The Internet of things (IoT) describes physical objects (or groups of such objects) with sensors, processing ability,

software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...

and other technologies that connect and exchange data with other devices and systems over the

Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a ''internetworking, network of networks'' that consists ...

or other communications networks. Internet of things has been considered a

misnomer A misnomer is a name that is incorrectly or unsuitably applied. Misnomers often arise because something was named long before its correct nature was known, or because an earlier form of something has been replaced by a later form to which the name ...

because devices do not need to be connected to the public internet, they only need to be connected to a network and be individually addressable. The field has evolved due to the convergence of multiple

technologies Technology is the application of knowledge to reach practical goals in a specifiable and reproducible way. The word ''technology'' may also mean the product of such an endeavor. The use of technology is widely prevalent in medicine, science, ...

, including

ubiquitous computing Ubiquitous computing (or "ubicomp") is a concept in software engineering, hardware engineering and computer science where computing is made to appear anytime and everywhere. In contrast to desktop computing, ubiquitous computing can occur using ...

commodity In economics, a commodity is an economic good, usually a resource, that has full or substantial fungibility: that is, the market treats instances of the good as equivalent or nearly so with no regard to who produced them. The price of a co ...

sensors A sensor is a device that produces an output signal for the purpose of sensing a physical phenomenon. In the broadest definition, a sensor is a device, module, machine, or subsystem that detects events or changes in its environment and sends ...

, increasingly powerful

embedded system An embedded system is a computer system—a combination of a computer processor, computer memory, and input/output peripheral devices—that has a dedicated function within a larger mechanical or electronic system. It is ''embedded'' ...

s, as well as

machine learning Machine learning (ML) is a field of inquiry devoted to understanding and building methods that 'learn', that is, methods that leverage data to improve performance on some set of tasks. It is seen as a part of artificial intelligence. Machine ...

.Hu, J.; Niu, H.; Carrasco, J.; Lennox, B.; Arvin, F.,
Fault-tolerant cooperative navigation of networked UAV swarms for forest fire monitoring
Aerospace Science and Technology, 2022. Traditional fields of

wireless sensor network Wireless sensor networks (WSNs) refer to networks of spatially dispersed and dedicated sensors that monitor and record the physical conditions of the environment and forward the collected data to a central location. WSNs can measure environmental c ...

s, control systems,

automation Automation describes a wide range of technologies that reduce human intervention in processes, namely by predetermining decision criteria, subprocess relationships, and related actions, as well as embodying those predeterminations in machines ...

(including

home A home, or domicile, is a space used as a permanent or semi-permanent residence for one or many humans, and sometimes various companion animals. It is a fully or semi sheltered space and can have both interior and exterior aspects to it ...

and

building automation Building automation (BAS), also known as building management system (BMS) or building energy management system (BEMS), is the automatic centralized control of a building's HVAC (heating, ventilation and air conditioning), electrical, lighting, ...

), independently and collectively enable the Internet of things.Hu, J.; Lennox, B.; Arvin, F.,
Robust formation control for networked robotic systems using Negative Imaginary dynamics
Automatica, 2022. In the consumer market, IoT technology is most

synonymous A synonym is a word, morpheme, or phrase that means exactly or nearly the same as another word, morpheme, or phrase in a given language. For example, in the English language, the words ''begin'', ''start'', ''commence'', and ''initiate'' are all ...

with products pertaining to the concept of the "

smart home Smart or SMART may refer to: Arts and entertainment * ''Smart'' (Hey! Say! JUMP album), 2014 * Smart (Hotels.com), former mascot of Hotels.com * ''Smart'' (Sleeper album), 1995 debut album by Sleeper * ''SMart'', a children's television ser ...

", including devices and appliances (such as lighting fixtures,

thermostats A thermostat is a regulating device component which senses the temperature of a physical system and performs actions so that the system's temperature is maintained near a desired setpoint. Thermostats are used in any device or system tha ...

, home

security systems Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...

, cameras, and other home appliances) that support one or more common ecosystems, and can be controlled via devices associated with that ecosystem, such as

smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...

s and

smart speaker A smart speaker is a type of loudspeaker and voice command device with an integrated virtual assistant that offers interactive actions and hands-free activation with the help of one "hot word" (or several "hot words"). Some smart speakers can a ...

s. IoT is also used in healthcare systems. There are a number of concerns about the risks in the growth of IoT technologies and products, especially in the areas of

privacy Privacy (, ) is the ability of an individual or group to seclude themselves or information about themselves, and thereby express themselves selectively. The domain of privacy partially overlaps with security, which can include the concepts of a ...

and

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

, and consequently, industry and governmental moves to address these concerns have begun, including the development of international and local standards, guidelines, and regulatory frameworks.

History

The main concept of a network of

smart device A smart device is an electronic device, generally connected to other devices or networks via different wireless protocols (such as Bluetooth, Zigbee, near-field communication, Wi-Fi, LiFi, or 5G) that can operate to some extent interactively an ...

s was discussed as early as 1982, with a modified

Coca-Cola Coca-Cola, or Coke, is a carbonated soft drink manufactured by the Coca-Cola Company. Originally marketed as a temperance drink and intended as a patent medicine, it was invented in the late 19th century by John Stith Pemberton in Atla ...

vending machine A vending machine is an automated machine that provides items such as snacks, beverages, cigarettes, and lottery tickets to consumers after cash, a credit card, or other forms of payment are inserted into the machine or otherwise made. The fir ...

Carnegie Mellon University Carnegie Mellon University (CMU) is a private research university in Pittsburgh, Pennsylvania. One of its predecessors was established in 1900 by Andrew Carnegie as the Carnegie Technical Schools; it became the Carnegie Institute of Technology ...

becoming the first

ARPANET The Advanced Research Projects Agency Network (ARPANET) was the first wide-area packet-switched network with distributed control and one of the first networks to implement the TCP/IP protocol suite. Both technologies became the technical foun ...

-connected appliance, able to report its inventory and whether newly loaded drinks were cold or not.

Mark Weiser Mark D. Weiser (July 23, 1952 – April 27, 1999) was a computer scientist and chief technology officer (CTO) at Xerox PARC. Weiser is widely considered to be the father of ubiquitous computing, a term he coined in 1988. Within Silicon Valle ...

's 1991 paper on

, "The Computer of the 21st Century", as well as academic venues such as UbiComp and PerCom produced the contemporary vision of the IOT. In 1994, Reza Raji described the concept in ''

IEEE Spectrum ''IEEE Spectrum'' is a magazine edited by the Institute of Electrical and Electronics Engineers The Institute of Electrical and Electronics Engineers (IEEE) is a 501(c)(3) professional association for electronic engineering and electrical e ...

