Internet of things (IoT) describes devices with

sensor A sensor is often defined as a device that receives and responds to a signal or stimulus. The stimulus is the quantity, property, or condition that is sensed and converted into electrical signal. In the broadest definition, a sensor is a devi ...

s, processing ability,

software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...

and other

technologies Technology is the application of Conceptual model, conceptual knowledge to achieve practical goals, especially in a reproducible way. The word ''technology'' can also mean the products resulting from such efforts, including both tangible too ...

that connect and exchange data with other devices and systems over the

Internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

or other communication networks. The IoT encompasses

electronics Electronics is a scientific and engineering discipline that studies and applies the principles of physics to design, create, and operate devices that manipulate electrons and other Electric charge, electrically charged particles. It is a subfield ...

communication Communication is commonly defined as the transmission of information. Its precise definition is disputed and there are disagreements about whether Intention, unintentional or failed transmissions are included and whether communication not onl ...

, and

computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...

engineering. "Internet of things" has been considered a

misnomer A misnomer is a name that is incorrectly or unsuitably applied. Misnomers often arise because something was named long before its correct nature was known, or because an earlier form of something has been replaced by a later form to which the nam ...

because devices do not need to be connected to the public

internet The Internet (or internet) is the Global network, global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a internetworking, network of networks ...

; they only need to be connected to a network and be individually addressable. The field has evolved due to the convergence of multiple

, including

ubiquitous computing Ubiquitous computing (or "ubicomp") is a concept in software engineering, hardware engineering and computer science where computing is made to appear seamlessly anytime and everywhere. In contrast to desktop computing, ubiquitous computing imp ...

commodity In economics, a commodity is an economic goods, good, usually a resource, that specifically has full or substantial fungibility: that is, the Market (economics), market treats instances of the good as equivalent or nearly so with no regard to w ...

sensors A sensor is often defined as a device that receives and responds to a signal or stimulus. The stimulus is the quantity, property, or condition that is sensed and converted into electrical signal. In the broadest definition, a sensor is a devi ...

, and increasingly powerful

embedded system An embedded system is a specialized computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is e ...

s, as well as

machine learning Machine learning (ML) is a field of study in artificial intelligence concerned with the development and study of Computational statistics, statistical algorithms that can learn from data and generalise to unseen data, and thus perform Task ( ...

.Hu, J.; Niu, H.; Carrasco, J.; Lennox, B.; Arvin, F.,
Fault-tolerant cooperative navigation of networked UAV swarms for forest fire monitoring
Aerospace Science and Technology, 2022. . Older fields of

wireless sensor network Wireless sensor networks (WSNs) refer to networks of spatially dispersed and dedicated sensors that monitor and record the physical conditions of the environment and forward the collected data to a central location. WSNs can measure environmental ...

s, control systems,

automation Automation describes a wide range of technologies that reduce human intervention in processes, mainly by predetermining decision criteria, subprocess relationships, and related actions, as well as embodying those predeterminations in machine ...

(including

home A home, or domicile, is a space used as a permanent or semi-permanent residence for one or more human occupants, and sometimes various companion animals. Homes provide sheltered spaces, for instance rooms, where domestic activity can be p ...

and

building automation Building automation (BAS), also known as building management system (BMS) or building energy management system (BEMS), is the automatic centralized control of a building's HVAC, HVAC (heating, ventilation and air conditioning), electrical, light ...

), independently and collectively enable the Internet of things.Hu, J.; Lennox, B.; Arvin, F.,
Robust formation control for networked robotic systems using Negative Imaginary dynamics
Automatica, 2022. . In the consumer market, IoT technology is most

synonymous A synonym is a word, morpheme, or phrase that means precisely or nearly the same as another word, morpheme, or phrase in a given language. For example, in the English language, the words ''begin'', ''start'', ''commence'', and ''initiate'' are a ...

with "

smart home ''SMart'' was a British CBBC television programme based on art, which began in 1994 and ended in 2009. The programme was recorded at BBC Television Centre in London. Previously it had been recorded in Studio A at Pebble Mill Studios in Birming ...

" products, including devices and appliances ( lighting fixtures,

thermostats A thermostat is a regulating device component which senses the temperature of a physical system and performs actions so that the system's temperature is maintained near a desired setpoint. Thermostats are used in any device or system tha ...

, home

security systems A security alarm is a system designed to detect intrusions, such as unauthorized entry, into a building or other areas, such as a home or school. Security alarms protect against burglary ( theft) or property damage, as well as against intruders ...

camera A camera is an instrument used to capture and store images and videos, either digitally via an electronic image sensor, or chemically via a light-sensitive material such as photographic film. As a pivotal technology in the fields of photograp ...

s, and other home appliances) that support one or more common ecosystems and can be controlled via devices associated with that ecosystem, such as

smartphone A smartphone is a mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multi ...

s and

smart speaker A smart speaker is a type of loudspeaker and voice command device with an integrated virtual assistant (artificial intelligence), virtual assistant that offers interactive actions and Hands-free computing, hands-free activation with the help of o ...

s. IoT is also used in

healthcare system A health system, health care system or healthcare system is an organization of people, institutions, and resources that delivers health care services to meet the health needs of target populations. There is a wide variety of health systems aroun ...

s. There are a number of concerns about the risks in the growth of IoT technologies and products, especially in the areas of

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

and

security Security is protection from, or resilience against, potential harm (or other unwanted coercion). Beneficiaries (technically referents) of security may be persons and social groups, objects and institutions, ecosystems, or any other entity or ...

, and consequently there have been industry and government moves to address these concerns, including the development of international and local standards, guidelines, and regulatory frameworks. Because of their interconnected nature, IoT devices are vulnerable to security breaches and privacy concerns. At the same time, the way these devices communicate wirelessly creates regulatory ambiguities, complicating jurisdictional boundaries of the data transfer.

Background

Around 1972, for its remote site use,

Stanford Artificial Intelligence Laboratory Stanford University has many centers and institutes dedicated to the study of various specific topics. These centers and institutes may be within a department, within a school but across departments, an independent laboratory, institute or center ...

developed a computer-controlled vending machine, adapted from a machine rented from Canteen Vending, which sold for cash or, though a computer terminal ( Teletype Model 33 KSR), on credit. Products included beer, yogurt, and milk.Pony vending in use
/ref> It was called the ''Prancing Pony'', after the name of the room, named after an inn in Tolkien's

Lord of the Rings ''The Lord of the Rings'' is an epic high fantasy novel written by English author and scholar J. R. R. Tolkien. Set in Middle-earth, the story began as a sequel to Tolkien's 1937 children's book ''The Hobbit'' but eventually developed into ...

