.com/opinion/130573-the-ncc-telecom-operators-and-poor-services-in-nigeria-by-chukwuemerie-uduchukwu.html.
 The Societal Impact of the Internet of Things – A report of a workshop on the Internet of Things organized by BCS – The Chartered Institute for IT, on Thursday 14 February, The Chairs were Jeremy Crump (BCS) and Ian Brown (Oxford Internet Institute, 2013, University of Oxford)
 Malathy Iyer – First world’s discarded medical devices flood Indian markets http://timesofindia.indiatimes.com/india/First-worlds-discarded-medical-devices-flood-Indian-markets/articleshow/46696235.cms.
 Eduard Kovacs – 70 Percent of IoT Devices Vulnerable to Cyberattacks: HP http://www.securityweek.com/70-iot-devices-vulnerable-cyberattacks-hp
 Computer Weekly – Australia adopts British internet of things framework http://www.computerweekly.com/news/450304522/Australia-adopts-British-internet-of-things-framework
 ITU – Regulation and the Internet of Things, Oxford Internet Institute, University of Oxford, United Kingdom. https://www.itu.int/en/ITUD/Conferences/GSR/Documents/GSR2015/Discussion_papers_and_Presentations/GSR_DiscussionPaper_IoT.pdf
 US Federal Communications Commission Technological Advisory Council Internet of Things Working Group, Spectrum: Initial Findings, FCC TAC meeting update, 10 June 2014, http://transition.fcc.gov/bureaus/oet/tac/tacdocs/meeting61014/TACmeetingslides6‐10‐14.pdf
 European Commission, Conclusions of the Internet of Things public consultation 28 February 2013.
 Gartner, Forecast: The Internet of Things, Worldwide, 2013, https://www.gartner.com/doc/2625419/forecast‐internet‐things‐worldwide.
 36th International Conference of Data Protection and Privacy Commissioners, Mauritius Declaration the Internet of Things, 14 October 2014, p.2, http://www.privacyconference2014.org/media/16596/Mauritius‐Declaration.pdf.
 European Commission – Report on the Public Consultation on IoT Governance https://ec.europa.eu/digital-single-market/en/news/conclusions-internet-things-public-consultation.
 IoT Privacy, Data Protection, Information Security http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1753
 Final Report of the EU IOT Task Force on IOT Governance http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1748
 Expert Group on the Internet of Things (IoT-EG) Sub-Group on Identification http://ec.europa.eu/information_society/newsroom/cf/dae/document.cfm?doc_id=1752
 Samsung officially stops Galaxy Note 7 sales globally, urges owners to power down phones http://www.androidcentral.com/samsung-power-down-stop-sales-galaxy-note-7
 Samsung Galaxy Note 7 banned by more airlines over fire risk http://www.bbc.co.uk/news/business-37674170