'' as "

oving Oving may refer to: * Oving, Buckinghamshire * Oving, West Sussex {{geodis Internet-of-things devices additionally will benefit from the stateless address auto-configuration present in IPv6, as it reduces the configuration overhead on the hosts, and the IETF 6LoWPAN header compression. To a large extent, the future of the Internet of things will not be possible without the support of IPv6; and consequently, the global adoption of IPv6 in the coming years will be critical for the successful development of the IoT in the future.

Application Layer

* ADRC defines an application layer protocol and supporting framework for implementing IoT applications.

Short-range wireless

Bluetooth mesh networking Bluetooth Mesh is a computer mesh networking standard based on Bluetooth Low Energy that allows for many-to-many communication over Bluetooth radio. The Bluetooth Mesh specifications were defined in the Mesh Profile and Mesh Model specifications ...

– Specification providing a mesh networking variant to

Bluetooth low energy Bluetooth Low Energy (Bluetooth LE, colloquially BLE, formerly marketed as Bluetooth Smart) is a wireless personal area network technology designed and marketed by the Bluetooth Special Interest Group (Bluetooth SIG) aimed at novel applications ...

(BLE) with an increased number of nodes and standardized application layer (Models). * Light-Fidelity (Li-Fi) – Wireless communication technology similar to the Wi-Fi standard, but using

visible light communication In telecommunications, visible light communication (VLC) is the use of visible light (light with a frequency of 400–800 THz/wavelength of 780–375 nm) as a transmission medium. VLC is a subset of optical wireless communications te ...

for increased bandwidth. *

Near-field communication Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1 in) or less. NFC offers a low-speed connection through a simple setup that can be u ...

(NFC) – Communication protocols enabling two electronic devices to communicate within a 4 cm range. *

Radio-frequency identification Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder, a radio receiver and transmitter. When triggered by an electrom ...

(RFID) – Technology using electromagnetic fields to read data stored in tags embedded in other items. *

Wi-Fi Wi-Fi () is a family of wireless network protocols, based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio w ...

– Technology for

local area network A local area network (LAN) is a computer network that interconnects computers within a limited area such as a residence, school, laboratory, university campus or office building. By contrast, a wide area network (WAN) not only covers a larger ...

ing based on the

IEEE 802.11 IEEE 802.11 is part of the IEEE 802 set of local area network (LAN) technical standards, and specifies the set of media access control (MAC) and physical layer (PHY) protocols for implementing wireless local area network (WLAN) computer commu ...

standard, where devices may communicate through a shared access point or directly between individual devices. *

Zigbee Zigbee is an IEEE 802.15.4-based specification for a suite of high-level communication protocols used to create personal area networks with small, low-power digital radios, such as for home automation, medical device data collection, and ...

– Communication protocols for

personal area network A personal area network (PAN) is a computer network for interconnecting electronic devices within an individual person's workspace. A PAN provides data transmission among devices such as computers, smartphones, tablets and personal digital ass ...

ing based on the IEEE 802.15.4 standard, providing low power consumption, low data rate, low cost, and high throughput. *

Z-Wave Z-Wave is a wireless communications protocol used primarily for residential and commercial building automation. It is a mesh network using low-energy radio waves to communicate from device to device, allowing for wireless control of smart home d ...

–

Wireless Wireless communication (or just wireless, when the context allows) is the transfer of information between two or more points without the use of an electrical conductor, optical fiber or other continuous guided medium for the transfer. The mos ...

communications protocol used primarily for

home automation Home automation or domotics is building automation for a home, called a smart home or smart house. A home automation system will monitor and/or control home attributes such as lighting, climate, entertainment systems, and appliances. It ...

and security applications

Medium-range wireless

* LTE-Advanced – High-speed communication specification for mobile networks. Provides enhancements to the LTE standard with extended coverage, higher throughput, and lower latency. * 5G - 5G wireless networks can be used to achieve the high communication requirements of the IoT and connect a large number of IoT devices, even when they are on the move. There are three features of 5G that are each considered to be useful for supporting particular elements of IoT: enhanced mobile broadband (eMBB), massive machine type communications (mMTC) and ultra-reliable low latency communications (URLLC).

Long-range wireless

* Low-power wide-area networking (LPWAN) – Wireless networks designed to allow long-range communication at a low data rate, reducing power and cost for transmission. Available LPWAN technologies and protocols:

LoRaWan Lora is a female given name and family name in the Spanish language of French origin meaning from Lorraine, a region in Northeastern France. As a given name, Lora may also be a variant of Laura or derived from an Italian hypocoristic of either ...

, Sigfox,

NB-IoT Narrowband Internet of things (NB-IoT) is a low-power wide-area network (LPWAN) radio technology standard developed by 3GPP for cellular devices and services. The specification was frozen in 3GPP Release 13 ( LTE Advanced Pro), in June 2016. Ot ...

, Weightless, RPMA. *

Very small aperture terminal A very-small-aperture terminal (VSAT) is a two-way satellite ground station with a dish antenna that is smaller than 3.8 meters. The majority of VSAT antennas range from 75 cm to 1.2 m. Bit rates, in most cases, range from 4 kbit/s up to 16 ...

(VSAT) –

Satellite A satellite or artificial satellite is an object intentionally placed into orbit in outer space. Except for passive satellites, most satellites have an electricity generation system for equipment on board, such as solar panels or radioiso ...

communication technology using small dish antennas for

narrowband Narrowband signals are signals that occupy a narrow range of frequencies or that have a small fractional bandwidth. In the audio spectrum, narrowband sounds are sounds that occupy a narrow range of frequencies. In telephony, narrowband is us ...

and

broadband In telecommunications, broadband is wide bandwidth data transmission which transports multiple signals at a wide range of frequencies and Internet traffic types, that enables messages to be sent simultaneously, used in fast internet connections. ...

data.

Wired

Ethernet Ethernet () is a family of wired computer networking technologies commonly used in local area networks (LAN), metropolitan area networks (MAN) and wide area networks (WAN). It was commercially introduced in 1980 and first standardized in ...