, as each room at

was named after a place in

Middle Earth Middle or The Middle may refer to: * Centre (geometry), the point equally distant from the outer limits. Places * Middle (sheading), a subdivision of the Isle of Man * Middle Bay (disambiguation) * Middle Brook (disambiguation) * Middle Creek ...

. A successor version still operates in the Computer Science Department at

Stanford Leland Stanford Junior University, commonly referred to as Stanford University, is a private research university in Stanford, California, United States. It was founded in 1885 by railroad magnate Leland Stanford (the eighth governor of and th ...

, with updated hardware and software.

History

In 1982, an early concept of a network connected

smart device A smart device is an electronic device, generally connected to other devices or networks via different wireless protocols (such as Bluetooth, Zigbee, near-field communication, Wi-Fi, NearLink, Li-Fi, or 5G) that can operate to some extent inte ...

was built as an Internet interface for sensors installed in the

Carnegie Mellon University Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania, United States. The institution was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools. In 1912, it became the Carnegie Institu ...

''Computer Science Department''s departmental

Coca-Cola Coca-Cola, or Coke, is a cola soft drink manufactured by the Coca-Cola Company. In 2013, Coke products were sold in over 200 countries and territories worldwide, with consumers drinking more than 1.8 billion company beverage servings ...

vending machine A vending machine is an automated machine that dispenses items such as snacks, beverages, cigarettes, and lottery tickets to consumers after cash, a credit card, or other forms of payment are inserted into the machine or payment is otherwise m ...

, supplied by graduate student volunteers, provided a temperature model and an inventory status, inspired by the computer controlled vending machine in the ''Prancing Pony'' room at

. First accessible only on the CMU campus, it became the first

ARPANET The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first computer networks to implement the TCP/IP protocol suite. Both technologies became the tec ...

-connected appliance.

Mark Weiser Mark D. Weiser (July 23, 1952 – April 27, 1999) was an American computer scientist and chief technology officer (CTO) at Xerox PARC. Weiser is widely considered to be the father of ubiquitous computing, a term he coined in 1988. Within S ...

's 1991 paper on

, "The Computer of the 21st Century", as well as academic venues such as UbiComp and PerCom produced the contemporary vision of the IoT. In 1994, Reza Raji described the concept in ''

IEEE Spectrum ''IEEE Spectrum'' is a magazine edited and published by the Institute of Electrical and Electronics Engineers. The first issue of ''IEEE Spectrum'' was published in January 1964 as a successor to ''Electrical Engineering''. In 2010, ''IEEE Spe ...

'' as "

oving Oving may refer to: * Oving, Buckinghamshire * Oving, West Sussex {{geodis Internet-of-things devices additionally will benefit from the stateless address auto-configuration present in IPv6, as it reduces the configuration overhead on the hosts, and the IETF 6LoWPAN header compression. To a large extent, the future of the Internet of things will not be possible without the support of IPv6; and consequently, the global adoption of IPv6 in the coming years will be critical for the successful development of the IoT in the future.

Application layer

* ADRC defines an application layer protocol and supporting framework for implementing IoT applications.

Short-range wireless

Bluetooth mesh networking Bluetooth Mesh is a computer mesh networking standard based on Bluetooth Low Energy that allows for many-to-many communication over Bluetooth radio. The Bluetooth Mesh specifications were defined in the Mesh Profile and Mesh Model specification ...

– Specification providing a mesh networking variant to

Bluetooth Low Energy Bluetooth Low Energy (Bluetooth LE, colloquially BLE, formerly marketed as Bluetooth Smart) is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group (Bluetooth SIG) aimed at novel applications ...

(BLE) with an increased number of nodes and standardized application layer (Models). *

Li-Fi Li-Fi (commonly referred to as LiFi) is a wireless communication technology which utilizes light to transmit data and position between devices. The term was first introduced by Harald Haas during a 2011 TEDGlobal talk in Edinburgh. Li-Fi is a ...

(

light Light, visible light, or visible radiation is electromagnetic radiation that can be visual perception, perceived by the human eye. Visible light spans the visible spectrum and is usually defined as having wavelengths in the range of 400– ...

fidelity) – Wireless communication technology similar to the Wi-Fi standard, but using visible-light communication for increased bandwidth. *

Near-field communication Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of or less. NFC offers a low-speed connection through a simple setup that can be used for the boots ...

(NFC) – Communication protocols enabling two electronic devices to communicate within a 4 cm range. *

Radio-frequency identification Radio-frequency identification (RFID) uses electromagnetic fields to automatically Automatic identification system, identify and Tracking system, track tags attached to objects. An RFID system consists of a tiny radio transponder called a tag, ...

(RFID) – Technology using electromagnetic fields to read data stored in tags embedded in other items. *

Wi-Fi Wi-Fi () is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for Wireless LAN, local area networking of devices and Internet access, allowing nearby digital devices to exchange data by ...

– Technology for

local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, campus, or building, and has its network equipment and interconnects locally managed. LANs facilitate the distribution of da ...

ing–based on the

IEEE 802.11 IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of medium access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer com ...

standard, where devices may communicate through a shared access point or directly between individual devices. *

Zigbee Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and oth ...

– Communication protocols for

personal area network A personal area network (PAN) is a computer network for interconnecting electronic devices within an individual person's workspace. A PAN provides data transmission among devices such as computers, smartphones, tablets and personal digital assi ...

ing– based on the IEEE 802.15.4 standard, providing low power consumption, low data rate, low cost, and high throughput. *

Z-Wave Z-Wave is a wireless communications protocol used primarily for residential and commercial building automation. It is a mesh network using low-energy radio waves to communicate from device to device, allowing for wireless control of smart home d ...

–

Wireless Wireless communication (or just wireless, when the context allows) is the transfer of information (''telecommunication'') between two or more points without the use of an electrical conductor, optical fiber or other continuous guided transm ...

communications protocol used primarily for

home automation Home automation or domotics is building automation for a home. A home automation system will monitor and/or control home attributes such as lighting, climate, entertainment systems, and appliances. It may also include home security such ...

and security applications

Medium-range wireless

* LTE-Advanced – High-speed communication specification for mobile networks. Provides enhancements to the

LTE LTE may refer to: Science and technology * LTE (telecommunication) (Long-Term Evolution), a mobile telephony standard ** LTE Advanced, an enhancement ** LTE Advanced Pro, a further enhancement * Compaq LTE, a line of laptop computers * Leukotrie ...

standard with extended coverage, higher throughput, and lower latency. * 5G – 5G wireless networks can be used to achieve the high communication requirements of the IoT and connect a large number of IoT devices, even when they are on the move. There are three features of 5G that are each considered to be useful for supporting particular elements of IoT: enhanced mobile broadband (eMBB), massive machine type communications (mMTC) and ultra-reliable low latency communications (URLLC). *

LoRa LoRa (from "long range", sometimes abbreviated as "LR") is a physical proprietary radio communication technique. It is based on spread spectrum modulation techniques derived from chirp spread spectrum (CSS) technology. It was developed by Cycleo ...

