ArchiveOODA Original

The Future of Enterprise IoT

The phrase Internet of Things (IoT) is a useful way to force thoughts on the new architecture emerging around embedded computing and ubiquitous communications. IoT devices are with us now and are proliferating at home, in our cars, on trains, planes, cities, buildings are factories. There are many design choices we all need to make to optimize how IoT serves our businesses. This succinct guide to IoT is meant to help you think through just that.

The IoT trend has been developing for over a decade, and right now billions of IoT devices are deployed. But overall the market remains immature in terms of valuable use cases for business. The biggest IoT deployments are in smart cities and in consumer markets. The biggest corporate IoT deployments are industrial internet of things in manufacturing facilities. We assess more use cases are coming, including large scale deployments for healthcare, hospitals, office parks and buildings, roads and even small businesses. But the issue is timing. When will these deployments ramp up?

The Internet of Things Today:

  • Largely enabled by embedded computing devices and ubiquitous communications
  • Use cases are expected to include enhancements to education, training, safety, security, healthcare, transportation and optimized manufacturing.
  • Connected to the Cloud Computing megatrend since many IoT capabilities are controlled from cloud capabilities.
  • Connected to Artificial Intelligence megatrend since increasingly IoT devices are having smarts put right in their devices.
  • Connected to Big Data megatrend since IoT devices are generating incredible amounts of data.
  • Huge driver of CyberSecurity research
  • Industrial Internet of Things is driving force behind better automation of manufacturing

Cybersecurity Issues around IoT

The threat dynamics around this trend includes many privacy implications. If an adversary can penetrate the IoT devices in a home or office, then in some cases they may be able to collect information you would not want them to have, perhaps even video or audio of private and sensitive discussions. Interruptions of Industrial Internet of Things capabilities can degrade manufacturing performance and must also be taken very seriously.

For years the community has seen examples of IoT devices being used at part of botnets for conducting DDoS attacks. The typical attack involves scanning for devices with known credentials, taking over devices, downloading code and then launching large scale attacks. The code behind these attacks continues to evolve. Reports in April 2020 on a variant called Dark Nexus, for example, uses targeted payloads that can run on dozens of different types of processors.

Security researchers have also gathered evidence of Russian intelligence services breaching organizations to obtain details about IoT devices in order to orchestrate attacks.

Open questions decision-makers should track on the Internet of Things include:

  • What security models are in place to mitigate risks of IoT in homes, businesses, manufacturing facilities?
  • What would the impact of ransomware attacks on IoT be on your business? What would the impact be on your local government?
  • How can we optimize distributed processors when they are idle?
  • What transmission protocols will rule?
  • What will normal usage and communications patterns be like? What is role of behavioral analytics?

The Impact of IoT trends on Due Diligence Assessments:

The trend of IoT is an increasingly important element of corporate Due Diligence since it is disruptive to business models and also because of the unseen risks IoT can bring.

  • On the sell side: Firms should ensure their IoT and Industrial IoT use is done securely and that mitigation strategies are in place for issues. Doing this before sale can make a big difference in how well a firm will be valued.
  • On the buy side: Buyers should pay particular attention to the deployment of IoT and IIoT to ensure a well thought out architecture that mitigates risks. External and independent verification and validation of security policies and practices should include a review of the technical architecture, as well as the degree that the target is complying with appropriate compliance regimes.

Strategically, the evaluation of firms is an art requiring assessment of how unique the capability is and how much in demand it will be in the market. We provide due diligence consulting via our consulting arm, OODA LLC.

Additional insights to inform your business strategy in an age of digital transformation can be found in the OODA Members Advanced Technology Sensemaking Page.

Bob Gourley

Bob Gourley

Bob Gourley is the co-founder and Chief Technology Officer (CTO) of OODA LLC, the technology research and advisory firm with a focus on artificial intelligence and cybersecurity which publishes Bob is the co-host of the popular podcast The OODAcast. Bob has been an advisor to dozens of successful high tech startups and has conducted enterprise cybersecurity assessments for businesses in multiple sectors of the economy. He was a career Naval Intelligence Officer and is the former CTO of the Defense Intelligence Agency. Find Bob on Defcon.Social