– General purpose networking standard using

twisted pair Twisted pair cabling is a type of wiring used for communications in which two conductors of a single circuit are twisted together for the purposes of improving electromagnetic compatibility. Compared to a single conductor or an untwisted ba ...

and

fiber optic An optical fiber, or optical fibre in Commonwealth English, is a flexible, transparency and translucency, transparent fiber made by Drawing (manufacturing), drawing glass (silica) or plastic to a diameter slightly thicker than that of a Hair ...

links in conjunction with hubs or

switches In electrical engineering, a switch is an electrical component that can disconnect or connect the conducting path in an electrical circuit, interrupting the electric current or diverting it from one conductor to another. The most common type ...

. *

Power-line communication Power-line communication (also known as power-line carrier or PLC) carries data on a conductor that is also used simultaneously for AC electric power transmission or electric power distribution to consumers. A wide range of power-line communicati ...

(PLC) – Communication technology using electrical wiring to carry power and data. Specifications such as

HomePlug HomePlug is the family name for various power line communications specifications under the HomePlug designation, each with unique capabilities and compatibility with other HomePlug specifications. Some HomePlug specifications target broadband ...

G.hn G.hn is a specification for home networking with data rates up to 2 Gbit/s and operation over four types of legacy wires: telephone wiring, coaxial cables, power lines and plastic optical fiber. A single G.hn semiconductor device is able to ne ...

utilize PLC for networking IoT devices.

Comparison of technologies by layer

Different technologies have different roles in a

protocol stack The protocol stack or network stack is an implementation of a computer networking protocol suite or protocol family. Some of these terms are used interchangeably but strictly speaking, the ''suite'' is the definition of the communication protoco ...

. Below is a simplifiedThe actual standards may use different terminology and/or define different layer borders than those presented here. presentation of the roles of several popular communication technologies in IoT applications:

Standards and standards organizations

This is a list of

technical standard A technical standard is an established norm or requirement for a repeatable technical task which is applied to a common and repeated use of rules, conditions, guidelines or characteristics for products or related processes and production methods, ...

s for the IoT, most of which are

open standard An open standard is a standard that is openly accessible and usable by anyone. It is also a prerequisite to use open license, non-discrimination and extensibility. Typically, anybody can participate in the development. There is no single definitio ...

s, and the

standards organization A standards organization, standards body, standards developing organization (SDO), or standards setting organization (SSO) is an organization whose primary function is developing, coordinating, promulgating, revising, amending, reissuing, interpr ...

s that aspire to successfully setting them.

Politics and civic engagement

Some scholars and activists argue that the IoT can be used to create new models of

civic engagement Civic engagement or civic participation is any individual or group activity addressing issues of public concern. Civic engagement includes communities working together or individuals working alone in both political and non-political actions to ...

if device networks can be open to user control and inter-operable platforms. Philip N. Howard, a professor and author, writes that political life in both democracies and authoritarian regimes will be shaped by the way the IoT will be used for civic engagement. For that to happen, he argues that any connected device should be able to divulge a list of the "ultimate beneficiaries" of its sensor data and that individual citizens should be able to add new organisations to the beneficiary list. In addition, he argues that civil society groups need to start developing their IoT strategy for making use of data and engaging with the public.

Government regulation

One of the key drivers of the IoT is data. The success of the idea of connecting devices to make them more efficient is dependent upon access to and storage & processing of data. For this purpose, companies working on the IoT collect data from multiple sources and store it in their cloud network for further processing. This leaves the door wide open for privacy and security dangers and single point vulnerability of multiple systems. The other issues pertain to consumer choice and ownership of data and how it is used. Though still in their infancy, regulations and governance regarding these issues of privacy, security, and data ownership continue to develop. IoT regulation depends on the country. Some examples of legislation that is relevant to privacy and data collection are: the US Privacy Act of 1974, OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data of 1980, and the EU Directive 95/46/EC of 1995. Current regulatory environment: A report published by the Federal Trade Commission (FTC) in January 2015 made the following three recommendations: *

Data security Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach. Technologies Disk encryption Disk encryption re ...

– At the time of designing IoT companies should ensure that data collection, storage and processing would be secure at all times. Companies should adopt a "defense in depth" approach and encrypt data at each stage. * Data consent – users should have a choice as to what data they share with IoT companies and the users must be informed if their data gets exposed. * Data minimisation – IoT companies should collect only the data they need and retain the collected information only for a limited time. However, the FTC stopped at just making recommendations for now. According to an FTC analysis, the existing framework, consisting of the

FTC Act The Federal Trade Commission Act of 1914 was a United States federal law which established the Federal Trade Commission. The Act was signed into law by US President Woodrow Wilson in 1914 and outlaws unfair methods of competition and unfair acts ...

, the

Fair Credit Reporting Act The Fair Credit Reporting Act (FCRA), 15 U.S.C. § 1681 ''et seq'', is U.S. Federal Government legislation enacted to promote the accuracy, fairness, and privacy of consumer information contained in the files of consumer reporting agencies. It ...

, and the

Children's Online Privacy Protection Act The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law, located at (). The act, effective April 21, 2000, applies to the online collection of personal information by persons or entities under U.S. juri ...

, along with developing consumer education and business guidance, participation in multi-stakeholder efforts and advocacy to other agencies at the federal, state and local level, is sufficient to protect consumer rights. A resolution passed by the Senate in March 2015, is already being considered by the Congress. This resolution recognized the need for formulating a National Policy on IoT and the matter of privacy, security and spectrum. Furthermore, to provide an impetus to the IoT ecosystem, in March 2016, a bipartisan group of four Senators proposed a bill, The Developing Innovation and Growing the Internet of Things (DIGIT) Act, to direct the

Federal Communications Commission The Federal Communications Commission (FCC) is an independent agency of the United States federal government that regulates communications by radio, television, wire, satellite, and cable across the United States. The FCC maintains jurisd ...

to assess the need for more spectrum to connect IoT devices. Approved on 28 September 2018, California Senate Bill No. 327 goes into effect on 1 January 2020. The bill requires "''a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure,''" Several standards for the IoT industry are actually being established relating to automobiles because most concerns arising from use of connected cars apply to healthcare devices as well. In fact, the

National Highway Traffic Safety Administration The National Highway Traffic Safety Administration (NHTSA ) is an agency of the U.S. federal government, part of the Department of Transportation. It describes its mission as "Save lives, prevent injuries, reduce vehicle-related crashes" rel ...