: Range up to in urban areas, and up to or more in rural areas (line of sight). *

DASH7 DASH7 Alliance Protocol (D7A) is an open-source wireless sensor and actuator network protocol, which operates in the 433 MHz, 868 MHz and 915 MHz unlicensed ISM/SRD band. DASH7 provides multi-year battery life, range of up to 2&n ...

: Range of up to 2 km.

Long-range wireless

* Low-power wide-area networking (LPWAN) – Wireless networks designed to allow long-range communication at a low data rate, reducing power and cost for transmission. Available LPWAN technologies and protocols:

LoRaWan LoRa (from "long range", sometimes abbreviated as "LR") is a physical proprietary radio communication technique. It is based on spread spectrum modulation techniques derived from chirp spread spectrum (CSS) technology. It was developed by Cycleo ...

Sigfox Sigfox 0G technology is a global Low-Power Wide-Area (LPWA) networking protocol founded in 2010 and adopted by 70+ Sigfox 0G Network Operators globally. This wireless network was designed to connect low-power objects such as electricity meters s ...

NB-IoT Narrowband Internet of things (NB-IoT) is a low-power wide-area network (LPWAN) radio technology standard developed by 3GPP for cellular network devices and services. The specification was frozen in 3GPP Release 13 ( LTE Advanced Pro), in June 2 ...

, Weightless, RPMA,

MIoTy mioty is a low-power wide-area network (LPWAN) protocol. It uses telegram splitting, a standardized LPWAN technology in the license-free spectrum. This technology splits a data telegram into multiple sub packets and sends them after applying erro ...

, IEEE 802.11ah *

Very-small-aperture terminal A very-small-aperture terminal (VSAT) is a two-way satellite ground station with a dish antenna that is smaller than 3.8 meters. The majority of VSAT antennas range from 75 cm to 1.2 m. Bit rates, in most cases, range from 4 kbit/s to ...

(VSAT) –

Satellite A satellite or an artificial satellite is an object, typically a spacecraft, placed into orbit around a celestial body. They have a variety of uses, including communication relay, weather forecasting, navigation ( GPS), broadcasting, scient ...

communication technology using small dish antennas for

narrowband Narrowband signals are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth. In the audio spectrum, ''narrowband sounds'' are sounds that occupy a narrow range of frequencies. In telephony, narrowband is ...

and

broadband In telecommunications, broadband or high speed is the wide-bandwidth (signal processing), bandwidth data transmission that exploits signals at a wide spread of frequencies or several different simultaneous frequencies, and is used in fast Inter ...

data.

Wired

Ethernet Ethernet ( ) is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in 198 ...

– General purpose networking standard using

twisted pair Twisted pair cabling is a type of communications cable in which two conductors of a single circuit are twisted together for the purposes of improving electromagnetic compatibility. Compared to a single conductor or an untwisted balanced ...

and

fiber optic An optical fiber, or optical fibre, is a flexible glass or plastic fiber that can transmit light from one end to the other. Such fibers find wide usage in fiber-optic communications, where they permit transmission over longer distances and at ...

links in conjunction with hubs or

switches In electrical engineering, a switch is an electrical component that can disconnect or connect the conducting path in an electrical circuit, interrupting the electric current or diverting it from one conductor to another. The most common type o ...

. *

Power-line communication Power-line communication (PLC) is the carrying of data on a conductor (the ''power-line carrier'') that is also used simultaneously for AC electric power transmission or electric power distribution to consumers. A wide range of power-line comm ...

(PLC) – Communication technology using electrical wiring to carry power and data. Specifications such as

HomePlug HomePlug is the family name for various power line communications specifications under the HomePlug designation, each with unique capabilities and compatibility with other HomePlug specifications. Some HomePlug specifications target broadband ap ...

G.hn Gigabit Home Networking (G.hn) is a specification for wired home networking that supports speeds up to 2 Gbit/s and operates over four types of legacy wires: telephone wiring, Coaxial cable, coaxial cables, Power line, power lines and pla ...

utilize PLC for networking IoT devices.

Comparison of technologies by layer

Different technologies have different roles in a

protocol stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoc ...

. Below is a simplifiedThe actual standards may use different terminology and/or define different layer borders than those presented here. presentation of the roles of several popular communication technologies in IoT applications:

Standards and standards organizations

This is a list of

technical standard A technical standard is an established Social norm, norm or requirement for a repeatable technical task which is applied to a common and repeated use of rules, conditions, guidelines or characteristics for products or related processes and producti ...

s for the IoT, most of which are

open standard An open standard is a standard that is openly accessible and usable by anyone. It is also a common prerequisite that open standards use an open license that provides for extensibility. Typically, anybody can participate in their development due to ...

s, and the

standards organization A standards organization, standards body, standards developing organization (SDO), or standards setting organization (SSO) is an organization whose primary function is developing, coordinating, promulgating, revising, amending, reissuing, interpr ...

s that aspire to successfully setting them.

Politics and civic engagement

Some scholars and activists argue that the IoT can be used to create new models of

civic engagement Civic engagement or civic participation is any individual or group activity addressing issues of public concern. Civic engagement includes communities working together or individuals working alone in both political and non-political actions to ...

if device networks can be open to user control and inter-operable platforms. Philip N. Howard, a professor and author, writes that political life in both democracies and authoritarian regimes will be shaped by the way the IoT will be used for civic engagement. For that to happen, he argues that any connected device should be able to divulge a list of the "ultimate beneficiaries" of its sensor data and that individual citizens should be able to add new organisations to the beneficiary list. In addition, he argues that civil society groups need to start developing their IoT strategy for making use of data and engaging with the public.

Government regulation

One of the key drivers of the IoT is data. The success of the idea of connecting devices to make them more efficient is dependent upon access to and storage & processing of data. For this purpose, companies working on the IoT collect data from multiple sources and store it in their cloud network for further processing. This leaves the door wide open for privacy and security dangers and single point vulnerability of multiple systems. The other issues pertain to consumer choice and ownership of data and how it is used. Though still in their infancy, regulations and governance regarding these issues of privacy, security, and data ownership continue to develop. IoT regulation depends on the country. Some examples of legislation that is relevant to privacy and data collection are: the US Privacy Act of 1974, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of 1980, and the EU Directive 95/46/EC of 1995. Current regulatory environment: A report published by the

Federal Trade Commission The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) United States antitrust law, antitrust law and the promotion of consumer protection. It ...

(FTC) in January 2015 made the following three recommendations: *

Data security Data security or data protection means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach. Technologies Disk encryption ...