(NHTSA) is preparing cybersecurity guidelines and a database of best practices to make automotive computer systems more secure. A recent report from the World Bank examines the challenges and opportunities in government adoption of IoT. These include – * Still early days for the IoT in government * Underdeveloped policy and regulatory frameworks * Unclear business models, despite strong value proposition * Clear institutional and capacity gap in government AND the private sector * Inconsistent data valuation and management * Infrastructure a major barrier * Government as an enabler * Most successful pilots share common characteristics (public-private partnership, local, leadership) In early December 2021, the U.K. government introduced the

Product Security and Telecommunications Infrastructure bill Product may refer to: Business * Product (business), an item that serves as a solution to a specific consumer problem. * Product (project management), a deliverable or set of deliverables that contribute to a business solution Mathematics * Produ ...

(PST), an effort to legislate IoT distributors, manufacturers, and importers to meet certain

cybersecurity standards IT security standards or cyber security standards are techniques generally outlined in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all ...

. The bill also seeks to improve the security credentials of consumer IoT devices.

Criticism, problems and controversies

Platform fragmentation

The IoT suffers from

platform fragmentation Fragmentation in a technology market happens when a market is composed of multiple highly-incompatible technologies or technology stacks, forcing prospective buyers of a single product to commit to an entire product ecosystem, rather than maintain ...

, lack of interoperability and common

s a situation where the variety of IoT devices, in terms of both hardware variations and differences in the software running on them, makes the task of developing applications that work consistently between different inconsistent technology

ecosystem An ecosystem (or ecological system) consists of all the organisms and the physical environment with which they interact. These biotic and abiotic components are linked together through nutrient cycles and energy flows. Energy enters the syst ...

s hard. For example, wireless connectivity for IoT devices can be done using

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limit ...

LoRa Lora is a female given name and family name in the Spanish language of French origin meaning from Lorraine, a region in Northeastern France. As a given name, Lora may also be a variant of Laura or derived from an Italian hypocoristic of either ...

, Cat M1 as well as completely custom proprietary radios – each with its own advantages and disadvantages; and unique support ecosystem. The IoT's

amorphous computing Amorphous computing refers to computational systems that use very large numbers of identical, parallel processors each having limited computational ability and local interactions. The term Amorphous Computing was coined at MIT in 1996 in a paper en ...

nature is also a problem for security, since patches to bugs found in the core operating system often do not reach users of older and lower-price devices. One set of researchers say that the failure of vendors to support older devices with patches and updates leaves more than 87% of active Android devices vulnerable.

Privacy, autonomy, and control

Philip N. Howard, a professor and author, writes that the Internet of things offers immense potential for empowering citizens, making government transparent, and broadening

information access Information access is the freedom or ability to identify, obtain and make use of Databases, database or information effectively. There are various research efforts in information access for which the objective is to simplify and make it more ef ...

. Howard cautions, however, that privacy threats are enormous, as is the potential for social control and political manipulation. Concerns about privacy have led many to consider the possibility that big data infrastructures such as the Internet of things and data mining are inherently incompatible with privacy. Key challenges of increased digitalization in the water, transport or energy sector are related to privacy and

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, th ...

which necessitate an adequate response from research and policymakers alike. Writer

Adam Greenfield Adam Greenfield is an American writer and urbanist, based in London. He was born in Philadelphia, Pennsylvania in 1968. Early life Greenfield attended New York University, graduating with a degree in Cultural studies in 1989. Between 1995 and ...

claims that IoT technologies are not only an invasion of public space but are also being used to perpetuate normative behavior, citing an instance of billboards with hidden cameras that tracked the demographics of passersby who stopped to read the advertisement. The Internet of Things Council compared the increased prevalence of

digital surveillance Computer and network surveillance is the monitoring of computer activity and data stored locally on a computer or data being transferred over computer networks such as the Internet. This monitoring is often carried out covertly and may be comple ...

due to the Internet of things to the conceptual

panopticon The panopticon is a type of institutional building and a system of control designed by the English philosopher and social theorist Jeremy Bentham in the 18th century. The concept of the design is to allow all prisoners of an institution to be o ...

described by

Jeremy Bentham Jeremy Bentham (; 15 February 1748 O.S. 4 February 1747">Old_Style_and_New_Style_dates.html" ;"title="nowiki/>Old Style and New Style dates">O.S. 4 February 1747ref name="Johnson2012" /> – 6 June 1832) was an English philosopher, jurist, an ...

in the 18th Century. The assertion was defended by the works of French philosophers

Michel Foucault Paul-Michel Foucault (, ; ; 15 October 192625 June 1984) was a French philosopher, historian of ideas, writer, political activist, and literary critic. Foucault's theories primarily address the relationship between power and knowledge, and ho ...

and Gilles Deleuze. In ''Discipline and Punish: The Birth of the Prison'' Foucault asserts that the panopticon was a central element of the discipline society developed during the

Industrial Era The Industrial Revolution was the transition to new manufacturing processes in Great Britain, continental Europe, and the United States, that occurred during the period from around 1760 to about 1820–1840. This transition included going f ...

. Foucault also argued that the discipline systems established in factories and school reflected Bentham's vision of

panopticism The panopticon is a type of institutional building and a system of control designed by the English philosopher and social theorist Jeremy Bentham in the 18th century. The concept of the design is to allow all prisoners of an institution to be ...

. In his 1992 paper "Postscripts on the Societies of Control," Deleuze wrote that the discipline society had transitioned into a control society, with the computer replacing the

as an instrument of discipline and control while still maintaining the qualities similar to that of panopticism.

Peter-Paul Verbeek Peter-Paul Verbeek (born 6 December 1970, in Middelburg) is Rector Magnificus of the University of Amsterdam and Professor of Philosophy and Ethics of Science and Technology in a Changing World since 1 October 2022. Prior to his appointment in ...

, a professor of philosophy of technology at the

University of Twente The University of Twente (Dutch: ''Universiteit Twente''; , abbr. ) is a public technical university located in Enschede, Netherlands. The university has been placed in the top 170 universities in the world by multiple central ranking tables. I ...

, Netherlands, writes that technology already influences our moral decision making, which in turn affects human agency, privacy and autonomy. He cautions against viewing technology merely as a human tool and advocates instead to consider it as an active agent. Justin Brookman, of the

Center for Democracy and Technology Centre for Democracy & Technology (CDT) is a Washington, D.C.-based 501(c)(3) nonprofit organisation that advocates for digital rights and freedom of expression. CDT seeks to promote legislation that enables individuals to use the internet for p ...

, expressed concern regarding the impact of the IoT on

consumer privacy Consumer privacy is information privacy as it relates to the consumers of products and services. A variety of social, legal and political issues arise from the interaction of the public's potential expectation of privacy and the collection and di ...

, saying that "There are some people in the commercial space who say, 'Oh, big data – well, let's collect everything, keep it around forever, we'll pay for somebody to think about security later.' The question is whether we want to have some sort of policy framework in place to limit that."