– At the time of designing IoT companies should ensure that data collection, storage and processing would be secure at all times. Companies should adopt a "defense in depth" approach and encrypt data at each stage. * Data consent – users should have a choice as to what data they share with IoT companies and the users must be informed if their data gets exposed. *

Data minimisation Data minimization is the principle of collecting, processing and storing only the necessary amount of personal information required for a specific purpose. The principle emanates from the realisation that processing unnecessary data is creating unn ...

– IoT companies should collect only the data they need and retain the collected information only for a limited time. However, the FTC stopped at just making recommendations for now. According to an FTC analysis, the existing framework, consisting of the

FTC Act The Federal Trade Commission Act of 1914 is a United States federal law which established the Federal Trade Commission. The Act was signed into law by US President Woodrow Wilson in 1914 and outlaws unfair methods of competition and unfair acts ...

, the

Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 ''et seq.'', is federal legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It was intended ...

, and the

Children's Online Privacy Protection Act The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law The law of the United States comprises many levels of Codification (law), codified and uncodified forms of law, of which the supreme law is ...

, along with developing consumer education and business guidance, participation in multi-stakeholder efforts and advocacy to other agencies at the federal, state and local level, is sufficient to protect consumer rights. A resolution passed by the Senate in March 2015, is already being considered by the Congress. This resolution recognized the need for formulating a National Policy on IoT and the matter of privacy, security and spectrum. Furthermore, to provide an impetus to the IoT ecosystem, in March 2016, a bipartisan group of four Senators proposed a bill, The Developing Innovation and Growing the Internet of Things (DIGIT) Act, to direct the

Federal Communications Commission The Federal Communications Commission (FCC) is an independent agency of the United States government that regulates communications by radio, television, wire, internet, wi-fi, satellite, and cable across the United States. The FCC maintains j ...

to assess the need for more spectrum to connect IoT devices. Approved on 28 September 2018, California Senate Bill No. 327 goes into effect on 1 January 2020. The bill requires "''a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure,''" Several standards for the IoT industry are actually being established relating to automobiles because most concerns arising from use of connected cars apply to healthcare devices as well. In fact, the

National Highway Traffic Safety Administration The National Highway Traffic Safety Administration (NHTSA ) is an agency of the U.S. federal government, part of the Department of Transportation, focused on automobile safety regulations. NHTSA is charged with writing and enforcing Feder ...

(NHTSA) is preparing cybersecurity guidelines and a database of best practices to make automotive computer systems more secure. A recent report from the World Bank examines the challenges and opportunities in government adoption of IoT. These include – * Still early days for the IoT in government * Underdeveloped policy and regulatory frameworks * Unclear business models, despite strong value proposition * Clear institutional and capacity gap in government AND the private sector * Inconsistent

data valuation Data valuation is a discipline in the fields of accounting and information economics. It is concerned with methods to calculate the value of data collected, stored, analyzed and traded by organizations. This valuation depends on the type, reliab ...

and management * Infrastructure a major barrier * Government as an enabler * Most successful pilots share common characteristics (public-private partnership, local, leadership) In early December 2021, the U.K. government introduced the Product Security and Telecommunications Infrastructure bill (PST), an effort to legislate IoT distributors, manufacturers, and importers to meet certain

cybersecurity standards Information security standards (also cyber security standards) are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devi ...

. The bill also seeks to improve the security credentials of consumer IoT devices.

Criticism, problems and controversies

Platform fragmentation

The IoT suffers from platform fragmentation, lack of interoperability and common

s a situation where the variety of IoT devices, in terms of both hardware variations and differences in the software running on them, makes the task of developing applications that work consistently between different inconsistent technology

ecosystem An ecosystem (or ecological system) is a system formed by Organism, organisms in interaction with their Biophysical environment, environment. The Biotic material, biotic and abiotic components are linked together through nutrient cycles and en ...

s hard. For example, wireless connectivity for IoT devices can be done using

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is li ...

, Wi-Fi HaLow,

, Cat M1 as well as completely custom proprietary radios – each with its own advantages and disadvantages; and unique support ecosystem. The IoT's amorphous computing nature is also a problem for security, since patches to bugs found in the core operating system often do not reach users of older and lower-price devices. One set of researchers says that the failure of vendors to support older devices with patches and updates leaves more than 87% of active Android devices vulnerable.

Privacy, autonomy, and control

Philip N. Howard, a professor and author, writes that the Internet of things offers immense potential for empowering citizens, making government transparent, and broadening

information access Information access is the freedom or ability to identify, obtain and make use of database or information effectively. There are various research efforts in information access for which the objective is to simplify and make it more effective fo ...

. Howard cautions, however, that privacy threats are enormous, as is the potential for social control and political manipulation. Concerns about privacy have led many to consider the possibility that

big data Big data primarily refers to data sets that are too large or complex to be dealt with by traditional data processing, data-processing application software, software. Data with many entries (rows) offer greater statistical power, while data with ...

infrastructures such as the Internet of things and

data mining Data mining is the process of extracting and finding patterns in massive data sets involving methods at the intersection of machine learning, statistics, and database systems. Data mining is an interdisciplinary subfield of computer science and ...

are inherently incompatible with privacy. Key challenges of increased digitalization in the water, transport or energy sector are related to privacy and

cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...

which necessitate an adequate response from research and policymakers alike. Writer Adam Greenfield claims that IoT technologies are not only an invasion of public space but are also being used to perpetuate normative behavior, citing an instance of billboards with hidden cameras that tracked the demographics of passersby who stopped to read the advertisement. The Internet of Things Council compared the increased prevalence of

digital surveillance Digital usually refers to something using discrete digits, often binary digits. Businesses *Digital bank, a form of financial institution *Digital Equipment Corporation (DEC) or Digital, a computer company *Digital Research (DR or DRI), a software ...

due to the Internet of things to the concept of the

panopticon The panopticon is a design of institutional building with an inbuilt system of control, originated by the English philosopher and social theorist Jeremy Bentham in the 18th century. The concept is to allow all prisoners of an institution to be ...

described by

Jeremy Bentham Jeremy Bentham (; 4 February Dual dating, 1747/8 Old Style and New Style dates, O.S.

5 February 1748 Old Style and New Style dates, N.S. 5 (five) is a number, numeral and digit. It is the natural number, and cardinal number, following 4 and preceding 6, and is a prime number. Humans, and many other animals, have 5 digits on their limbs. Mathematics 5 is a Fermat pri ...