Tim O'Reilly Tim O'Reilly (born 6 June 1954) is the founder of O'Reilly Media (formerly O'Reilly & Associates). He popularised the terms open source and Web 2.0. Education and early life Born in County Cork, Ireland, Tim O'Reilly moved to San Francisco, Ca ...

believes that the way companies sell the IoT devices on consumers are misplaced, disputing the notion that the IoT is about gaining efficiency from putting all kinds of devices online and postulating that the "IoT is really about human augmentation. The applications are profoundly different when you have sensors and data driving the decision-making." Editorials at

WIRED ''Wired'' (stylized as ''WIRED'') is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San Fran ...

have also expressed concern, one stating "What you're about to lose is your privacy. Actually, it's worse than that. You aren't just going to lose your privacy, you're going to have to watch the very concept of privacy be rewritten under your nose." The

American Civil Liberties Union The American Civil Liberties Union (ACLU) is a nonprofit organization founded in 1920 "to defend and preserve the individual rights and liberties guaranteed to every person in this country by the Constitution and laws of the United States". ...

(ACLU) expressed concern regarding the ability of IoT to erode people's control over their own lives. The ACLU wrote that "There's simply no way to forecast how these immense powers – disproportionately accumulating in the hands of corporations seeking financial advantage and governments craving ever more control – will be used. Chances are big data and the Internet of Things will make it harder for us to control our own lives, as we grow increasingly transparent to powerful corporations and government institutions that are becoming more opaque to us." In response to rising concerns about privacy and smart technology, in 2007 the

British Government ga, Rialtas a Shoilse gd, Riaghaltas a Mhòrachd , image = HM Government logo.svg , image_size = 220px , image2 = Royal Coat of Arms of the United Kingdom (HM Government).svg , image_size2 = 180px , caption = Royal Arms , date_est ...

stated it would follow formal

Privacy by Design Privacy by design is an approach to systems engineering initially developed by Ann Cavoukian and formalized in a joint report on privacy-enhancing technologies by a joint team of the Information and Privacy Commissioner of Ontario (Canada), the Du ...

principles when implementing their smart metering program. The program would lead to replacement of traditional power meters with smart power meters, which could track and manage energy usage more accurately. However the

British Computer Society Sir Maurice Wilkes served as the first President of BCS in 1957 BCS, The Chartered Institute for IT, known as the British Computer Society until 2009, is a professional body and a learned society that represents those working in infor ...

is doubtful these principles were ever actually implemented. In 2009 the

Dutch Parliament The States General of the Netherlands ( nl, Staten-Generaal ) is the supreme bicameral legislature of the Netherlands consisting of the Senate () and the House of Representatives (). Both chambers meet at the Binnenhof in The Hague. The States G ...

rejected a similar smart metering program, basing their decision on privacy concerns. The Dutch program later revised and passed in 2011.

Data storage

A challenge for producers of IoT applications is to

clean Clean may refer to: * Cleaning, the process of removing unwanted substances, such as dirt, infectious agents, and other impurities, from an object or environment * Cleanliness, the state of being clean and free from dirt Arts and media Music Al ...

, process and interpret the vast amount of data which is gathered by the sensors. There is a solution proposed for the analytics of the information referred to as Wireless Sensor Networks. These networks share data among sensor nodes that are sent to a distributed system for the analytics of the sensory data. Another challenge is the storage of this bulk data. Depending on the application, there could be high data acquisition requirements, which in turn lead to high storage requirements. Currently the Internet is already responsible for 5% of the total energy generated, and a "daunting challenge to power" IoT devices to collect and even store data still remains. Data silos, although a common challenge of legacy systems, still commonly occur with the implementation of IoT devices, particularly within manufacturing. As there are a lot of benefits to be gained from IoT and IIoT devices, the means in which the data is stored can present serious challenges without the principles of autonomy, transparency, and interoperability being considered. The challenges do not occur by the device itself, but the means in which databases are warehouses are set-up. These challenges were commonly identified in manufactures and enterprises which have begun upon digital transformation, and are part of the digital foundation, indicating that in order to receive the optimal benefits from IoT devices and for decision making, enterprises will have to first re-align their data storing methods. These challenges were identified by Keller (2021) when investigating the IT and application landscape of I4.0 implementation within German M&E manufactures.

Security

Security is the biggest concern in adopting Internet of things technology, with concerns that rapid development is happening without appropriate consideration of the profound security challenges involved and the regulatory changes that might be necessary. The rapid development of the Internet of Things (IoT) has allowed billions of devices to connect to the network. Due to too many connected devices and the limitation of communication security technology, various security issues gradually appear in the IoT. Most of the technical security concerns are similar to those of conventional servers, workstations and smartphones. These concerns include using weak authentication, forgetting to change default credentials, unencrypted messages sent between devices,

SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL inj ...

Man-in-the-middle attack In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

s, and poor handling of security updates. However, many IoT devices have severe operational limitations on the computational power available to them. These constraints often make them unable to directly use basic security measures such as implementing firewalls or using strong cryptosystems to encrypt their communications with other devices - and the low price and consumer focus of many devices makes a robust security patching system uncommon. Rather than conventional security vulnerabilities, fault injection attacks are on the rise and targeting IoT devices. A fault injection attack is a physical attack on a device to purposefully introduce faults in the system to change the intended behavior. Faults might happen unintentionally by environmental noises and electromagnetic fields. There are ideas stemmed from control-flow integrity (CFI) to prevent fault injection attacks and system recovery to a healthy state before the fault. Internet of things devices also have access to new areas of data, and can often control physical devices, so that even by 2014 it was possible to say that many Internet-connected appliances could already "spy on people in their own homes" including televisions, kitchen appliances, cameras, and thermostats. Computer-controlled devices in automobiles such as brakes, engine, locks, hood and trunk releases, horn, heat, and dashboard have been shown to be vulnerable to attackers who have access to the on-board network. In some cases, vehicle computer systems are Internet-connected, allowing them to be exploited remotely. By 2008 security researchers had shown the ability to remotely control pacemakers without authority. Later hackers demonstrated remote control of insulin pumps and implantable cardioverter defibrillators. Poorly secured Internet-accessible IoT devices can also be subverted to attack others. In 2016, a

distributed denial of service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...

powered by Internet of things devices running the Mirai malware took down a DNS provider and major web sites. The Mirai Botnet had infected roughly 65,000 IoT devices within the first 20 hours. Eventually the infections increased to around 200,000 to 300,000 infections. Brazil, Colombia and Vietnam made up of 41.5% of the infections. The Mirai Botnet had singled out specific IoT devices that consisted of DVRs, IP cameras, routers and printers. Top vendors that contained the most infected devices were identified as Dahua, Huawei, ZTE, Cisco, ZyXEL and MikroTik. In May 2017,

Junade Ali Junade Ali is a British computer scientist known for research in cybersecurity.CEng registration number ''673221''. https://www.engc.org.uk/regcheck Ali studied for a Master of Science degree aged 17 and was awarded Chartered Engineer status b ...

, a Computer Scientist at

Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...

noted that native DDoS vulnerabilities exist in IoT devices due to a poor implementation of the

Publish–subscribe pattern In software architecture, publish–subscribe is a messaging pattern where senders of messages, called publishers, do not program the messages to be sent directly to specific receivers, called subscribers, but instead categorize published me ...

. These sorts of attacks have caused security experts to view IoT as a real threat to Internet services. The U.S.

National Intelligence Council The National Intelligence Council (NIC), established in 1979 and reporting to the Director of National Intelligence, bridges the United States Intelligence Community (IC) with policy makers in the United States. The NIC produces the "Global Tren ...

in an unclassified report maintains that it would be hard to deny "access to networks of sensors and remotely-controlled objects by enemies of the United States, criminals, and mischief makers... An open market for aggregated sensor data could serve the interests of commerce and security no less than it helps criminals and spies identify vulnerable targets. Thus, massively parallel

sensor fusion Sensor fusion is the process of combining sensor data or data derived from disparate sources such that the resulting information has less uncertainty than would be possible when these sources were used individually. For instance, one could potentia ...

may undermine social cohesion, if it proves to be fundamentally incompatible with Fourth-Amendment guarantees against unreasonable search." In general, the intelligence community views the Internet of things as a rich source of data. On 31 January 2019, the Washington Post wrote an article regarding the security and ethical challenges that can occur with IoT doorbells and cameras: "Last month, Ring got caught allowing its team in Ukraine to view and annotate certain user videos; the company says it only looks at publicly shared videos and those from Ring owners who provide consent. Just last week, a California family's Nest camera let a hacker take over and broadcast fake audio warnings about a missile attack, not to mention peer in on them, when they used a weak password" There have been a range of responses to concerns over security. The Internet of Things Security Foundation (IoTSF) was launched on 23 September 2015 with a mission to secure the Internet of things by promoting knowledge and best practice. Its founding board is made from technology providers and telecommunications companies. In addition, large IT companies are continually developing innovative solutions to ensure the security of IoT devices. In 2017, Mozilla launched

Project Things A project is any undertaking, carried out individually or collaboratively and possibly involving research or design, that is carefully planned to achieve a particular goal. An alternative view sees a project managerially as a sequence of even ...

, which allows to route IoT devices through a safe Web of Things gateway. As per the estimates from KBV Research, the overall IoT security market would grow at 27.9% rate during 2016–2022 as a result of growing infrastructural concerns and diversified usage of Internet of things. Governmental regulation is argued by some to be necessary to secure IoT devices and the wider Internet – as market incentives to secure IoT devices is insufficient. It was found that due to the nature of most of the IoT development boards, they generate predictable and weak keys which make it easy to be utilized by

Man-in-the-middle In cryptography and computer security, a man-in-the-middle, monster-in-the-middle, machine-in-the-middle, monkey-in-the-middle, meddler-in-the-middle, manipulator-in-the-middle (MITM), person-in-the-middle (PITM) or adversary-in-the-middle (AiTM) ...

attack. However, various hardening approaches were proposed by many researchers to resolve the issue of SSH weak implementation and weak keys. IoT security within the field of manufacturing presents different challenges, and varying perspectives. Within the EU and Germany, data protection is constantly referenced throughout manufacturing and digital policy particularly that of I4.0. However, the attitude towards data security differs from the enterprise perspective whereas there is an emphasis on less data protection in the form of GDPR as the data being collected from IoT devices in the manufacturing sector does not display personal details. Yet, research has indicated that manufacturing experts are concerned about "data security for protecting machine technology from international competitors with the ever-greater push for interconnectivity".

Safety

IoT systems are typically controlled by event-driven smart apps that take as input either sensed data, user inputs, or other external triggers (from the Internet) and command one or more actuators towards providing different forms of automation. Examples of sensors include smoke detectors, motion sensors, and contact sensors. Examples of actuators include smart locks, smart power outlets, and door controls. Popular control platforms on which third-party developers can build smart apps that interact wirelessly with these sensors and actuators include Samsung's SmartThings, Apple's HomeKit, and Amazon's Alexa, among others. A problem specific to IoT systems is that buggy apps, unforeseen bad app interactions, or device/communication failures, can cause unsafe and dangerous physical states, e.g., "unlock the entrance door when no one is at home" or "turn off the heater when the temperature is below 0 degrees Celsius and people are sleeping at night". Detecting flaws that lead to such states, requires a holistic view of installed apps, component devices, their configurations, and more importantly, how they interact. Recently, researchers from the University of California Riverside have proposed IotSan, a novel practical system that uses model checking as a building block to reveal "interaction-level" flaws by identifying events that can lead the system to unsafe states. They have evaluated IotSan on the Samsung SmartThings platform. From 76 manually configured systems, IotSan detects 147 vulnerabilities (i.e., violations of safe physical states/properties).

Design

Given widespread recognition of the evolving nature of the design and management of the Internet of things, sustainable and secure deployment of IoT solutions must design for "anarchic scalability." Application of the concept of anarchic scalability can be extended to physical systems (i.e. controlled real-world objects), by virtue of those systems being designed to account for uncertain management futures. This hard anarchic scalability thus provides a pathway forward to fully realize the potential of Internet-of-things solutions by selectively constraining physical systems to allow for all management regimes without risking physical failure. Brown University computer scientist

Michael Littman Michael Lederman Littman (born August 30, 1966) is a computer scientist, researcher, educator, and author. His research interests focus on reinforcement learning. He is currently a University Professor of Computer Science at Brown University, w ...

has argued that successful execution of the Internet of things requires consideration of the interface's usability as well as the technology itself. These interfaces need to be not only more user-friendly but also better integrated: "If users need to learn different interfaces for their vacuums, their locks, their sprinklers, their lights, and their coffeemakers, it's tough to say that their lives have been made any easier."