– 6 June 1832) was an English philosopher, jurist, and social reformer regarded as the founder of mo ...

in the 18th century. The assertion is supported by the works of French philosophers

Michel Foucault Paul-Michel Foucault ( , ; ; 15 October 192625 June 1984) was a French History of ideas, historian of ideas and Philosophy, philosopher who was also an author, Literary criticism, literary critic, Activism, political activist, and teacher. Fo ...

and

Gilles Deleuze Gilles Louis René Deleuze (18 January 1925 – 4 November 1995) was a French philosopher who, from the early 1950s until his death in 1995, wrote on philosophy, literature, film, and fine art. His most popular works were the two volumes o ...

. In ''Discipline and Punish: The Birth of the Prison'', Foucault asserts that the panopticon was a central element of the discipline society developed during the

Industrial Era The Industrial Revolution, sometimes divided into the First Industrial Revolution and Second Industrial Revolution, was a transitional period of the global economy toward more widespread, efficient and stable manufacturing processes, succee ...

. Foucault also argued that the discipline systems established in factories and school reflected Bentham's vision of

panopticism The panopticon is a design of institutional building with an inbuilt system of control, originated by the English philosopher and social theorist Jeremy Bentham in the 18th century. The concept is to allow all prisoners of an institution to be ...

. In his 1992 paper "Postscripts on the Societies of Control", Deleuze wrote that the discipline society had transitioned into a control society, with the

computer A computer is a machine that can be Computer programming, programmed to automatically Execution (computing), carry out sequences of arithmetic or logical operations (''computation''). Modern digital electronic computers can perform generic set ...

replacing the

as an instrument of discipline and control while still maintaining the qualities similar to that of panopticism. Peter-Paul Verbeek, a professor of philosophy of technology at the

University of Twente The University of Twente ( ; Abbreviation, abbr. ) is a Public university, public technical university located in Enschede, Netherlands. The university has been placed in the top 170 universities in the world by multiple central ranking tables. ...

, Netherlands, writes that technology already influences our moral decision making, which in turn affects human agency, privacy and autonomy. He cautions against viewing technology merely as a human tool and advocates instead to consider it as an active agent. Justin Brookman, of the

Center for Democracy and Technology Center for Democracy & Technology (CDT) is a Washington, D.C.–based 501(c)(3) nonprofit organization that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the Internet for ...

, expressed concern regarding the impact of the IoT on

consumer privacy Consumer privacy is information privacy as it relates to the consumers of products and services. A variety of social, legal and political issues arise from the interaction of the public's potential expectation of privacy and the collection and d ...

, saying that "There are some people in the commercial space who say, 'Oh, big data – well, let's collect everything, keep it around forever, we'll pay for somebody to think about security later.' The question is whether we want to have some sort of policy framework in place to limit that."

Tim O'Reilly Timothy O'Reilly (born 6 June 1954) is an Irish-American author and publisher, who is the founder of O'Reilly Media (formerly O'Reilly & Associates). He popularised the terms open source and Web 2.0. Education and early life Born in County Co ...

believes that the way companies sell the IoT devices on consumers are misplaced, disputing the notion that the IoT is about gaining efficiency from putting all kinds of devices online and postulating that the "IoT is really about human augmentation. The applications are profoundly different when you have sensors and data driving the decision-making." Editorials at

WIRED Wired may refer to: Arts, entertainment, and media Music * ''Wired'' (Jeff Beck album), 1976 * ''Wired'' (Hugh Cornwell album), 1993 * ''Wired'' (Mallory Knox album), 2017 * "Wired", a song by Prism from their album '' Beat Street'' * "Wired ...

have also expressed concern, one stating "What you're about to lose is your privacy. Actually, it's worse than that. You aren't just going to lose your privacy, you're going to have to watch the very concept of privacy be rewritten under your nose." The

American Civil Liberties Union The American Civil Liberties Union (ACLU) is an American nonprofit civil rights organization founded in 1920. ACLU affiliates are active in all 50 states, Washington, D.C., and Puerto Rico. The budget of the ACLU in 2024 was $383 million. T ...

(ACLU) expressed concern regarding the ability of IoT to erode people's control over their own lives. The ACLU wrote that "There's simply no way to forecast how these immense powers – disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control – will be used. Chances are big data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us." In response to rising concerns about privacy and smart technology, in 2007 the

British Government His Majesty's Government, abbreviated to HM Government or otherwise UK Government, is the central government, central executive authority of the United Kingdom of Great Britain and Northern Ireland.

stated it would follow formal Privacy by Design principles when implementing their smart metering program. The program would lead to replacement of traditional power meters with smart power meters, which could track and manage energy usage more accurately. However the

British Computer Society image:Maurice Vincent Wilkes 1980 (3).jpg, Sir Maurice Wilkes served as the first President of BCS in 1957. The British Computer Society (BCS), branded BCS, The Chartered Institute for IT, since 2009, is a professional body and a learned ...

is doubtful these principles were ever actually implemented. In 2009 the

Dutch Parliament The States General of the Netherlands ( ) is the supreme bicameral legislature of the Netherlands consisting of the Senate () and the House of Representatives (). Both chambers meet at the Binnenhof in The Hague. The States General originated in ...

rejected a similar smart metering program, basing their decision on privacy concerns. The Dutch program later revised and passed in 2011.

Data storage

A challenge for producers of IoT applications is to clean, process and interpret the vast amount of data which is gathered by the sensors. There is a solution proposed for the analytics of the information referred to as Wireless Sensor Networks. These networks share data among sensor nodes that are sent to a distributed system for the analytics of the sensory data. Another challenge is the storage of this bulk data. Depending on the application, there could be high data acquisition requirements, which in turn lead to high storage requirements. In 2013, the Internet was estimated to be responsible for consuming 5% of the total energy produced, and a "daunting challenge to power" IoT devices to collect and even store data still remains. Data silos, although a common challenge of legacy systems, still commonly occur with the implementation of IoT devices, particularly within manufacturing. As there are a lot of benefits to be gained from IoT and IIoT devices, the means in which the data is stored can present serious challenges without the principles of autonomy, transparency, and interoperability being considered. The challenges do not occur by the device itself, but the means in which databases and data warehouses are set-up. These challenges were commonly identified in manufactures and enterprises which have begun upon digital transformation, and are part of the digital foundation, indicating that in order to receive the optimal benefits from IoT devices and for decision making, enterprises will have to first re-align their data storing methods. These challenges were identified by Keller (2021) when investigating the IT and application landscape of I4.0 implementation within German M&E manufactures.