Environmental sustainability impact

A concern regarding Internet-of-things technologies pertains to the environmental impacts of the manufacture, use, and eventual disposal of all these semiconductor-rich devices. Modern electronics are replete with a wide variety of heavy metals and rare-earth metals, as well as highly toxic synthetic chemicals. This makes them extremely difficult to properly recycle. Electronic components are often incinerated or placed in regular landfills. Furthermore, the human and environmental cost of mining the rare-earth metals that are integral to modern electronic components continues to grow. This leads to societal questions concerning the environmental impacts of IoT devices over their lifetime.

Intentional obsolescence of devices

The

Electronic Frontier Foundation The Electronic Frontier Foundation (EFF) is an international non-profit digital rights group based in San Francisco, California. The foundation was formed on 10 July 1990 by John Gilmore, John Perry Barlow and Mitch Kapor to promote Internet ...

has raised concerns that companies can use the technologies necessary to support connected devices to intentionally disable or " brick" their customers' devices via a remote software update or by disabling a service necessary to the operation of the device. In one example,

devices sold with the promise of a "Lifetime Subscription" were rendered useless after

Nest Labs Google Nest is a line of home automation, smart home products including smart speakers, smart displays, streaming devices, Smart thermostat, thermostats, smoke detectors, Router (computing), routers and security alarms, security systems includ ...

acquired Revolv and made the decision to shut down the central servers the Revolv devices had used to operate. As Nest is a company owned by

Alphabet An alphabet is a standardized set of basic written graphemes (called letters) that represent the phonemes of certain spoken languages. Not all writing systems represent language in this way; in a syllabary, each character represents a s ...

( Google's parent company), the EFF argues this sets a "terrible precedent for a company with ambitions to sell self-driving cars, medical devices, and other high-end gadgets that may be essential to a person's livelihood or physical safety." Owners should be free to point their devices to a different server or collaborate on improved software. But such action violates the United States

DMCA The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization (WIPO). It criminalizes production and dissemination of technology, devices, or ...

section 1201, which only has an exemption for "local use". This forces tinkerers who want to keep using their own equipment into a legal grey area. EFF thinks buyers should refuse electronics and software that prioritize the manufacturer's wishes above their own. Examples of post-sale manipulations include

Google Nest Google Nest is a line of smart home products including smart speakers, smart displays, streaming devices, thermostats, smoke detectors, routers and security systems including smart doorbells, cameras and smart locks. The Nest brand nam ...

Revolv, disabled privacy settings on Android, Sony disabling

Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which i ...

PlayStation 3 The PlayStation 3 (PS3) is a home video game console developed by Sony Interactive Entertainment, Sony Computer Entertainment. The successor to the PlayStation 2, it is part of the PlayStation brand of consoles. It was first released on Novemb ...

, enforced

EULA An end-user license agreement or EULA () is a legal contract between a software supplier and a customer or end-user, generally made available to the customer via a retailer acting as an intermediary. A EULA specifies in detail the rights and restr ...

Wii U The Wii U ( ) is a home video game console developed by Nintendo as the successor to the Wii. Released in late 2012, it is the first eighth-generation video game console and competed with Microsoft's Xbox One and Sony's PlayStation 4. Th ...

Confusing terminology

Kevin Lonergan at ''Information Age'', a business technology magazine, has referred to the terms surrounding the IoT as a "terminology zoo". The lack of clear terminology is not "useful from a practical point of view" and a "source of confusion for the end user". A company operating in the IoT space could be working in anything related to sensor technology, networking, embedded systems, or analytics. According to Lonergan, the term IoT was coined before smart phones, tablets, and devices as we know them today existed, and there is a long list of terms with varying degrees of overlap and

technological convergence Technological convergence is the tendency for technology, technologies that were originally unrelated to become more closely integrated and even unified as they develop and advance. For example, watches, telephones, television, computers, and so ...

: Internet of things, Internet of everything (IoE), Internet of goods (supply chain), industrial Internet,

pervasive computing Ubiquitous computing (or "ubicomp") is a concept in software engineering, hardware engineering and computer science where computing is made to appear anytime and everywhere. In contrast to desktop computing, ubiquitous computing can occur using ...

, pervasive sensing,

cyber-physical system A cyber-physical system (CPS) or intelligent system is a computer system in which a mechanism is controlled or monitored by computer-based algorithms. In cyber-physical systems, physical and software components are deeply intertwined, able to ope ...

s (CPS),

s (WSN),

smart object A smart object is an object that enhances the interaction with not only people but also with other smart objects. Also known as smart connected products or smart connected things (SCoT), they are products, assets and other things embedded with proc ...

s, digital twin, cyberobjects or avatars, cooperating objects,

machine to machine Machine to machine (M2M) is direct communication between devices using any communications channel, including wired and wireless. Machine to machine communication can include industrial instrumentation, enabling a sensor or meter to communicate th ...

(M2M), ambient intelligence (AmI),

Operational technology Operational technology (OT) is hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events''.'' The term has become established to demonstrate the technol ...

(OT), and

information technology Information technology (IT) is the use of computers to create, process, store, retrieve, and exchange all kinds of data . and information. IT forms part of information and communications technology (ICT). An information technology system ...

(IT). Regarding IIoT, an industrial sub-field of IoT, the

Industrial Internet Consortium The Industrial Internet Consortium rebranded as the Industry IoT Consortium in August 2021. The Industry IoT Consortium is a program of the Object Management Group (OMG). The Industry IoT Consortium (IIC) is an open membership organization, wit ...

's Vocabulary Task Group has created a "common and reusable vocabulary of terms" to ensure "consistent terminology" across publications issued by the Industrial Internet Consortium. IoT One has created an IoT Terms Database including a New Term Alert to be notified when a new term is published. , this database aggregates 807 IoT-related terms, while keeping material "transparent and comprehensive."

Adoption barriers

Lack of interoperability and unclear value propositions

Despite a shared belief in the potential of the IoT, industry leaders and consumers are facing barriers to adopt IoT technology more widely. Mike Farley argued in

Forbes ''Forbes'' () is an American business magazine owned by Integrated Whale Media Investments and the Forbes family. Published eight times a year, it features articles on finance, industry, investing, and marketing topics. ''Forbes'' also r ...

that while IoT solutions appeal to

early adopters An early adopter or lighthouse customer is an early customer of a given company, product, or technology. The term originates from Everett M. Rogers' ''Diffusion of Innovations'' (1962). History Typically, early adopters are customers who, in ad ...

, they either lack interoperability or a clear use case for end-users. A study by Ericsson regarding the adoption of IoT among Danish companies suggests that many struggle "to pinpoint exactly where the value of IoT lies for them".

Privacy and security concerns

As for IoT, especially in regards to consumer IoT, information about a user's daily routine is collected so that the "things" around the user can cooperate to provide better services that fulfill personal preference. When the collected information which describes a user in detail travels through multiple

hops Hops are the flowers (also called seed cones or strobiles) of the hop plant '' Humulus lupulus'', a member of the Cannabaceae family of flowering plants. They are used primarily as a bittering, flavouring, and stability agent in beer, to wh ...

in a network, due to a diverse integration of services, devices and network, the information stored on a device is vulnerable to

privacy violation The right to privacy is an element of various legal traditions that intends to restrain governmental and private actions that threaten the privacy of individuals. Over 150 national constitutions mention the right to privacy. On 10 December 1948 ...

by compromising nodes existing in an IoT network. For example, on 21 October 2016, a multiple

distributed denial of service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

(DDoS) attacks systems operated by

domain name system The Domain Name System (DNS) is a hierarchical and distributed naming system for computers, services, and other resources in the Internet or other Internet Protocol (IP) networks. It associates various information with domain names assigned ...

provider Dyn, which caused the inaccessibility of several websites, such as

GitHub GitHub, Inc. () is an Internet hosting service for software development and version control using Git. It provides the distributed version control of Git plus access control, bug tracking, software feature requests, task management, co ...

Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...

, and others. This attack is executed through a

botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its co ...

consisting of a large number of IoT devices including IP cameras, gateways, and even baby monitors. Fundamentally there are 4 security objectives that the IoT system requires: (1) data

confidentiality Confidentiality involves a set of rules or a promise usually executed through confidentiality agreements that limits the access or places restrictions on certain types of information. Legal confidentiality By law, lawyers are often required ...

: unauthorized parties cannot have access to the transmitted and stored data; (2) data

integrity Integrity is the practice of being honest and showing a consistent and uncompromising adherence to strong moral and ethical principles and values. In ethics, integrity is regarded as the honesty and truthfulness or accuracy of one's actions. In ...

: intentional and unintentional

corruption Corruption is a form of dishonesty or a criminal offense which is undertaken by a person or an organization which is entrusted in a position of authority, in order to acquire illicit benefits or abuse power for one's personal gain. Corruption m ...

of transmitted and stored data must be detected; (3)

non-repudiation Non-repudiation refers to a situation where a statement's author cannot successfully dispute its authorship or the validity of an associated contract. The term is often seen in a legal setting when the authenticity of a signature is being challenged ...

: the sender cannot deny having sent a given message; (4) data availability: the transmitted and stored data should be available to authorized parties even with the

denial-of-service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

(DOS) attacks. Information privacy regulations also require organizations to practice "reasonable security"
California's SB-327 Information privacy: connected devices
"would require a manufacturer of a connected device, as those terms are defined, to equip the device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure, as specified." As each organization's environment is unique, it can prove challenging to demonstrate what "reasonable security" is and what potential risks could be involved for the business. Oregon'
HB 2395
also "requires ''person that manufactures, sells or offers to sell connected device''] manufacturer to equip connected device with reasonable security features that protect connected device and information that connected device ''collects, contains, stores or transmits''] stores from access, destruction, modification, use or disclosure that consumer does not authorize." According to antivirus provider Kaspersky Lab, Kaspersky, there were 639 million data breaches of IoT devices in 2020 and 1.5 billion breaches in the first six months of 2021.

Traditional governance structure

A study issued by Ericsson regarding the adoption of Internet of things among Danish companies identified a "clash between IoT and companies' traditional

governance Governance is the process of interactions through the laws, norms, power or language of an organized society over a social system ( family, tribe, formal or informal organization, a territory or across territories). It is done by the ...

structures, as IoT still presents both uncertainties and a lack of historical precedence." Among the respondents interviewed, 60 percent stated that they "do not believe they have the organizational capabilities, and three of four do not believe they have the processes needed, to capture the IoT opportunity." This has led to a need to understand organizational culture in order to facilitate

organizational design An organizational structure defines how activities such as task allocation, coordination, and supervision are directed toward the achievement of organizational aims. Organizational structure affects organizational action and provides the founda ...

processes and to test new

innovation management Innovation management is a combination of the management of innovation processes, and change management. It refers to product, business process, marketing and organizational innovation. Innovation management is the subject of ISO 56000 (forme ...

practices. A lack of digital leadership in the age of

digital transformation Digital transformation is the adoption of digital technology by an organization to digitize non-digital products, services or operations. The goal for its implementation is to increase value through innovation, invention, customer experience or e ...

has also stifled innovation and IoT adoption to a degree that many companies, in the face of uncertainty, "were waiting for the market dynamics to play out", or further action in regards to IoT "was pending competitor moves, customer pull, or regulatory requirements." Some of these companies risk being "kodaked" – "Kodak was a market leader until digital disruption eclipsed film photography with digital photos" – failing to "see the disruptive forces affecting their industry" and "to truly embrace the new business models the disruptive change opens up." Scott Anthony has written in

Harvard Business Review ''Harvard Business Review'' (''HBR'') is a general management magazine published by Harvard Business Publishing, a wholly owned subsidiary of Harvard University. ''HBR'' is published six times a year and is headquartered in Brighton, Ma ...

that Kodak "created a digital camera, invested in the technology, and even understood that photos would be shared online" but ultimately failed to realize that "online photo sharing ''was'' the new business, not just a way to expand the printing business."

Business planning and project management

According to 2018 study, 70–75% of IoT deployments were stuck in the pilot or prototype stage, unable to reach scale due in part to a lack of business planning. Even though scientists, engineers, and managers across the world are continuously working to create and exploit the benefits of IoT products, there are some flaws in the governance, management and implementation of such projects. Despite tremendous forward momentum in the field of information and other underlying technologies, IoT still remains a complex area and the problem of how IoT projects are managed still needs to be addressed. IoT projects must be run differently than simple and traditional IT, manufacturing or construction projects. Because IoT projects have longer project timelines, a lack of skilled resources and several security/legal issues, there is a need for new and specifically designed project processes. The following management techniques should improve the success rate of IoT projects: * A separate research and development phase * A Proof-of-Concept/Prototype before the actual project begins * Project managers with interdisciplinary technical knowledge * Universally defined business and technical jargon

Notes

References

Bibliography

* * * * * {{Authority control Ambient intelligence Emerging technologies Technology assessments Computing and society Digital technology 21st-century inventions