Security

Security is the biggest concern in adopting Internet of things technology, with concerns that rapid development is happening without appropriate consideration of the profound security challenges involved and the regulatory changes that might be necessary. The rapid development of the Internet of Things (IoT) has allowed billions of devices to connect to the network. Due to too many connected devices and the limitation of communication security technology, various security issues gradually appear in the IoT. Most of the technical security concerns are similar to those of conventional servers, workstations and smartphones. These concerns include using weak authentication, forgetting to change default credentials, unencrypted messages sent between devices,

SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injec ...

man-in-the-middle attack In cryptography and computer security, a man-in-the-middle (MITM) attack, or on-path attack, is a cyberattack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communi ...

s, and poor handling of security updates. However, many IoT devices have severe operational limitations on the computational power available to them. These constraints often make them unable to directly use basic security measures such as implementing firewalls or using strong cryptosystems to encrypt their communications with other devices - and the low price and consumer focus of many devices makes a robust security patching system uncommon. Rather than conventional security vulnerabilities, fault injection attacks are on the rise and targeting IoT devices. A fault injection attack is a physical attack on a device to purposefully introduce faults in the system to change the intended behavior. Faults might happen unintentionally by environmental noises and electromagnetic fields. There are ideas stemmed from control-flow integrity (CFI) to prevent fault injection attacks and system recovery to a healthy state before the fault. Internet of things devices also have access to new areas of data, and can often control physical devices, so that even by 2014 it was possible to say that many Internet-connected appliances could already "spy on people in their own homes" including televisions, kitchen appliances, cameras, and thermostats. Computer-controlled devices in automobiles such as brakes, engine, locks, hood and trunk releases, horn, heat, and dashboard have been shown to be vulnerable to attackers who have access to the on-board network. In some cases, vehicle computer systems are Internet-connected, allowing them to be exploited remotely. By 2008 security researchers had shown the ability to remotely control pacemakers without authority. Later hackers demonstrated remote control of insulin pumps and implantable cardioverter defibrillators. Poorly secured Internet-accessible IoT devices can also be subverted to attack others. In 2016, a

distributed denial of service attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

Mirai Botnet Mirai (from the Japanese word for "future", 未来) is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer dev ...

had infected roughly 65,000 IoT devices within the first 20 hours. Eventually the infections increased to around 200,000 to 300,000 infections. Brazil, Colombia and Vietnam made up of 41.5% of the infections. The Mirai Botnet had singled out specific IoT devices that consisted of DVRs, IP cameras, routers and printers. Top vendors that contained the most infected devices were identified as Dahua, Huawei, ZTE, Cisco, ZyXEL and MikroTik. In May 2017, Junade Ali, a computer scientist at

Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...

noted that native DDoS vulnerabilities exist in IoT devices due to a poor implementation of the

Publish–subscribe pattern In software architecture, the publish–subscribe pattern (pub/sub) is a messaging pattern in which message senders, called publishers, categorize messages into classes (or ''topics''), and send them without needing to know which components ...

. These sorts of attacks have caused security experts to view IoT as a real threat to Internet services. The U.S.

National Intelligence Council The National Intelligence Council (NIC), established in 1979 and reporting to the Director of National Intelligence, bridges the United States Intelligence Community (IC) with policy makers in the United States. The NIC produces the "Global Trend ...

in an unclassified report maintains that it would be hard to deny "access to networks of sensors and remotely-controlled objects by enemies of the United States, criminals, and mischief makers... An open market for aggregated sensor data could serve the interests of commerce and security no less than it helps criminals and spies identify vulnerable targets. Thus, massively parallel

sensor fusion Sensor fusion is a process of combining sensor data or data derived from disparate sources so that the resulting information has less uncertainty than would be possible if these sources were used individually. For instance, one could potentially o ...

may undermine social cohesion, if it proves to be fundamentally incompatible with Fourth-Amendment guarantees against unreasonable search." In general, the intelligence community views the Internet of things as a rich source of data. On 31 January 2019, ''The Washington Post'' wrote an article regarding the security and ethical challenges that can occur with IoT doorbells and cameras: "Last month, Ring got caught allowing its team in Ukraine to view and annotate certain user videos; the company says it only looks at publicly shared videos and those from Ring owners who provide consent. Just last week, a California family's Nest camera let a hacker take over and broadcast fake audio warnings about a missile attack, not to mention peer in on them, when they used a weak password." There have been a range of responses to concerns over security. The Internet of Things Security Foundation (IoTSF) was launched on 23 September 2015 with a mission to secure the Internet of things by promoting knowledge and best practice. Its founding board is made from technology providers and telecommunications companies. In addition, large IT companies are continually developing innovative solutions to ensure the security of IoT devices. In 2017, Mozilla launched

Project Things is a free software community founded in 1998 by members of Netscape. The Mozilla community uses, develops, publishes and supports Mozilla products, thereby promoting free software and open standards. The community is supported institutionally by ...

, which allows to route IoT devices through a safe Web of Things gateway. As per the estimates from KBV Research, the overall IoT security market would grow at 27.9% rate during 2016–2022 as a result of growing infrastructural concerns and diversified usage of Internet of things. Governmental regulation is argued by some to be necessary to secure IoT devices and the wider Internet – as market incentives to secure IoT devices is insufficient. It was found that due to the nature of most of the IoT development boards, they generate predictable and weak keys which make it easy to be utilized by

. However, various hardening approaches were proposed by many researchers to resolve the issue of SSH weak implementation and weak keys. IoT security within the field of manufacturing presents different challenges, and varying perspectives. Within the EU and Germany, data protection is constantly referenced throughout manufacturing and digital policy particularly that of I4.0. However, the attitude towards data security differs from the enterprise perspective whereas there is an emphasis on less data protection in the form of GDPR as the data being collected from IoT devices in the manufacturing sector does not display personal details. Yet, research has indicated that manufacturing experts are concerned about "data security for protecting machine technology from international competitors with the ever-greater push for interconnectivity".

Safety

IoT systems are typically controlled by event-driven smart apps that take as input either sensed data, user inputs, or other external triggers (from the Internet) and command one or more actuators towards providing different forms of automation. Examples of sensors include smoke detectors, motion sensors, and contact sensors. Examples of actuators include smart locks, smart power outlets, and door controls. Popular control platforms on which third-party developers can build smart apps that interact wirelessly with these sensors and actuators include Samsung's SmartThings, Apple's HomeKit, and Amazon's Alexa, among others. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states, e.g., "unlock the entrance door when no one is at home" or "turn off the heater when the temperature is below 0 degrees Celsius and people are sleeping at night". Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. Recently, researchers from the University of California Riverside have proposed IotSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states. They have evaluated IotSan on the Samsung SmartThings platform. From 76 manually configured systems, IotSan detects 147 vulnerabilities (i.e., violations of safe physical states/properties).

Design

Given widespread recognition of the evolving nature of the design and management of the Internet of things, sustainable and secure deployment of IoT solutions must design for "anarchic scalability". Application of the concept of anarchic scalability can be extended to physical systems (i.e. controlled real-world objects), by virtue of those systems being designed to account for uncertain management futures. This hard anarchic scalability thus provides a pathway forward to fully realize the potential of Internet-of-things solutions by selectively constraining physical systems to allow for all management regimes without risking physical failure. Brown University computer scientist Michael Littman has argued that successful execution of the Internet of things requires consideration of the interface's usability as well as the technology itself. These interfaces need to be not only more user-friendly but also better integrated: "If users need to learn different interfaces for their vacuums, their locks, their sprinklers, their lights, and their coffeemakers, it's tough to say that their lives have been made any easier."

Environmental sustainability impact

A concern regarding Internet-of-things technologies pertains to the environmental impacts of the manufacture, use, and eventual disposal of all these semiconductor-rich devices. Modern electronics are replete with a wide variety of heavy metals and rare-earth metals, as well as highly toxic synthetic chemicals. This makes them extremely difficult to properly recycle. Electronic components are often incinerated or placed in regular landfills. Furthermore, the human and environmental cost of mining the rare-earth metals that are integral to modern electronic components continues to grow. This leads to societal questions concerning the environmental impacts of IoT devices over their lifetime.

Intentional obsolescence of devices

The

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an American international non-profit digital rights group based in San Francisco, California. It was founded in 1990 to promote Internet civil liberties. It provides funds for legal defense in court, ...

has raised concerns that companies can use the technologies necessary to support connected devices to intentionally disable or "

brick A brick is a type of construction material used to build walls, pavements and other elements in masonry construction. Properly, the term ''brick'' denotes a unit primarily composed of clay. But is now also used informally to denote building un ...

" their customers' devices via a remote software update or by disabling a service necessary to the operation of the device. In one example,

devices sold with the promise of a "Lifetime Subscription" were rendered useless after

Nest Labs Google Nest is a line of smart home products including smart speakers, smart displays, streaming devices, thermostats, smoke detectors, routers and security systems including smart doorbells, cameras and smart locks. The Nest brand name ...

acquired Revolv and made the decision to shut down the central servers the Revolv devices had used to operate. As Nest is a company owned by

Alphabet An alphabet is a standard set of letter (alphabet), letters written to represent particular sounds in a spoken language. Specifically, letters largely correspond to phonemes as the smallest sound segments that can distinguish one word from a ...

(

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

's parent company), the EFF argues this sets a "terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person's livelihood or physical safety." Owners should be free to point their devices to a different server or collaborate on improved software. But such action violates the United States

DMCA The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or ...

section 1201, which only has an exemption for "local use". This forces tinkerers who want to keep using their own equipment into a legal grey area. EFF thinks buyers should refuse electronics and software that prioritize the manufacturer's wishes above their own. Examples of post-sale manipulations include

Google Nest Google Nest is a line of smart home products including smart speakers, smart displays, streaming devices, thermostats, smoke detectors, routers and security systems including smart doorbells, cameras and smart locks. The Nest brand n ...

Revolv, disabled privacy settings on

Android Android most commonly refers to: *Android (robot), a humanoid robot or synthetic organism designed to imitate a human * Android (operating system), a mobile operating system primarily developed by Google * Android TV, a operating system developed ...

, Sony disabling

Linux Linux ( ) is a family of open source Unix-like operating systems based on the Linux kernel, an kernel (operating system), operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically package manager, pac ...

PlayStation 3 The PlayStation 3 (PS3) is a home video game console developed and marketed by Sony Computer Entertainment (SCE). It is the successor to the PlayStation 2, and both are part of the PlayStation brand of consoles. The PS3 was first released on ...

, and enforced

EULA An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or end-user. The practice of selling licenses to rather than copies of software predates the recognition of software copyright, which has ...

Wii U The Wii U ( ) is a home video game console developed by Nintendo as the successor to the Wii. Released in late 2012, it is the first eighth-generation video game console and competed with Microsoft's Xbox One and Sony's PlayStation 4. The W ...

Confusing terminology

Kevin Lonergan at ''Information Age'', a business technology magazine, has referred to the terms surrounding the IoT as a "terminology zoo". The lack of clear terminology is not "useful from a practical point of view" and a "source of confusion for the end user". A company operating in the IoT space could be working in anything related to sensor technology, networking, embedded systems, or analytics. According to Lonergan, the term IoT was coined before smart phones, tablets, and devices as we know them today existed, and there is a long list of terms with varying degrees of overlap and

technological convergence Technological convergence is the tendency for technologies that were originally unrelated to become more closely integrated and even unified as they develop and advance. For example, watches, telephones, television, computers, and social media ...

: Internet of things, Internet of everything (IoE), Internet of goods (supply chain), industrial Internet,

pervasive computing Ubiquitous computing (or "ubicomp") is a concept in software engineering, hardware engineering and computer science where computing is made to appear seamlessly anytime and everywhere. In contrast to desktop computing, ubiquitous computing impli ...

, pervasive sensing,

, cyber-physical systems (CPS),

s (WSN), smart objects,

digital twin A digital twin is a digital model of an intended or actual real-world physical product, system, or process (a ''physical twin'') that serves as a digital counterpart of it for purposes such as simulation, integration, testing, monitoring, and m ...

, cyberobjects or avatars, cooperating objects,

machine to machine Machine to machine (M2M) is direct communication between devices using any communications channel, including wired communication, wired and wireless. Machine to machine communication can include industrial instrumentation, enabling a sensor or met ...

(M2M), ambient intelligence (AmI), Operational technology (OT), and

information technology Information technology (IT) is a set of related fields within information and communications technology (ICT), that encompass computer systems, software, programming languages, data processing, data and information processing, and storage. Inf ...

(IT). Regarding IIoT, an industrial sub-field of IoT, the

Industrial Internet Consortium The Industry IoT Consortium (IIC) (previously the Industrial Internet Consortium) is an open-member organization and a program of the Object Management Group (OMG). Founded by AT&T, Cisco, General Electric, IBM, and Intel in March 2014, with th ...

's Vocabulary Task Group has created a "common and reusable vocabulary of terms" to ensure "consistent terminology" across publications issued by the Industrial Internet Consortium. IoT One has created an IoT Terms Database including a New Term Alert to be notified when a new term is published. , this database aggregates 807 IoT-related terms, while keeping material "transparent and comprehensive".

Adoption barriers

Lack of interoperability and unclear value propositions

Despite a shared belief in the potential of the IoT, industry leaders and consumers are facing barriers to adopt IoT technology more widely. Mike Farley argued in

Forbes ''Forbes'' () is an American business magazine founded by B. C. Forbes in 1917. It has been owned by the Hong Kong–based investment group Integrated Whale Media Investments since 2014. Its chairman and editor-in-chief is Steve Forbes. The co ...

that while IoT solutions appeal to

early adopters An early adopter or lighthouse customer is an early customer of a given company, product, or technology. The term originates from Everett M. Rogers' ''Diffusion of Innovations'' (1962). History Typically, early adopters are customers who, in a ...

, they either lack interoperability or a clear use case for end-users. A study by Ericsson regarding the adoption of IoT among Danish companies suggests that many struggle "to pinpoint exactly where the value of IoT lies for them".

Privacy and security concerns

As for IoT, especially in regards to consumer IoT, information about a user's daily routine is collected so that the "things" around the user can cooperate to provide better services that fulfill personal preference. When the collected information which describes a user in detail travels through multiple hops in a network, due to a diverse integration of services, devices and network, the information stored on a device is vulnerable to

privacy violation The right to privacy is an element of various legal traditions that intends to restrain governmental and private actions that threaten the privacy of individuals. Over 185 national constitutions mention the right to privacy. Since the global ...

by compromising nodes existing in an IoT network. For example, on 21 October 2016, a multiple

distributed denial of service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

(DDoS) attacks systems operated by

domain name system The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...

provider Dyn, which caused the inaccessibility of several websites, such as

GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...

Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...

, and others. This attack is executed through a

botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...

consisting of a large number of IoT devices including IP cameras, gateways, and even baby monitors. Fundamentally there are 4 security objectives that the IoT system requires: (1) data

confidentiality Confidentiality involves a set of rules or a promise sometimes executed through confidentiality agreements that limits the access to or places restrictions on the distribution of certain types of information. Legal confidentiality By law, la ...

: unauthorised parties cannot have access to the transmitted and stored data; (2) data

integrity Integrity is the quality of being honest and having a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and Honesty, truthfulness or of one's actions. Integr ...

: intentional and unintentional

corruption Corruption is a form of dishonesty or a criminal offense that is undertaken by a person or an organization that is entrusted in a position of authority to acquire illicit benefits or abuse power for one's gain. Corruption may involve activities ...

of transmitted and stored data must be detected; (3)

non-repudiation In law, non-repudiation is a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challeng ...

: the sender cannot deny having sent a given message; (4) data availability: the transmitted and stored data should be available to authorised parties even with the

denial-of-service In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host con ...

(DOS) attacks. Information privacy regulations also require organisations to practice "reasonable security"
California's SB-327 Information privacy: connected devices
"would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorised access, destruction, use, modification, or disclosure, as specified". As each organisation's environment is unique, it can prove challenging to demonstrate what "reasonable security" is and what potential risks could be involved for the business. Oregon's HB2395 also "requires ''person that manufactures, sells or offers to sell connected device''manufacturer to equip connected device with reasonable security features that protect connected device and information that connected device 'collects, contains, stores or transmits''stores from access, destruction, modification, use or disclosure that consumer does not authorise." According to antivirus provider

Kaspersky Kaspersky Lab (; ) is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and A ...

, there were 639 million data breaches of IoT devices in 2020 and 1.5 billion breaches in the first six months of 2021. One method of overcoming the barrier of safety issues is the introduction of standards and certification of devices. In 2024, two voluntary and non-competing programs were proposed and launched in the United States: the US Cyber Trust Mark from The Federal Communications Commission and CSA's IoT Device Security Specification from the

Connectivity Standards Alliance The Connectivity Standards Alliance (CSA), formerly the Zigbee Alliance, is a group of companies that maintain and publish the Zigbee and Matter standard, along with several others. Membership Over the years, the Alliance's membership has gr ...

. The programs incorporate international expertise, with the CSA mark recognized by the Singapore Cybersecurity Agency. Compliance means that IoT devices can resist hacking, control hijacking and theft of confidential data.

Traditional governance structure

A study issued by Ericsson regarding the adoption of Internet of things among Danish companies identified a "clash between IoT and companies' traditional

governance Governance is the overall complex system or framework of Process, processes, functions, structures, Social norm, rules, Law, laws and Norms (sociology), norms born out of the Interpersonal relationship, relationships, Social interaction, intera ...

structures, as IoT still presents both uncertainties and a lack of historical precedence." Among the respondents interviewed, 60 percent stated that they "do not believe they have the organizational capabilities, and three of four do not believe they have the processes needed, to capture the IoT opportunity." This has led to a need to understand

organizational culture Organizational culture encompasses the shared norms, values, corporate language and behaviors - observed in schools, universities, not-for-profit groups, government agencies, and businesses - reflecting their core values and strategic direction. ...

in order to facilitate

organizational design Organizational architecture, also known as organizational design, is a field concerned with the creation of roles, processes, and formal reporting relationships in an organization. It refers to architecture metaphorically, as a structure which ...

processes and to test new

innovation management Innovation management is a combination of the management of innovation processes, and change management. It refers to product, business process, marketing and organizational innovation. Innovation management is the subject of ISO 56000 (formerl ...

practices. A lack of digital leadership in the age of

digital transformation Digital transformation (DT) is the process of adoption and implementation of digital technology by an organization in order to create new or modify existing products, services and operations by the means of translating business processes into a d ...

has also stifled innovation and IoT adoption to a degree that many companies, in the face of uncertainty, "were waiting for the market dynamics to play out", or further action in regards to IoT "was pending competitor moves, customer pull, or regulatory requirements". Some of these companies risk being "kodaked" – "Kodak was a market leader until digital disruption eclipsed film photography with digital photos" – failing to "see the disruptive forces affecting their industry" and "to truly embrace the new business models the disruptive change opens up". Scott Anthony has written in

Harvard Business Review ''Harvard Business Review'' (''HBR'') is a general management magazine published by Harvard Business Publishing, a not-for-profit, independent corporation that is an affiliate of Harvard Business School. ''HBR'' is published six times a year ...

that Kodak "created a digital camera, invested in the technology, and even understood that photos would be shared online" but ultimately failed to realize that "online photo sharing ''was'' the new business, not just a way to expand the printing business."

Business planning and project management

According to 2018 study, 70–75% of IoT deployments were stuck in the pilot or prototype stage, unable to reach scale due in part to a lack of business planning. Even though scientists, engineers, and managers across the world are continuously working to create and exploit the benefits of IoT products, there are some flaws in the governance, management and implementation of such projects. Despite tremendous forward momentum in the field of information and other underlying technologies, IoT still remains a complex area and the problem of how IoT projects are managed still needs to be addressed. IoT projects must be run differently than simple and traditional IT, manufacturing or construction projects. Because IoT projects have longer project timelines, a lack of skilled resources and several security/legal issues, there is a need for new and specifically designed project processes. The following management techniques should improve the success rate of IoT projects: * A separate research and development phase * A Proof-of-Concept/Prototype before the actual project begins * Project managers with interdisciplinary technical knowledge * Universally defined business and technical jargon

Notes

References

Bibliography

* * * * * {{Authority control Ambient intelligence Technology assessments Computing and society Digital technology 21st-century inventions